Privacy Policy | Label IQ AI™
Effective date: September 2025
Entity: Label IQ, Inc. (“Label IQ,” “we,” “us,” or “our”)
Scope: This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use LabelIQ.ai, our apps, APIs/SDKs, smart-contract–enabled features, and any services that link to this Policy (collectively, the “Platform”).This Policy is designed to satisfy global privacy requirements (e.g., GDPR/UK GDPR/Swiss FADP, CPRA and other US state laws, LGPD, PIPEDA). If any local law requires stricter terms, those terms control for residents of that region.1) Roles & ApplicabilityController. We are the controller for account, billing, marketing, site/app analytics, and Platform integrity/safety data.
Processor. For certain creator features (e.g., exporting fan emails, managing supporters), we act as a processor on behalf of the creator. Our Data Processing Addendum (DPA) applies to that processing.
Creator responsibilities. When creators download or otherwise control supporter data, they become independent controllers and must comply with applicable law (consent, notices, unsubscribe, security).
2) Information We Collect2.1 You ProvideAccount & profile. Name/alias, email, password, avatar, bio, social links, industry role.
Creator assets & prompts. Uploads (audio, video, images), lyrics/scripts, prompts, project settings/metadata, captions/subtitles.
Financial & identity. Billing details, addresses, purchases, payout info, tax forms (e.g., W-9/W-8), and KYC/AML data via vendors (government ID, liveness checks where applicable).
Communications. Support tickets, feedback, surveys, in-Platform messages, comments.
Campaign & challenge data. Entries, votes/likes, leaderboards, public metrics.
2.2 Collected AutomaticallyUsage & device. IP address, coarse location, device IDs, browser/OS, language, timestamps, feature usage, crash/performance logs.
Cookies/SDKs. Session and preference cookies, analytics cookies/SDKs, attribution identifiers, and (where permitted) advertising cookies/identifiers.
Telemetry. Non-content generation signals (e.g., model type, duration, error codes, render stats).
Security signals. Fraud/abuse signals (e.g., failed logins, rate limit events, bot indicators).
2.3 From Third PartiesPayments & KYC. Payment processors/custodians (e.g., tokenized card data, transaction status), identity vendors (verification outcomes).
Linked accounts. Social/sign-in platforms you connect.
Blockchains. Public on-chain addresses and transaction data tied to Platform activity.
We do not require you to disclose sensitive categories (e.g., health, precise geolocation) for normal use. Do not upload sensitive data unless requested for compliance (e.g., KYC).3) How We Use InformationProvide the Platform. Account provisioning, content generation, rendering, storage/CDN, compatibility, customer support.
Payments & distributions. Credit purchases, token sales (where permitted), royalties, payouts, and tax reporting.
Integrity & security. Authenticate users, detect/prevent fraud/abuse, rate-limit, prevent spam, sanctions screening, incident response.
Community & discovery. Profiles, leaderboards, voting, challenge pages, trending surfaces, social sharing tools.
Research & development. Service and model quality, safety, and UX improvements using aggregated and/or de-identified analytics/telemetry.
Communications & marketing. Service emails (transactional), product updates, optional newsletters (with unsubscribe), and, where permitted, interest-based advertising.
Compliance. KYC/AML, sanctions checks, audits, regulatory and legal requests.
AI training. We do not train foundation models on your private, non-public uploads without your explicit opt-in. If you opt in, you can revoke for future training events (past training can’t be unlearned).4) Synthetic Media, Likeness & VoiceIf your uploads include a person’s voice or likeness, you represent you have a lawful basis (e.g., consent, license).
We may label AI-generated or manipulated media and/or require you to disclose synthetic content where law or policy requires.
We may apply visible or invisible watermarks/signals to help identify Platform-generated media.
5) Legal Bases (EEA/UK/Switzerland)Contract (Art. 6(1)(b) GDPR): To provide the Platform and fulfill requests.
Legitimate interests (Art. 6(1)(f)): Service improvement, security/fraud prevention, limited direct marketing.
Consent (Art. 6(1)(a)): Certain cookies/advertising, newsletters, and AI training opt-in.
Legal obligation (Art. 6(1)(c)): Tax, KYC/AML, sanctions screening.
6) Sharing & DisclosuresWe do not sell your personal information for money. Where “sale” or “sharing” includes cross-context targeted advertising (e.g., CPRA), we honor opt-out rights (see §11).We share with:Service providers/processors. Cloud hosting, GPU/compute, storage/CDN, analytics/monitoring, customer support, KYC/AML, payments/custody, blockchain infrastructure, email/SMS.
Creators & backers. Limited project-level data needed for distributions, e.g., wallet addresses or payout IDs.
Public/other users. Content you publish (profiles, entries, thumbnails, metrics) is visible per your settings and feature design.
Corporate events. In a merger, acquisition, financing, or asset transfer.
Law & safety. To comply with law, enforce Terms, protect rights, and investigate abuse or security incidents.
We impose contractual and security obligations on service providers and restrict their use of data to our instructions.7) International Data TransfersWe operate globally and may transfer data to countries that may have different data protection laws than yours. Where required, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses, UK addendum/IDTA) and implement supplementary safeguards.8) RetentionWe keep personal data only as long as necessary to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements. Illustrative examples:Account data: For your account lifetime and a reasonable period after deletion.
KYC/financial records: As required by tax/financial laws (typically 5–7 years).
Logs & telemetry: Short to medium period for security/diagnostics (e.g., 30–365 days).
On-chain records: Indefinite and public by design; see §14.
