Privacy Policy

We at Basiq Work Inc. (“we,” “us,” or “our”) value the privacy of our users (“you” or “your”). This Privacy Policy outlines how we collect, use, and protect your personal data when you use our web application (“the App”).

By using the App, you agree to the collection and use of your personal data as outlined in this Privacy Policy.

We collect the following types of information when you use the App:

• Customer Data: Content that you or your organization upload, generate, or manage within the App (for example, conversations, notes, or files). This data remains owned and controlled by you and is processed solely to provide and improve our services.
• Operational Data: System and usage information automatically collected to operate and secure the App, such as device identifiers, event logs, and performance telemetry.
• Personal Information: Details such as your name, email address, and phone number provided during sign-up or interaction with the App.
• Payment Information: If applicable, payment details necessary to process transactions.

We do not manually review customer content except when required to investigate abuse reports, troubleshoot issues, or comply with legal obligations.

We do not intentionally collect or process “special categories” of personal data (such as health, biometric, or political-affiliation data).

• To provide, maintain, and improve the App’s functionality and features.
• To communicate with you, including important service notifications and product updates. By signing up for the App, you agree to receive internal messages related to product updates and service changes. All other marketing or promotional communications are strictly opt-in, and you may opt out at any time.
• To process payments and manage subscriptions.
• To analyze usage patterns and improve performance using aggregated or pseudonymized data. We do not directly examine your data for improvement purposes unless the nature of the issue or enhancement requires it and we have received your express permission.
• To assist with troubleshooting or investigating technical issues that you or your organization have reported.
• To comply with legal obligations, enforce our terms, and resolve disputes.

We do not use data obtained through Google Workspace APIs to develop, improve, or train generalized artificial-intelligence or machine-learning models.

We may share your information with third parties only as described below and subject to appropriate contractual and security safeguards:

• Service Providers and Sub-processors: We engage carefully selected third-party vendors to assist in delivering the App, such as cloud-hosting providers, analytics services, and payment processors. Each vendor is bound by a written Data Processing Agreement (“DPA”) requiring them to process data solely on our instructions, maintain confidentiality, and implement adequate security measures. A current list of our sub-processors, including their locations and data-handling roles, is available upon request.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring or successor entity, subject to this Privacy Policy’s protections.
• Legal Requirements and Safety: We may disclose your data where required by law or when we believe disclosure is necessary to protect our rights, investigate fraud or abuse, or ensure the safety of users.

We require all third parties that receive personal data from us to comply with applicable data-protection laws and to implement appropriate safeguards consistent with our own security obligations.

When we transfer data internationally, we rely on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to ensure an adequate level of protection.

We retain data for the minimum length of time necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, or resolve disputes. Once data is no longer required, it is securely deleted or anonymized according to our internal retention and disposal policies.

• Account Data: Retained while your account remains active and for up to 90 days after closure to support account administration and compliance obligations.
• Customer Content: Retained until you delete it, your workspace administrator deletes it, or your account is terminated. Once deleted, content is permanently removed from active systems and deleted from backups within 30 days.
• Operational and Log Data: Used for diagnostic, security, and performance monitoring. Our internal policy prevents customer content from being stored in logs. Log data is stored at various retention intervals but never retained for more than 180 days.

We implement secure deletion and anonymization processes to ensure that your data is removed or de-identified once retention periods expire.

Depending on your location and applicable laws, you may have certain rights regarding your personal data. These may include:

• Access: Request access to the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal data, subject to legal or contractual requirements.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Restriction and Objection: Request limits on how we process your data or object to specific types of processing.
• Opt-Out: Withdraw consent or opt out of marketing communications at any time by using the unsubscribe link in emails or contacting us directly.

To exercise these rights, contact us at privacy@basiq.work.

We may request verification of your identity before fulfilling your request. We respond to verified data requests within 30 days (or as required by applicable law).

This Privacy Policy is governed by the laws of Delaware, United States, unless otherwise required by local regulation.

We use cookies and similar tracking technologies to operate and improve the App. Cookies are small files stored on your device that help us recognize you, remember your preferences, and analyze usage patterns.

• Essential Cookies: Required for core functionality such as authentication, security, and account access.
• Analytics and Performance Cookies: Help us understand how users interact with the App so we can improve performance and usability.
• Preference Cookies: Remember user settings such as language and display preferences.

We use a cookie consent banner that allows you to manage your preferences and control which non-essential cookies are placed on your device in compliance with applicable data-protection laws.

We may use trusted third-party analytics providers, such as Google Analytics, to collect aggregated usage data. These providers process information on our behalf and are bound by strict confidentiality and data-protection obligations.

You can adjust your cookie preferences at any time through your browser settings or the cookie consent tool within the App.

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using Advanced Encryption Standard (AES) with 256-bit keys.
• Access Control: Access to customer data is restricted to authorized personnel on a least-privilege basis and protected through multi-factor authentication.
• Monitoring and Vulnerability Management: We maintain continuous system monitoring, perform regular security reviews, and apply timely security patches.
• Incident Response: We maintain an incident-response plan to promptly investigate, contain, and notify affected parties in the event of a security breach.
• Framework Alignment: While we are not ISO 27001-certified, we use the ISO 27001 framework as our model when developing, reviewing, and adopting new security and compliance policies.

While no system can guarantee absolute security, we are committed to continuous risk assessment and improvement of our security controls to safeguard user data.

We use Amazon Web Services (AWS) as our primary cloud infrastructure provider, operating exclusively within AWS-managed environments and regions. Whenever possible, all data—including databases, application content, and system logs—is stored and processed entirely within AWS-managed infrastructure.

We do not use third-party providers for the storage of critical customer data, whether in the United States or abroad. In the rare cases where we engage a vendor to interact with customer data—inside or outside the U.S.—we ensure that:

• The vendor operates under a written agreement requiring data-protection and confidentiality measures equivalent to our own;
• The vendor’s environment meets or exceeds recognized security standards (such as SOC 2 or ISO 27001); and
• Appropriate contractual, organizational, and technical safeguards are in place to protect the data from unauthorized access or disclosure.

If data must be transferred internationally, we take steps to ensure such transfers comply with applicable privacy laws and provide an adequate level of protection consistent with U.S. and internationally recognized standards.

The App is not intended for individuals under the age of 18. We do not knowingly collect or solicit personal information from anyone under 18 years of age.

If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete that information from our systems.

Parents or guardians who believe a minor may have provided us with personal information may contact us at privacy@basiq.work to request its removal.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes that affect how we process your personal data, we will notify you by email using the address associated with your user account before the new terms take effect.

The “Effective Date” at the top of this Policy will always indicate the latest revision. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

This Privacy Policy is issued by Basiq Work Inc., the operator of the Topiq application.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:

If you are located outside the United States and wish to contact our data-protection representative, or to exercise your data rights, please use the email address above and indicate your country of residence in your message.

We will respond to all privacy-related inquiries in a timely manner and in accordance with applicable law.