iq-boost.com ("we," "us," or "our")
Service: All features, functionalities, programs, and content available through iq-boost.com
Platform: Our website and related services accessible via any device
User: Any individual accessing or using our services ("you" or "your")
Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data
Data Controller: iq-boost.com, determining the purposes and means of processing personal data
Data Processor: Third parties that process personal data on our behalf
Cookie: Small text file stored on your device containing data about your platform usage
Authentication: Process of verifying user identity
Encryption: Process of encoding information to prevent unauthorized access
Token: Unique identifier used for secure authentication
SSL/TLS: Security protocols for encrypted data transmission
This privacy policy explains how iq-boost.com collects, uses, and protects your personal data. It provides detailed information about your privacy rights and how you can exercise them.
This policy applies to:
All users of iq-boost.com globally
All data collection methods
All service features and functionalities
All platform versions and updates
We reserve the right to update this policy
Material changes will be notified via email
Continued use after changes constitutes acceptance
A. Essential Data
Email address (required for authentication)
Name (collected during payment processing)
Last sign-in timestamp
Unique account identifiers
IP addresses
B. Optional Data
Phone number (if provided through payment processors)
User preferences and settings
Communication preferences
A. Test Results
Final IQ scores
Completion timestamps
Performance metrics
Note: Individual test answers are processed in real-time and are not stored
B. Interaction Data
Features accessed
Time spent on platform
Navigation patterns
Device information
We only receive and store limited payment information:
Tokenized payment method identifiers
Last four digits of payment cards
First six digits of payment cards
Card expiration dates
A. Device Information
Operating system and version
Browser type and version
Screen resolution
Device type and model
Language preferences
B. Connection Data
IP address
Network information
Connection type
Geographic location (derived from IP)
Time zone settings
C. Performance Data
Load times
Error messages
System performance metrics
Network latency
Application response times
A. Service Provision
Account creation and management
Authentication and security
Feature access and customization
Customer support
Service optimization
B. Payment Processing
Subscription management
Payment authorization
Fraud prevention
Transaction records
Billing support
C. Communication
Service updates and notifications
Security alerts
Product information
Support responses
Legal notices
A. Service Improvement
Usage pattern analysis
Feature optimization
Performance monitoring
User experience enhancement
Bug identification and resolution
B. Analytics and Research
Aggregate usage statistics
Trend analysis
Platform optimization
Feature development
Performance benchmarking
A. Contractual Necessity
Account management
Service provision
Payment processing
Feature access
Support services
B. Legal Obligations
Tax compliance
Financial records
Legal requirements
Regulatory compliance
Safety and security
C. Legitimate Interests
Service improvement
Fraud prevention
Security maintenance
Technical optimization
Business development
D. Consent-Based Processing
Marketing communications
Optional features
Third-party integrations
Analytics participation
Feature testing
All personal data is stored in secure European data centers
Data is transmitted globally using encrypted channels
We employ appropriate safeguards for international data transfers
Continuous compliance monitoring and security measures are in place
A. Authentication and Access
Multi-factor Authentication capability
Passwordless authentication via email
Single-use verification codes
Session management with automatic termination
Role-based access control
Principle of least privilege
Access logging and monitoring
Regular access reviews
Automated access termination
B. Data Protection
SOC2 Type 2 compliance
AES-256 encryption for data at rest
TLS encryption for data in transit
Security protocols for all data transmission
Regular security audits
C. System Security
DDoS Protection via Cloudflare
Intrusion detection systems
Regular security patching
Infrastructure monitoring
PCI DSS compliant payment processing
Tokenized payment information storage
No access to complete card numbers
Encrypted payment data transmission
Immediate security incident response
Regular compliance monitoring
Regular automated backups
Encrypted backup storage
Disaster recovery planning
Business continuity measures
Data restoration procedures
Geographic redundancy measures
Incident response procedures and protocols
Access control policies and enforcement
Security incident reporting framework
Change management procedures
Real-time system monitoring and security event logging
Performance tracking and analysis
Regular security reviews and assessments
Continuous compliance monitoring
Regular system updates
Vulnerability assessments
Security patch management
A data breach is defined as:
Unauthorized access to personal data
Accidental loss or destruction of personal data
Unauthorized disclosure of personal data
Any incident compromising data confidentiality, integrity, or availability
Upon discovering a potential breach, we will:
Immediately initiate our incident response plan
Assess the nature and scope of the breach
Take immediate steps to contain the breach
Document all aspects of the incident
Evaluate the risks to affected individuals
We will notify affected users:
Within 72 hours of breach confirmation
Through email notification
Our breach notifications will include:
Description of the incident
Types of data affected
Potential impact on users
Steps we've taken to address the breach
Recommended user actions
Contact information for questions
Resources for additional support
Where required by law, we will:
Notify relevant supervisory authorities
Comply with jurisdiction-specific requirements
Provide mandatory documentation
Cooperate with investigations
Implement required remedial measures
Following any breach, we will:
Conduct a thorough investigation
Implement additional security measures
Update procedures as necessary
Provide ongoing updates to affected users
Review and enhance security protocols
We utilize the following services to monitor and improve our platform:
Google Tag Manager: For managing analytics and marketing tags
Google Analytics: For user behavior analysis and service optimization
MixPanel: For user interaction tracking and feature usage analysis
Google BigQuery: For large-scale data analysis and reporting
