Legal
Privacy Policy
Effective date: June 3, 2026
This Privacy Policy explains how Resonant IQ, Inc. (“Resonant IQ,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Resonant IQ platform at resonantiq.app (the “Service”). It also describes the rights you have over your information and how to exercise them.
We wrote this in plain English on purpose. If something is unclear, email us at support@resonantiq.app.
1. Who We Are and How to Reach Us
Resonant IQ, Inc. operates Resonant IQ, an AI-powered quality assurance and customer intelligence platform for B2B customer support teams.
| Company | Resonant IQ, Inc. |
| Website | resonantiq.app |
| Privacy contact | support@resonantiq.app |
| Mailing address | Resonant IQ, Inc. c/o Legalinc Corporate Services Inc. 131 Continental Dr, Suite 305 Newark, DE 19713 |
For data protection inquiries, including GDPR or CCPA rights requests, email us at support@resonantiq.app with “Privacy Request” in the subject line.
2. The Two Roles We Play
Resonant IQ operates in two distinct legal roles depending on whose data is involved.
When we are the data controller — We determine how and why we process personal information about our own customers (the companies and their team members who use Resonant IQ). This covers account registration, billing, authentication, and our own communications with you.
When we are a data processor — When you connect a support tool such as HubSpot, Intercom, or Zendesk to Resonant IQ, your organization imports conversation data that belongs to you (and contains personal information about your customers and agents). In that context, you are the data controller and we process that data on your behalf, under your instructions, and in accordance with our Data Processing Agreement. We do not independently decide what to do with that data — we process it only to deliver the Service to you.
This distinction matters throughout this policy. Sections 3 through 7 describe both roles. Section 11 covers the processor relationship in more detail.
3. Information We Collect
3.1 Account and registration information
When you create a Resonant IQ account, we collect your name, work email address, password (stored as a secure hash), company name, and your role within the platform (admin, QA manager, lead, or agent). If your organization signs up via an invite code, we record that code.
3.2 Billing information
We use Stripe to handle payments. When you subscribe, Stripe collects your payment card details directly. We receive only a payment token and high-level billing metadata (subscription status, renewal date, invoice history). We never see or store your raw card number, CVV, or expiry date.
We retain your subscription status, plan tier, founding-member rate lock (where applicable), and billing history for the duration of your account plus 7 years after the close of the relevant calendar year, or as required by applicable tax law.
3.3 Conversation data imported through connectors
When you connect HubSpot, Intercom, Zendesk, or another supported integration, Resonant IQ reads conversation data from that source using the OAuth access you grant. We collect:
- Conversation transcripts (the text of support interactions)
- Conversation metadata: timestamps, channel type, resolution status, assigned agent identifier, conversation ID
- Agent identifiers: names and IDs of the support agents involved
- Customer identifiers: names and external IDs used to associate conversations with accounts (we do not pull payment information, full customer profiles, or unrelated contact history)
- CSAT scores and other feedback ratings attached to conversations, where available from the source system
We read this data. We never write back. Resonant IQ has a strict read-only stance toward all connected source systems. We do not create, modify, or delete records in HubSpot, Intercom, Zendesk, or any other connected tool.
3.4 Scorecard and QA configuration data
We store the rubrics, scorecards, criterion descriptions, and brand voice guidelines your organization creates within Resonant IQ. This is your intellectual work product — we use it to run AI scoring on your behalf and do not share it with other customers.
3.5 AI scoring outputs
When a conversation is scored, we store the AI-generated score (per criterion), the AI’s plain-language explanation, and any human corrections or coaching notes added by your team. These records are tied to the specific scorecard version in effect at the time of scoring.
3.6 Usage and technical data
We collect server logs, feature interaction events, error reports, and session metadata to operate and improve the Service. This includes IP addresses, browser type, operating system, and pages visited. We do not sell this data or use it for cross-site advertising.
3.7 Support communications
If you contact us via the in-app Help Scout Beacon or by email, we receive the content of your message and any attachments. We use this solely to respond to your request and improve the Service.
4. How We Use Your Information
| Purpose | Legal basis (GDPR) | Notes |
|---|---|---|
| Delivering the Service — importing conversations, running AI scoring, surfacing results in the dashboard | Contract performance (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)) | Core platform function |
| Authenticating users and protecting accounts | Contract performance; Legitimate interests | Security |
| Processing payments and managing subscriptions | Contract performance; Legal obligation | Via Stripe |
| Sending service communications (billing receipts, security alerts, material policy changes) | Contract performance; Legal obligation | No marketing without consent |
| Responding to support requests | Legitimate interests | |
| Monitoring for abuse, fraud, and platform misuse | Legitimate interests | |
| Improving platform performance and reliability | Legitimate interests | Aggregated and de-identified where possible |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your conversation data to train AI models. We do not build proprietary datasets from your data. We do not benchmark one customer’s data against another’s.
