idbokx — Alpha Audit Platform
Privacy & Data Ethics
How idbokx collects, uses, and protects your data under GDPR.
Last updated: 1 July 2026
Data Controller
Alpha is operated by Innovation Development Based On Knowledge eXchange (idbokx).
As data controller, idbokx determines how your personal data is processed in connection with this service.
For all data-related enquiries: athena@idbokx.tech
What Data We Collect
We collect only the data strictly necessary to deliver the Alpha Audit service:
- Assessment responses — your answers to diagnostic and readiness questions
- Email address — provided voluntarily when purchasing a report or expert review
- Payment information — processed directly by Stripe; idbokx does not store card details
- Access token — a pseudonymous UUID generated upon purchase to gate your report
We do not use cookies, tracking pixels, or third-party analytics.
How We Use Your Data
Your data is used exclusively to:
- Generate and deliver your AI Readiness diagnostic report
- Send your personalised report access link and purchase confirmation by email
- Enable expert review delivery (Bundle tier only)
- Maintain token-gated access to your report for 12 months
We do not use your data for marketing, profiling, or automated decision-making.
Legal Basis for Processing
Processing is carried out under the following bases pursuant to GDPR Article 6:
| Legal Basis | Application |
|---|---|
| Article 6(1)(b) — Performance of a contract | Processing necessary to deliver the service you have purchased |
| Article 6(1)(f) — Legitimate interests | Maintaining service integrity and preventing misuse |
Data Retention
Assessment data and associated reports are retained for 12 months from the date of purchase, after which they are deleted or anonymised.
Email addresses are retained for the duration necessary to fulfil the service and to comply with applicable obligations under French law — up to 10 years for financial records pursuant to Article L. 123-22 of the French Commercial Code.
Third-Party Sub-Processors
Alpha uses the following sub-processors to deliver its service:
| Service | Purpose | Data Location |
|---|---|---|
| Stripe | Payment processing | USA (Standard Contractual Clauses) |
| Supabase | Secure data storage | EU region |
| Resend | Transactional email delivery | EU region |
| Cal.com | Meeting scheduling | USA (California Consumer Privacy Act) |
All sub-processors operate under GDPR-compliant data processing agreements.
Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of access — obtain a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data
- Right to restriction — limit processing in certain circumstances
- Right to portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, contact us at athena@idbokx.tech. We will respond within 30 days.
Right to Lodge a Complaint
If you believe your data protection rights have not been respected, you have the right to lodge a complaint with the French supervisory authority:
Commission Nationale de l'Informatique et des Libertés (CNIL)
Website: www.cnil.fr
Phone: +33 (0)1 53 73 22 22
Contact
For any questions regarding this Privacy Policy or the processing of your personal data:
idbokx — Data Controller
Email: athena@idbokx.tech