Privacy Policy_
This policy explains what Black Office, Inc. ("Black Office", "we") collects, why, and the controls you keep. Short version: your operational data stays yours, it never trains models shared across customers, and this website sets no tracking cookies.
01Scope
This policy covers the blackoffice.ai website and the Black Office platform. Where we process business documents, ledger entries and similar operational data on behalf of a customer workspace ("Customer Data"), we act as a processor under the customer's instructions and the applicable data processing agreement; the customer is the controller of that data.
02What we collect
- Account information: name, work email, workspace name, role, authentication events.
- Customer Data: documents and records you submit or authorize us to fetch from connected systems (for example invoices, payroll registers, tickets, repository metadata), processed solely to run your configured lanes.
- Audit records: an immutable log of every agent action, policy evaluation and human approval in your workspace. This is a product feature, kept for you.
- Service telemetry: logs, diagnostics and aggregate usage metrics needed to operate and secure the platform.
- Correspondence: emails you send to our sales, support, security or privacy addresses.
We do not buy data about you, and we do not collect advertising identifiers.
03How we use it
- to provide, secure and improve the Service, including executing the policies your workspace configures;
- to answer support requests and send operational notices (for example the morning brief, incident notices, billing);
- to meet legal obligations and enforce our Terms of Service.
Model training: Customer Data is never used to train models shared across customers. Models fine-tuned on your data, where offered, serve your workspace only.
04When we share
- Connected systems you authorize: accounting, banking, payroll, ticketing and code-hosting services exchange data with us at your instruction.
- Subprocessors: vetted infrastructure providers (hosting, email delivery, error monitoring) bound by data-protection agreements; the current list is available on request at privacy@blackoffice.ai.
- Legal: when required by law, with notice to you where permitted.
- Corporate events: in a merger or acquisition, subject to this policy's protections.
We do not sell personal information, and we do not share it for cross-context behavioral advertising.
05Security
All data is encrypted in transit and at rest. Access is role-scoped and logged; production access requires hardware-key MFA. The platform maintains SOC 2 Type II controls, region-pinned storage options, and continuous monitoring with a 99.99% uptime record for critical agent infrastructure. Report vulnerabilities to security@blackoffice.ai; disclosures are acknowledged within 24 hours.
06Retention
Customer Data and audit records are retained while your workspace is active. After termination, exports remain available for 30 days, after which data is deleted on a rolling schedule (at most 90 days), except where law requires longer retention (for example financial records). Service telemetry is retained up to 13 months in aggregate form.
07Your rights
Depending on your jurisdiction (including under GDPR and UK GDPR), you may request access, correction, export, deletion or restriction of your personal data, and object to certain processing. Write to privacy@blackoffice.ai; we respond within 30 days. If you are in the EEA or UK, you may also lodge a complaint with your supervisory authority. For data inside a customer workspace, we will route your request to the workspace controller.
08Cookies
This marketing site sets no tracking or advertising cookies and loads no third-party analytics. The application uses strictly necessary cookies only: session authentication and CSRF protection. Because nothing optional is set, there is no cookie banner to click. You're welcome.
09International transfers
We operate from the United States and Germany. Where personal data is transferred across borders, we rely on appropriate safeguards, including Standard Contractual Clauses and region-pinned storage where selected by your workspace.
10Children
The Service is for businesses and is not directed to children under 16. We do not knowingly collect data from children; if you believe a child has provided us data, contact privacy@blackoffice.ai and we will delete it.
11Changes
We will announce material changes to this policy by email or in-product notice before they take effect. The "last_updated" stamp above always reflects the current version.
12Contact
Black Office, Inc. privacy team: privacy@blackoffice.ai · all channels: /contact. Our EU representative can be reached at the same address, subject line "EU_REP".