Upon request, we’ll delete or anonymize data unless retention is legally required or technically necessary (e.g., security, audit, or on-chain immutability).
9) SecurityWe use administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, least-privilege, logging, vulnerability management, audits). No system is 100% secure. Report incidents to hi@labeliq.ai. If we’re required to notify you of a breach, we will do so consistent with applicable law.10) Your Privacy RightsYour rights vary by region and may include: access, correction, deletion, portability, restriction/objection, and withdrawal of consent.US (e.g., CPRA/CPA/VCDPA/CTDPA/UCPA/ADPPA-like). Right to know/access, delete, correct, and opt out of sale/sharing/targeted advertising and certain profiling. Appeals process provided below.
EEA/UK/Switzerland. GDPR/UK GDPR/Swiss FADP rights, including the right to lodge a complaint with your supervisory authority.
Brazil (LGPD). Access, correction, anonymization/blocking/deletion of unnecessary/excessive data, portability, information about sharing, and consent revocation.
Canada (PIPEDA). Access and correction; contact us for details.
How to exercise. Email hi@labeliq.ai or use the in-app portal (when available). We may verify requests (e.g., email verification, device challenge, or ID for sensitive requests). You may use an authorized agent where permitted; we may require proof of authorization.Appeals (US states requiring it). If we deny your request, you may appeal by replying to the decision email or writing hi@labeliq.ai with “Appeal” in the subject. If unresolved, you may contact your state AG.11) Cookies, Ads, and Global Privacy ControlsManage preferences via our Cookie Banner/Settings and your browser/device controls.
For interest-based ads, use industry opt-outs where available (e.g., DAA/NAI).
Global Privacy Control (GPC). Where required, we treat a valid GPC signal as a request to opt out of sale/sharing.
California residents can use our “Do Not Sell/Share My Personal Information” link to opt out of cross-context behavioral advertising.
12) Children’s PrivacyThe Platform is not directed to children under 13 and we do not knowingly collect their personal information. If we learn we have, we will delete it. Teens 13–15 in certain US states may have additional rights; where required, we obtain opt-in for any “sale/sharing.”13) Creator-Managed DataCreators may export supporter data (e.g., email lists). When a creator controls this data outside the Platform, the creator is an independent controller and must: (i) provide required notices/consents; (ii) honor unsubscribe/opt-out; (iii) secure the data; and (iv) comply with applicable law and our Terms/DPA.14) Blockchain & ImmutabilitySome activity (e.g., token mints, royalty distributions) is recorded on public blockchains and may be viewable by anyone. On-chain records are immutable and not subject to typical deletion or correction. Public addresses can become linked to you through your actions, interactions, analytics, or third-party analysis. Take care when transacting on-chain.15) AI Training PreferencesDefault: We do not train foundation models on your private, non-public uploads.
Opt-in: If you opt in, we may use your data to fine-tune or evaluate models to improve quality/safety. Opt-out for future training at any time (past training cannot be reversed). We may continue to use aggregated/de-identified analytics for service improvement.
16) Automated Decision-Making & ProfilingWe use limited automated processing for:Fraud/abuse detection (e.g., unusual sign-ins, botting, chargeback risk).
Integrity/safety controls (e.g., rate limits, model access gating).
Basic recommendations (e.g., trending projects).
These processes help secure the Platform and improve discovery. You can contact us to request information about significant automated decisions as required by law.17) Third-Party Links & ServicesOur Platform may link to third-party sites/services. Their privacy practices are governed by their own policies. Review those policies before providing data to them.18) California & US State Notices18.1 California “Notice at Collection”Categories collected: Identifiers (e.g., name, email, IP), commercial information (purchases), internet/network activity, geolocation (coarse), audio/video you upload, inferences (limited), and sensitive data only as needed for KYC (government ID, liveness).
Purposes: As described in §§3–4.
Retention: As described in §8.
Sale/Sharing: We do not sell for money; we may engage in cross-context advertising, which is “sharing” under CPRA. You can opt out (see §11).
Sensitive personal information: Used only as necessary to perform services (e.g., KYC/AML) and for security/compliance; we do not use or disclose it to infer characteristics.
18.2 “Shine the Light” (CA Civ. Code §1798.83)We do not disclose personal information to third parties for their own direct marketing without your consent.18.3 Nevada & Other StatesNevada residents may opt out of certain sales by emailing privacy@labeliq.ai with “Nevada Opt-Out.” Other state-specific rights are addressed in §10.19) International Representatives (GDPR/UK GDPR) (if applicable)If required, we will appoint an EU Representative and UK Representative; details will be posted here when available. You may contact our DPO/Privacy Office at privacy@labeliq.ai.20) Data Protection Addendum (DPA) & SubprocessorsOur DPA governs creator-controlled processing and includes SCCs/UK Addendum as applicable.
We maintain a list of material Subprocessors (cloud, compute, storage/CDN, KYC, payments/custody, analytics) available on request or published at [link to Subprocessors page]. We will provide notice of material changes where required.
21) Your ChoicesEmail preferences. Unsubscribe via footer links or account settings.
Marketing & cookies. Manage in our banner/settings and via device/browser controls.
AI training. Opt in/out in settings (see §15).
Account deletion. Request via settings or hi@labeliq.ai. (On-chain data cannot be deleted.)
22) Changes to this PolicyWe may update this Policy from time to time. If we make material changes, we will notify you in-app or by email and indicate the new effective date. Continued use after the effective date means you accept the changes.23) Contact UsPrivacy requests: hi@labeliq.ai
Security incidents: hi@labeliq.ai
EU/UK Rep or DPO (if applicable):