Privacy Policy

Last Updated: January 5, 2026

BlackKiteAI ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered risk scoring, threat intelligence, and security analytics platform ("Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

• Create an Account: Name, email address, password, company name, job title
• Make Purchases: Billing information, payment details (processed securely through third-party payment processors)
• Contact Support: Email address, name, message content, and any information you choose to provide
• Use the Service: Resumes, documents, interview transcripts, queries, and other content you upload or generate
• Complete Surveys or Forms: Feedback, preferences, and responses to questionnaires

1.2 Automatically Collected Information

When you access or use our Service, we automatically collect:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on pages, click data, session duration
• Log Data: Access times, error logs, API calls, system activity
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies (see Section 5)
• Location Data: General geographic location based on IP address

1.3 Information from Third Parties

We may receive information from:

• Authentication Services: If you sign in using third-party services (e.g., Google, Microsoft)
• Payment Processors: Transaction confirmation and payment status
• Analytics Providers: Aggregated usage statistics and performance metrics
• Public Sources: Publicly available cybersecurity threat data and risk intelligence

1.4 Sensitive Information

We do not intentionally collect sensitive personal information such as social security numbers, health information, or financial account details (other than payment information processed by our payment processors). If you upload documents containing sensitive information, you do so at your own discretion and risk.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision and Improvement

• Provide, operate, and maintain the Service
• Process your transactions and manage your account
• Generate AI-powered risk assessments, threat intelligence, and security analytics
• Train and improve our machine learning models and algorithms
• Develop new features and enhance existing functionality
• Monitor and analyze usage patterns and trends
• Conduct research and development

2.2 Communication

• Send you service-related communications (account verification, updates, security alerts)
• Respond to your inquiries, requests, and support tickets
• Send promotional communications, newsletters, and marketing materials (with your consent)
• Request feedback and conduct surveys

2.3 Security and Compliance

• Detect, prevent, and address fraud, abuse, and security incidents
• Enforce our Terms and Conditions and other policies
• Comply with legal obligations and regulatory requirements
• Protect our rights, property, and safety, and those of our users
• Conduct security audits and vulnerability assessments

2.4 Analytics and Personalization

• Analyze usage patterns to improve user experience
• Personalize content and recommendations
• Measure the effectiveness of our marketing campaigns
• Create aggregated, anonymized statistics for business purposes

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to fulfill our contract with you (providing the Service)
• Legitimate Interests: Processing necessary for our legitimate business interests (improving the Service, security, fraud prevention)
• Consent: Where you have given explicit consent (marketing communications, optional features)
• Legal Obligation: Processing required to comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We engage third-party companies to perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Azure, Google Cloud)
• Payment processing services (e.g., Stripe, PayPal)
• Email delivery and communication platforms
• Analytics and monitoring tools
• Customer support platforms
• AI and machine learning service providers

These service providers are contractually obligated to protect your information and use it only for the purposes for which it is disclosed.

4.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.3 Legal Requirements

We may disclose your information when required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms and Conditions or other agreements
• Protect the rights, property, or safety of BlackKiteAI, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience.

5.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Performance Cookies: Collect information about how you use the Service (analytics, error tracking)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity to deliver personalized ads and measure campaign effectiveness

5.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service. You can also opt out of interest-based advertising through industry opt-out tools.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for a reasonable period after account closure
• Transaction Records: Retained for legal, tax, and accounting purposes (typically 7 years)
• Usage Data: Retained for analytical purposes (typically 12-24 months)
• Marketing Data: Retained until you withdraw consent or opt out
• Legal Holds: Data may be retained longer if subject to legal proceedings or investigations

After the retention period expires, we securely delete or anonymize your information.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection and security practices
• Incident response and breach notification procedures
• Multi-factor authentication options
• Secure backup and disaster recovery systems

While we strive to protect your information, no method of transmission or storage is 100% secure. You acknowledge that you provide information at your own risk.

8. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have the following rights:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request a copy of your data in a structured, machine-readable format
• Object: Object to processing of your personal information for certain purposes
• Restrict: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing based on consent

8.2 GDPR Rights (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR:

• Right to lodge a complaint with your local data protection authority
• Right to object to automated decision-making and profiling
• Right to be informed about data breaches affecting your personal data

8.3 CCPA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, disclose, and sell
• Right to delete personal information (subject to exceptions)
• Right to opt out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

8.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@blackkiteai.com. We will respond to your request within 30 days (or as required by applicable law). We may require verification of your identity before processing your request.

8.5 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us directly. Note that you will still receive service-related communications even if you opt out of marketing.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding Corporate Rules or other approved mechanisms

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.

11. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not owned or controlled by BlackKiteAI. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

12. AI and Machine Learning

Our Service uses artificial intelligence and machine learning technologies to provide risk scoring, threat intelligence, and security analytics. Your data may be used to:

• Train and improve our AI models
• Generate personalized risk assessments and recommendations
• Identify patterns and anomalies in cybersecurity data
• Enhance the accuracy and performance of our algorithms

We implement measures to protect your privacy in our AI processes, including data anonymization, access controls, and model security. However, AI-generated outputs may contain errors or inaccuracies, and you should verify any critical information.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. We will provide information about the breach, the types of data affected, and steps we are taking to address the situation.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the Service or via email
• Obtain your consent if required by law

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

15. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry consensus on how to respond to DNT signals. Our Service does not currently respond to DNT browser signals or similar mechanisms.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BlackKiteAI Privacy Team

Email: support@blackkiteai.com

Subject Line: Privacy Inquiry

Response Time: Within 30 days

For GDPR-related inquiries, you may also contact our Data Protection Officer (DPO) at the same email address with "DPO Inquiry" in the subject line.

Consent

By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.