Sentry: For error monitoring, performance tracking, and session recording
Cloudflare: For performance analytics and security monitoring
Through Sentry, we implement session recording with the following safeguards:
Automatic masking of all user inputs
No collection of personally identifiable information
Exclusion of all data entry fields
Anonymization of all user interactions
Usage limited to bug investigation and performance optimization
These services may collect:
Usage patterns
Feature interaction data
Performance metrics
Error information
Anonymized user flows
Aggregate statistics
We work with various advertising partners, including:
Facebook
Google
SnapChat
TikTok
Taboola
Outbrain
AppLovin
Pinterest
These partners may receive:
Anonymous identifiers
Email addresses (for advertising purposes)
Usage data
Device information
Interaction metrics
Our advertising partners may:
Track user interactions
Measure ad performance
Optimize ad targeting
Create audience segments
Analyze campaign effectiveness
Users can limit tracking through:
Browser cookie settings
Ad-blocker extensions
Device settings
Platform-specific controls
Digital Advertising Alliance (DAA) opt-out tools
Network Advertising Initiative (NAI) opt-out platform
Platform-specific advertising settings
Individual advertising partner opt-outs
Limiting tracking may affect:
Platform functionality
Service personalization
Feature availability
User experience
Note: Core service features will remain functional
All users have the following basic rights:
Access their personal data
Correct inaccurate data
Request data deletion (see Section 8.2 for procedures)
Object to processing
Data portability
Withdraw consent
A. Core Rights
Right to be informed
Right to access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights regarding automated decision-making 7.2.2 California Residents (CCPA/CPRA)
A. Additional Rights
Knowledge of personal information collection
Knowledge of information sharing
Deletion rights
Correction rights
Opt-out rights
Non-discrimination rights
Portability rights
A. Privacy Act Rights
Collection notification
Access rights
Correction rights
Purpose specification
Use limitation
Disclosure transparency
A. PIPEDA Rights
Access rights
Accuracy rights
Consent withdrawal
Use transparency
Protection expectations
All privacy rights requests can be submitted through any of our official contact channels listed in Section 12.2.
To protect your privacy, we require:
A. Initial Verification
Email verification
Account authentication (if applicable)
Identity documentation (if needed for sensitive requests)
B. Additional Verification
For sensitive requests or authorized agents:
Government-issued ID
Proof of authority (for agents)
Additional security checks as needed
We follow these standard response times for all requests:
Initial acknowledgment: Within 72 hours
Standard response time: 30 days
Maximum extension period: 45 days (with notification)
Appeal decisions: 30 days
Note: California residents receive acknowledgment within 10 days per CCPA requirements.
All personal data will be provided in:
Machine-readable format (CSV or JSON)
With complete data inventory
Via encrypted transmission
If you're unsatisfied with our response:
Submit appeal within 30 days
Include reason for appeal
Provide any additional information
Receive decision within 30 days
Account data: While account is active
Payment records: As required by law
Analytics data: For service improvement
Communication records: 2 years
Security logs: 13 months
Account deletion: 30-day process
Data removal: Systematic process
Backup removal: 90-day maximum
Verification process: Complete removal check
For users outside the European Union, we ensure appropriate data protection through:
Standard contractual clauses for international data transfers
Technical and organizational security measures
Regular compliance monitoring and assessments
Adherence to international data protection requirements
Continuous evaluation of data protection mechanisms
Before pursuing legal action, users must follow our escalation procedure:
A. First-Level Escalation:
Submit to escalations-leader@iq-boost.com
Include reference number and prior communication history
Response provided within 5 business days
B. Second-Level Escalation:
If unsatisfied, escalate to escalations-management@iq-boost.com
Senior management review
Final decision within 15 business days
C. Informal Dispute Resolution:
Following escalation process, parties will attempt informal resolution
30-day good-faith negotiation period
Direct communication to resolve disputes
If escalation and informal resolution are unsuccessful:
This privacy policy is governed by the laws of the Czech Republic
Any legal proceedings shall be exclusively resolved through binding arbitration as detailed in Section 14 of our Terms and Conditions
Arbitration shall be conducted by the American Arbitration Association
Users expressly consent to the personal jurisdiction of Czech courts for matters exempt from arbitration
All claims must be brought within six months of the incident date
For complete dispute resolution procedures, including arbitration rules, exceptions, and class action waiver, please refer to Section 14 of our Terms and Conditions.
Minimum age: 18 years
No intentional collection from minors
Account termination if underage discovered
We reserve the right to modify this privacy policy at any time.
A. Material Changes
Changes that significantly affect your rights or our obligations:
Major changes to data sharing with third parties
Fundamental changes to data processing purposes
Significant changes to user privacy rights
B. Non-Material Changes
Changes that don't substantially affect your rights, including but not limited to:
Updates to reflect current practices
Adding new product features or services
Changes to contact information
Clarifications of existing terms
Grammatical or formatting updates
Security enhancements
Technical documentation updates
Service improvement descriptions
Analytics and tracking updates
Changes to advertising partners and analytics providers
Updates to third-party integrations
Regional compliance updates
A. Material Changes
Email notification 5 days before implementation
Changes effective upon notification date
Continued use constitutes acceptance
B. Non-Material Changes
May be implemented immediately
No advance notice required
Updated policy posted on website
Review current privacy policy on our website
Discontinue service use if you disagree with changes
Continued use indicates acceptance of changes
For all inquiries including privacy-related matters:
Email: privacy@iq-boost.com
Help Center: https://iq-boost.com/help
Postal Address: Český Partner s.r.o., Kaprova 42/14, Praha, 110 00, Czech Republic
All inquiries will be handled according to the response timelines detailed in Section 7.3.3.