5. AI Processing
5.1 Anthropic — Conversation Scoring
Resonant IQ uses Claude (developed by Anthropic, Inc.) to score support conversations against your rubrics. This is central to how the product works, so we are explicit about it.
What happens: When a conversation is submitted for scoring, the conversation transcript is sent to Anthropic’s API. Claude reads the transcript, applies your scorecard criteria, and returns a numeric score and plain-language explanation for each criterion. The scored result is stored in Resonant IQ.
Anthropic’s role: Anthropic acts as our data subprocessor. They process conversation content solely to return scoring outputs to us. Anthropic processes this data under their commercial API terms, which include a Data Processing Addendum. Anthropic does not use your conversation content to train their models — this is the default behavior for commercial API customers.
Retention at Anthropic: Anthropic retains API inputs for up to 30 days for trust and safety purposes, after which they are deleted. They do not retain them for model training. Current details are available at trust.anthropic.com.
What this means for your data: Conversation text — which may contain your customers’ personal information — is transmitted to Anthropic’s US-based infrastructure as part of the scoring process. If your organization is in the EU or handles EU resident data, this transfer is covered by Standard Contractual Clauses (SCCs) incorporated into Anthropic’s DPA. See Section 9 on international transfers.
5.2 Voyage AI — Semantic Search
Resonant IQ uses Voyage AI to power semantic search across your conversation history. When the product searches for similar conversations or surfaces related evidence, conversation transcripts are sent to Voyage AI’s API, which returns vector embeddings — numerical representations that capture semantic meaning. These embeddings are stored in Resonant IQ and used solely for search and evidence-retrieval features.
Voyage AI’s role: Voyage AI Innovations, Inc. (a MongoDB company) acts as our data subprocessor. They process conversation transcripts solely to return embedding vectors to us. Voyage AI processes this data under their enterprise API terms, which include a Data Processing Agreement. Voyage AI does not use your conversation content to train their models.
What this means for your data: Conversation text is transmitted to Voyage AI’s US-based infrastructure as part of the embedding process. If your organization is in the EU or handles EU resident data, this transfer is covered by Standard Contractual Clauses (SCCs) incorporated into Voyage AI’s DPA. See Section 9 on international transfers.
6. HubSpot Integration — Specific Disclosures
This section satisfies HubSpot’s Developer Policy disclosure requirements.
What data Resonant IQ reads from HubSpot
Resonant IQ requests the following OAuth scopes from HubSpot. We request only what the product uses.
| Category | Scopes | What we read |
|---|---|---|
| Conversations | conversations.read | Support conversation thread text and metadata |
| Contacts & Companies | crm.objects.contacts.read crm.objects.companies.read crm.schemas.contacts.read crm.schemas.companies.read | Contact and company names and IDs, used to associate conversations with accounts and resolve customer identity |
| Tickets | crm.objects.tickets.read crm.schemas.tickets.read | Support ticket records, status, and properties |
| Deals | crm.objects.deals.read crm.schemas.deals.read | Deal records used to surface renewal and expansion signals |
| Custom Objects | crm.objects.custom.read crm.schemas.custom.read | Custom CRM object types (e.g., account-specific record types defined by your organization) |
| Engagements | crm.objects.notes.read crm.objects.tasks.read sales-email-read crm.objects.calls.read crm.objects.meetings.read crm.objects.communications.read | Notes, tasks, sales emails, call logs, meeting records, and other engagement activity associated with accounts |
Why we read this data
We import your HubSpot data to power two capabilities: (1) QA scoring — analyzing support conversations and tickets against your rubrics to generate AI quality scores; and (2) account intelligence — surfacing customer health signals, account timelines, and engagement patterns from deals, notes, calls, emails, and meetings. We do not read it for any other purpose.
What we do not do
- We do not write, update, or delete any records in your HubSpot account
- We do not sell or share your HubSpot data with third parties for their own purposes
- We do not request scopes broader than the above — we only request what the product actually uses
Your controls
- You may disconnect your HubSpot integration at any time from Settings within Resonant IQ. Disconnecting revokes our OAuth access immediately.
- After disconnection, or if you close your Resonant IQ account, we will purge HubSpot-sourced conversation data within 60 days.
- You may request deletion of your HubSpot-sourced data at any time by emailing support@resonantiq.app.
Data modification: If you correct or delete data in HubSpot after it has been imported into Resonant IQ, we will not automatically update our copy. To request that we update or delete specific records, contact support@resonantiq.app.
