Privacy Policy

SpeedIQ is a multi-channel messaging platform that enables businesses to send WhatsApp, email, and SMS communications to their own customers. We operate as a data controller for the personal information of our own customers (the people who sign up for SpeedIQ accounts) and as a data processor for the personal information our customers upload about their end-users (such as contacts, subscribers, and recipients).

If you are an end-user receiving a message sent through SpeedIQ, the sender — our customer — is the data controller for your information. We can only act on instructions from that sender.

Account information. When you create an account we collect your name, email address, password (stored hashed), profile picture (optional), and authentication provider identifiers (e.g., Google OAuth subject ID).

Project & workspace data. Project names, team-member email addresses and roles, invitations, and project preferences (working hours, custom branding, etc.).

Billing information. Stripe Customer ID, billing address, last four digits of payment method, subscription state, and invoice metadata. Card numbers are never stored on our servers — Stripe handles all card data.

Messaging content. Templates you create, campaigns you build, contact lists you upload, and conversation history between you and your end-users. This includes phone numbers, email addresses, custom fields, message bodies, and delivery metadata.

Usage data. Log files including IP address, browser type, device identifiers, pages visited, features used, timestamps, and error reports. We use this to operate and improve the Services.

Cookies & similar technologies. See our Cookie Policy for full details.

• To provide the Services, authenticate you, and personalize the experience.
• To process payments and send billing communications.
• To send transactional emails (account verification, password reset, billing receipts, security alerts) — you cannot opt out of these while you have an active account.
• To send product updates, occasional newsletters, and announcements (you can opt out at any time).
• To monitor service performance, detect abuse, and improve reliability.
• To comply with legal obligations and respond to lawful requests.

For users in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under one or more of the following legal bases:

• Contract — to perform our agreement with you.
• Legitimate interests — to operate, improve, and secure the Services.
• Consent — for cookies and marketing communications, where required.
• Legal obligation — to comply with applicable laws.

We share personal data only as described below:

• Service providers (sub-processors). See our Data Processing Addendum for the current list. We use Supabase (database & auth), Stripe (payments), Resend (email delivery), Twilio (SMS), Meta (WhatsApp Cloud API), Vercel (hosting), and similar providers.
• With your direction. When you send a message via SpeedIQ, the message content and recipient details are routed to the relevant channel provider (Meta, Resend, Twilio) under your instructions.
• Legal requirements. When required by law, court order, or to protect rights, property, or safety.
• Business transfers. In connection with a merger, acquisition, or asset sale, where the acquirer agrees to honor this policy.

We do not sell personal information. We do not share personal information for cross-context behavioural advertising.

Our servers and our sub-processors operate globally. When personal data is transferred outside your home jurisdiction, we rely on appropriate safeguards — such as the Standard Contractual Clauses approved by the European Commission and equivalent mechanisms — to protect that data.

We retain personal data for as long as your account is active or as needed to provide the Services. Specifically:

• Account & billing data: for the life of the account, plus up to 7 years to meet tax and accounting obligations.
• Contact, campaign, and conversation data: for the life of the project, until you delete it.
• Logs & analytics: typically 90 days, longer for security events.
• Backups: rolling 30 days.

If you close your account, we delete personal data within 30 days, except where retention is legally required.

Depending on where you live, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion (subject to legal exceptions).
• Portability — receive your data in a structured, machine-readable format.
• Restriction & objection — limit or object to certain processing.
• Withdraw consent — where processing is based on consent.
• Complain — lodge a complaint with your local data protection authority.

For India under the DPDP Act, you additionally have the right to nominate a person to exercise rights on your behalf and to a grievance redressal mechanism.

To exercise any of these rights, email privacy@speediq.app.

We follow industry-standard practices to protect personal data: TLS-encrypted transit, encrypted-at-rest databases, principle of least privilege, audit logging on sensitive operations, and Row-Level Security on all customer-scoped tables. No system is perfectly secure, but we work to keep the bar high.

The Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be notified via email and/or in-app notice. The “Last updated” date at the top of this page indicates when this policy was last revised.

Privacy questions: privacy@speediq.app
Data protection enquiries: dpo@speediq.app