Back to Home

Privacy Policy

Last updated: 23 November 2025

BloodstockIQ ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights under GDPR.

1. Data Controller

BloodstockIQ Ltd

Email: support@bloodstockiq.com

Location: Ireland

2. Data We Collect

We collect the following personal data:

Account Data

  • Name
  • Email address
  • Password (hashed, never stored in plain text)

Subscription & Billing Data

  • Stripe customer ID
  • Payment method (stored by Stripe)
  • Billing history and invoices

We do not store card details — Stripe handles all PCI-compliant processing.

Uploaded Content

  • Pedigree files (PDF/JPG/PNG)
  • Extracted names (sire, dam, horse name)

Technical & Usage Data

  • IP address
  • Browser/device information
  • Search filters
  • Saved searches
  • AI query interactions
  • Log data for debugging and security

3. How We Use Your Data

We use your information to:

  • Provide access to platform features
  • Generate AI analyses and valuations
  • Improve model accuracy
  • Prevent fraud and abuse
  • Maintain subscription billing
  • Provide customer support

Your prompts and text inputs are processed by OpenAI for generation but not used to train their models.

4. AI Processing

When you use BloodstockIQ's AI tools, your queries may be sent to:

  • OpenAI (chat/analysis models)

We restrict data processing with privacy-preserving settings whenever available.

5. Legal Bases (GDPR)

We process your data under:

  • Contract: to deliver the service you subscribed to
  • Legitimate interest: to improve security, analytics, and performance
  • Consent: where required for cookies or marketing
  • Legal obligations: accounting, invoicing, audit logs

6. Data Sharing

We share minimal data with:

  • Stripe (billing)
  • OpenAI (AI processing)
  • Supabase (hosting & database)

We never sell or rent your personal data.

7. International Transfers

Some processing occurs outside the EU (e.g., OpenAI in the US). We rely on:

  • Standard Contractual Clauses (SCCs),
  • Adequate safeguards,
  • GDPR-compliant processors.

8. Data Retention

  • Account data: retained while your account is active
  • Billing records: kept for 6 years (legal requirement)
  • Uploaded documents: deleted when your account is deleted or on request
  • Logs: 30–180 days depending on type

You may request deletion at any time.

9. Your Rights (GDPR)

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Delete your data ("right to be forgotten")
  • Export your data
  • Restrict processing
  • Object to certain processing
  • Withdraw consent

To exercise rights: privacy@bloodstockiq.com

10. Contact

If you have a privacy question:
privacy@bloodstockiq.com