Breach notification: If we become aware of a breach or compromise involving your HubSpot Customer Data, we will notify you and HubSpot immediately and take all steps required under applicable law.
7. Sharing Your Information
We share information only as described below. We do not sell personal information.
7.1 Subprocessors
The following third parties process personal data on our behalf to deliver the Service. All are bound by data processing agreements that restrict them to processing data only for the purposes described.
| Subprocessor | Role | Data processed | Location |
|---|---|---|---|
| Anthropic, Inc. | AI conversation scoring | Conversation transcripts | United States |
| Supabase, Inc. | Database hosting (PostgreSQL on AWS us-east-1) | All platform data | United States (us-east-1) |
| Vercel, Inc. | Application hosting and CDN | Request/response data, logs | Global (edge); data at rest in United States |
| Inngest, Inc. | Background job processing | Job payloads including conversation references | United States |
| Stripe, Inc. | Payment processing and subscription management | Billing and payment data | United States |
| Help Scout, Inc. | Customer support (in-app Beacon widget) | Support messages and contact info | United States |
| Voyage AI Innovations, Inc. (a MongoDB company) | Text embeddings (semantic search) | Conversation transcripts | United States |
| Functional Software, Inc. (d/b/a Sentry) | Error and performance monitoring | Diagnostic and error data (PII scrubbed before transmission) | United States |
| Plus Five Five, Inc. (d/b/a Resend) | Transactional email delivery | Recipient email address and message content | United States |
| Google LLC (Google Workspace) | Internal email and document storage | Business communications and support correspondence | United States |
Connector sources (read-only data collection):
| Source system | Access type | What we read |
|---|---|---|
| HubSpot | OAuth read-only | Conversations, contact/company identifiers, CSAT |
| Intercom | OAuth read-only | Conversations, user/company identifiers, CSAT |
| Zendesk | OAuth read-only | Tickets, user identifiers, satisfaction ratings |
We never write data back to HubSpot, Intercom, Zendesk, or any other connected source system.
We will notify you at least 30 days in advance before adding a new subprocessor that will process your Customer Data.
7.2 Legal requirements
We may disclose information if required to do so by law, court order, or valid legal process. Where legally permitted, we will notify you before disclosing.
7.3 Business transfers
If Resonant IQ is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected customers and, where required, seek their consent.
7.4 With your direction
We share information with third parties only when you explicitly direct us to do so.
8. Data Retention
| Data type | Retention period |
|---|---|
| Account information | Duration of your account, plus 3 years after closure |
| Conversation data (imported transcripts, scores, coaching notes) | Duration of your account, plus 90 days after closure to allow data export |
| Billing records | 7 years after the close of the relevant calendar year, or as required by applicable tax law |
| Support communications | 3 years |
| Server and access logs | 90 days, on a rolling basis |
| AI scoring audit trail | Duration of your account |
When your account is closed or you request deletion, we will delete your Customer Data within 90 days and provide a confirmation. Certain data may be retained longer where required by applicable law (for example, billing records for tax compliance). Backups are purged on the same schedule after their normal retention cycle.
9. International Data Transfers
Resonant IQ is incorporated in the United States. Our infrastructure is US-based (Supabase on AWS us-east-1, Vercel). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, personal data you provide or that we process on your behalf will be transferred to and stored in the United States.
We rely on the following transfer mechanisms:
- Standard Contractual Clauses (SCCs) — incorporated into our Data Processing Agreement and into our agreements with subprocessors (Anthropic, Supabase, Vercel, Inngest, Stripe, Help Scout, Voyage AI, Sentry, Resend, Google Workspace)
- Subprocessor SCCs — each subprocessor listed in Section 7.1 maintains their own SCCs or equivalent transfer mechanism for EU-to-US transfers
A copy of our Data Processing Agreement (including applicable SCCs) is available on request at support@resonantiq.app.
10. Your Data Rights
Depending on your location, you may have the following rights over personal information we hold about you (in our capacity as data controller — i.e., your account and usage data):
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Ask us to delete your personal data, subject to legal retention requirements |
| Portability | Receive your data in a structured, machine-readable format |
| Restriction | Ask us to pause processing while a dispute is resolved |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Where processing is based on consent, withdraw it at any time (this does not affect prior processing) |
How to exercise your rights: Email support@resonantiq.app with “Privacy Request” in the subject line. We will respond within 30 days (or sooner, where required by law). We may ask you to verify your identity before fulfilling the request.
California residents additionally have the right to know what personal information we have collected and shared, the right to delete (subject to exceptions), the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To submit a California privacy request, email support@resonantiq.app.
