Trust Center
Last reviewed: 10 July 2026
This is a plain-English summary of how BioQuant IQ handles your data and runs its AI responsibly across our two products, Arena and Echo. It complements — and does not replace — our Privacy Policy, Cookie Policy and GDPR page.
Where your data lives
Our products are hosted within Switzerland and the EEA. A current list of sub-processors and AI providers is available to customers on request. Where personal data is transferred outside Switzerland or the EEA, we rely on recognised safeguards such as adequacy decisions or Standard Contractual Clauses.
What we never do
- We never sell your data.
- We never use customer data or personal responses to train general-purpose or third-party AI models.
- We never use client logos, product screenshots or customer names as marketing proof without written permission.
Arena — what it measures
Arena works at the team / session level: how a group frames, prices and commits to a decision. It does not produce an individual employee score and it is not used to rank people. Access to a sprint’s outputs is role-based, as configured by the customer.
Echo — what it measures, and permitted use
Echo measures an individual’s development against their own baseline, competency by competency, from their real work. By default it is a development tool. Where a client organisation chooses to enable it, Echo’s outputs may also inform people decisions — such as hiring, promotion or readiness — as one input to a decision made by a person.
- Human oversight, always. No decision producing legal or similarly significant effects is ever based solely on automated processing. A competent person with the authority to reach a different outcome makes the final call — consistent with Article 22 GDPR and the EU AI Act’s requirements for AI used in employment contexts.
- Purpose set by the client. The client organisation defines the purpose of any deployment and, where the law requires, informs affected individuals and their representatives.
- Your rights. An individual can ask for the logic to be explained, put their point of view, and contest a result and have it reconsidered by a person.
- Configurable visibility. Who can see a score — the individual, their manager, HR or a coach — is set by the client, role by role.
- Checks & records. We apply bias and validation checks and keep activity logs.
Assessments & documentation
A Data Protection Impact Assessment (DPIA) and, where relevant, a fundamental-rights impact assessment are available to customers, alongside a Data Processing Agreement (DPA). See our GDPR page for your rights and how to exercise them.
Retention & deletion
We keep personal data only as long as necessary, then delete or anonymise it. As a guide, contact-enquiry data is kept for up to 24 months; product data is kept for the term of the customer agreement. Individuals can request access, correction or erasure at any time.
Security
We apply appropriate technical and organisational measures — including encryption in transit, role-based access controls, least-privilege processing, sandboxed client environments and vendor due-diligence. A summary of our security and hosting posture is available on request.
Ask us
For a DPA, DPIA, sub-processor list, security summary or the Arena/Echo permitted-use matrix, email letustalk@bioquantiq.ch.