Privacy Policy

DivetIQ ("DivetIQ", "we", "us", or "our") is the controller of the personal data described in this Policy in connection with our marketing website and pre-sales communications. When you use the DivetIQ platform as a customer, we act as a processor on your behalf — that relationship is governed by our Data Processing Addendum.

Postal address: 2810 N Church St, STE 88941, Wilmington, DE 19802, United States. We also operate offices in Sarajevo, Bosnia and Herzegovina. Phone: +1 (903) 459-6068.

We collect personal information you provide directly (for example, when you book a demo, sign up for our newsletter, or contact us), and a limited set of information collected automatically as you browse our website.

• Identifiers and contact data — full name, business email address, phone number, employer, and job title.
• Communications — the content of forms you submit and emails or messages you exchange with us.
• Usage data — pages viewed, referring URL, approximate location derived from IP address, device and browser type, and timestamps.
• Cookies and similar technologies — strictly necessary cookies are always used; analytics or marketing cookies are only set with your consent.

We process personal data only for the purposes set out below, and only where we have a valid lawful basis under applicable law (typically performance of a contract, our legitimate interests in running and securing our business, or your consent).

• Respond to your inquiries, provide demos, quotes, and customer support.
• Operate, maintain, secure, and improve our website and platform.
• Send service announcements and, with your consent, marketing communications you can opt out of at any time.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations, including tax, accounting, and regulatory reporting.

DivetIQ runs an Agentic AI workflow layer across our platform. Customer content is never used to train shared or third-party AI models. Models that operate on customer data are either deployed in the customer's tenant or run as stateless inference against per-tenant context that is not retained for training purposes.

Where AI transparency is required (for example, under the EU AI Act), users are notified of automated interactions and given a clear escalation path to a human.

We do not sell personal data. We share personal information only in the limited circumstances described below, and always under written contractual safeguards.

• With service providers (sub-processors) who help us operate our website, infrastructure, email, CRM, analytics, and customer support — under written data protection terms.
• With professional advisers (lawyers, accountants, insurers) where strictly necessary.
• In connection with a corporate transaction (merger, acquisition, financing, or asset sale), subject to confidentiality protections.
• Where required by law, regulation, court order, or to protect the rights, property, or safety of DivetIQ, our customers, or others.

DivetIQ is headquartered in the United States and operates from offices in Bosnia and Herzegovina. Personal data may be transferred to, stored, and processed in countries other than your own.

Where required, we use European Commission Standard Contractual Clauses, UK International Data Transfer Addenda, and equivalent mechanisms, together with supplementary technical and organisational measures, to provide appropriate safeguards for international transfers. Customers may select EU-only data residency for the platform on request.

We keep personal data only for as long as is necessary for the purposes set out in this Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When personal data is no longer required, it is deleted or irreversibly anonymized.

We use a defense-in-depth security program informed by ISO 27001 and SOC 2 Type II controls. This includes AES-256 encryption at rest, TLS 1.3 in transit, role-based access control with attribute extensions, immutable and append-only audit logs, penetration testing, vulnerability scanning, and a 24/7 incident response process.

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain uses. EU/UK residents may lodge a complaint with their supervisory authority; California residents have additional rights under the CCPA/CPRA; Brazilian residents are protected by LGPD; and Quebec residents are covered by Law 25.

To exercise any of these rights, contact us using the details below. We will verify your request and respond within the timelines required by applicable law.

We use a minimum of strictly necessary cookies to operate the site (for example, to remember your language preference). Analytics or marketing cookies are only set with your consent, which you can change at any time. You can also configure your browser to block or alert you to cookies.

Our website and platform are not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. We will post the revised version on this page with a new "last updated" date. If the changes are material, we will provide a more prominent notice (for example, by email where you have shared one).

Questions or requests about this Privacy Policy can be sent to privacy@divetiq.com or by post to: 2810 N Church St, STE 88941, Wilmington, DE 19802, United States.