Rights regarding conversation data (processor context): If you are an end customer of one of our tenant organizations (a person who had a conversation with a support team using Resonant IQ), your rights over that conversation data are administered by the organization you contacted, not by us. Please direct those requests to that organization. If they forward a valid deletion or access request to us, we will act on it promptly.
Right to lodge a complaint: If you are in the EEA, you have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with applicable law.
11. B2B Data Processing — Customer Responsibilities
This section describes the processor relationship between Resonant IQ and the organizations (“customers,” “tenants”) that subscribe to the Service.
You control your Customer Data. Your organization is the data controller for all conversation data, agent data, and end-user data you connect to Resonant IQ. We process it only as you instruct us to, for the purpose of delivering QA scoring and customer intelligence.
Your data stays yours. Each customer’s data is isolated from every other customer’s data in our system. We enforce strict multi-tenant isolation at the database level, and our engineering architecture is designed so that one tenant cannot access another’s data.
What we need from you. By connecting your support tools to Resonant IQ, you represent that:
- You have all necessary rights, consents, and permissions to provide this data to us for processing as described in this policy
- Your end users have been informed that their conversations may be analyzed for quality assurance purposes (through your own privacy policy, terms of service, or otherwise)
- The data you send us was collected lawfully
Data Processing Agreement. Our Data Processing Agreement (DPA) governs our processor obligations to you, including subprocessor approval, breach notification, data subject rights flow-through, and deletion timelines. The DPA is available on request at support@resonantiq.app.
Subprocessor changes. We will provide at least 30 days’ advance notice before adding a new subprocessor that will process Customer Data, giving you the opportunity to object.
Breach notification. If we become aware of a personal data breach affecting your Customer Data, we will notify you within 72 hours of becoming aware, with the information required by applicable law. You are then responsible for notifying your own supervisory authority and data subjects as required.
12. Security
We implement technical and organizational measures appropriate to the risk of processing personal data, including:
- Encryption in transit (TLS) and at rest
- Row-level security enforced at the database layer, preventing cross-tenant data access
- Access controls limiting employee access to customer data on a need-to-know basis
- Authentication requirements including secure password storage and support for passkeys
- Regular security testing as part of our development process
No system is perfectly secure. If you believe you have discovered a security vulnerability, please disclose it responsibly to support@resonantiq.app before disclosing publicly.
13. Children’s Privacy
Resonant IQ is a B2B platform for business users. We do not knowingly collect personal information from anyone under the age of 16. If we become aware that we have done so, we will delete it promptly.
14. Automated Decision-Making
Resonant IQ uses AI (Claude by Anthropic) to generate conversation quality scores. These scores are advisory only. Your organization retains sole responsibility for all employment decisions, performance management actions, coaching interventions, and operational decisions made in connection with QA results. Resonant IQ scores are inputs to human judgment, not binding determinations.
Where customers use Resonant IQ output in connection with employment or HR decisions, customers are solely responsible for ensuring their use complies with applicable automated decision-making technology (ADMT), automated employment decision tool, and similar regulations — including California’s CPRA ADMT rules (effective January 1, 2026). Resonant IQ is a data processor that delivers advisory scores to the data controller (the customer organization); the controller determines how those scores are used.
15. California — CCPA/CPRA Specific Disclosures
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address, account ID | Yes |
| Professional or employment-related information | Job role, team, support agent performance data | Yes |
| Commercial information | Subscription status, billing records | Yes |
| Internet or network activity | Page views, feature interactions, log data | Yes |
| Inferences drawn | AI-generated quality scores | Yes |
| Customer records information | Company name, contact information | Yes |
| Sensitive personal information | None | No |
We do not sell or share personal information for cross-context behavioral advertising purposes.
Business purposes for collection: Delivering and improving the Service, processing transactions, providing customer support, ensuring security, complying with legal obligations.
Third parties with whom we share: As listed in the Subprocessors table in Section 7.1. All are service providers under CCPA.
Retention: As described in Section 8.
To exercise California rights: Email support@resonantiq.app with “California Privacy Request” in the subject line.
16. Changes to This Policy
We will post any material changes to this Privacy Policy at resonantiq.app/privacy and update the “Effective date” at the top. For significant changes, we will notify you by email at least 30 days before the changes take effect. Continued use of the Service after the effective date of revised terms constitutes acceptance.
17. Contact Us
Questions, concerns, or requests under this Privacy Policy:
- Email: support@resonantiq.app
- Subject line: “Privacy Request” (for rights requests) or “Privacy Question” (for general inquiries)
- Mailing address: Resonant IQ, Inc., c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713
We aim to respond to all privacy-related inquiries within 5 business days and to fulfill verified rights requests within 30 days.
This Privacy Policy was last updated on June 3, 2026.