Legal

Privacy Policy

Effective April 10, 2026 (revised) · Governed by North Carolina law

OperatorIQ LLC ("OperatorIQ," "we," "our," or "us") operates the OperatorIQ platform at myoperatoriq.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account or subscribe, we collect your name, email address, business name, and industry via Clerk, our authentication provider. We do not store passwords directly.

1.2 Financial Data from Integrations

When you connect QuickBooks, Square, or Xero to OperatorIQ, we access and store: profit and loss data (revenue, COGS, gross profit, operating expenses, net income), payment transaction data, product and SKU-level sales data, and account metadata. This data is synced daily and stored in encrypted Redis-based storage. OAuth access tokens are encrypted at rest using AES-256-GCM encryption.

1.3 Uploaded Documents

Documents you upload (P&L exports, contracts, FDD documents) are stored in encrypted cloud storage via Cloudflare R2. You retain full ownership of all uploaded documents.

1.4 Usage Data and AI Query Logs

We collect usage data including pages visited, features used, questions submitted to Ask Thalen, AI insights generated, and integration activity. This is stored in an audit log associated with your account and retained for up to 12 months. We never log raw financial figures in usage logs.

1.5 Billing Information

Billing is processed by Stripe. OperatorIQ does not store your credit card number, CVV, or full payment details — only a Stripe token, last four digits, card type, and subscription status.

1.6 Demo and Lead Data

If you access the OperatorIQ demo, we collect your email and optionally your name and company. This is retained for up to 24 months and used to follow up about the Service. You may opt out of marketing communications at any time.

1.7 Communications

If you contact us by email or through any contact form, we retain the content of your communications and your contact information to respond to your inquiry and improve our support. These communications are not shared with third parties except as necessary to respond to your request.

1.8 Thalen Vision — Video Frame Data

If you activate Thalen Vision, OperatorIQ collects and processes the following additional data:

  • Detection event frames. Individual JPEG still images captured from your IP cameras at the moment a detection event is triggered by on-device computer vision software. These are event-triggered snapshots, not continuous video recording.
  • AI narrations. Plain-English text descriptions of detected events generated by Anthropic's Vision API. Narrations describe objects, activities, and contextual details observed in each frame.
  • Camera metadata. Camera context labels (e.g., "Front Door," "Parking Lot"), detection timestamps, event classification categories (person, vehicle, etc.), and detection confidence scores.
  • API key activity. Log of API key usage including request timestamps, volume, and source identifiers. No image data is logged in API activity records.
No biometric data collected.Thalen Vision does not perform facial recognition, does not compute biometric identifiers or face geometry templates, and does not build profiles of specific individuals. The Service detects the presence of objects, people, and activities for situational awareness purposes only. No biometric data as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/1), Texas CUBI (Tex. Bus. & Com. Code § 503.001), California CPRA (Cal. Civil Code § 1798.121), or any substantially similar law is collected or stored.

Local processing on Vision Hardware. Initial object detection runs locally on your Raspberry Pi 5 device. Only frames that pass the detection threshold are transmitted to OperatorIQ's cloud infrastructure for AI narration. Raw video streams are not transmitted to or stored by OperatorIQ.

2. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To sync and analyze your financial data to generate insights, dashboards, forecasts, and recommendations
  • To send you weekly digest emails and threshold alert notifications
  • To process billing and manage your subscription
  • To respond to support requests and inquiries
  • To improve and develop new features of the Service
  • To send product updates and marketing communications (opt-out available at any time)
We do NOT sell your financial data or personal information. We do NOT use your financial data to train AI models. We do NOT share your individual data with other OperatorIQ clients. Your data is used exclusively to provide the Service to you.

3. How We Store and Protect Your Data

OAuth Token EncryptionAll QuickBooks, Square, and Xero OAuth tokens are encrypted at rest using AES-256-GCM. Keys are stored as environment variables and never committed to source code.
Redis Data StorageFinancial data is stored in Vercel Redis with encryption at rest and in transit.
Cloudflare R2 StorageUploaded documents are stored in Cloudflare R2 with server-side encryption. Access is controlled via pre-signed URLs with limited expiry.
AuthenticationAccount authentication is managed by Clerk. OperatorIQ does not store passwords.
HTTPS / TLSAll data transmitted between your browser and OperatorIQ is encrypted using HTTPS/TLS.
Access ControlsYour data is accessible only to you via your authenticated account. Staff access is limited to what is necessary to operate and support the Service.
Audit LoggingAll integration syncs, AI queries, and significant account events are logged in a tamper-evident audit trail. Audit logs are retained for 12 months.

4. Subprocessors and Third-Party Services

OperatorIQ uses the following subprocessors to operate the platform. We will provide at least 14 days advance notice of any material changes to this list:

ServiceDomainWhat they handle
Clerkclerk.comAuthentication and user management. Stores your name, email, and account metadata.
Stripestripe.comPayment processing. OperatorIQ does not store full payment details.
Vercelvercel.comHosting, serverless functions, and Redis data storage. Data processed in the United States.
Cloudflare R2cloudflare.comEncrypted document storage. Data stored in the United States.
Intuit QuickBooksintuit.comFinancial data integration (when connected). Governed by Intuit's Privacy Policy.
Squaresquareup.comPayment and product data integration (when connected). Governed by Square's Privacy Policy.
Xeroxero.comAccounting data integration (when connected). Governed by Xero's Privacy Policy.
Resendresend.comTransactional email delivery for digest, alert, and notification emails.
Anthropic (Financial AI)anthropic.comAI analysis engine powering OIQ Analysis and Ask Thalen. Relevant portions of your financial data are sent to Anthropic's Claude API for processing. Anthropic does not use API data to train models.
Anthropic (Vision AI)anthropic.comFor Thalen Vision subscribers: JPEG detection event frames are sent to Anthropic's Vision API to generate plain-English situational awareness narrations. Frames contain visual content from your premises. Anthropic does not use API-submitted data to train models. Only frames that pass on-device detection thresholds are transmitted — raw video is never sent to Anthropic.
Mailchimpmailchimp.comMarketing email communications (opt-in only). Unsubscribe at any time via any marketing email.

5. Data Retention

We retain your account data and financial data for as long as your subscription is active and for 30 days after cancellation, after which it is permanently deleted. Contact legal@myoperatoriq.com to request earlier deletion.

  • AI query logs and usage data: up to 12 months from creation
  • Demo and lead data: up to 24 months from collection
  • Uploaded documents: until you delete them or your account is closed
  • Billing records: as required by applicable law (typically 7 years)

Thalen Vision data retention:

  • Detection event frames (JPEG images): 90 days from capture, then permanently deleted. Frames are not archived or transferred after deletion.
  • AI narrations (text): Retained for the duration of your active subscription plus 30 days after cancellation. Narrations are text records only and do not contain visual image data.
  • Camera metadata and event logs: Same as AI narrations — subscription duration plus 30 days.
  • API key activity logs: 12 months from creation.

OperatorIQ is not a video archive service. We store detection-triggered event frames only — not continuous video footage. If you require longer retention for legal hold or insurance purposes, contact us at legal@myoperatoriq.com before the default 90-day period expires.

6. Your Rights and Choices

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your data at any time
  • Portability — request your financial data in a standard format
  • Disconnect Integrations — revoke QuickBooks, Square, or Xero access at any time from the Connections page, immediately stopping data collection
  • Opt Out of Marketing — unsubscribe via the link in any email or by contacting us
  • Withdraw AI Consent — request that your data be excluded from AI-powered analysis features by contacting us (note: this will limit Service functionality)

Contact legal@myoperatoriq.com to exercise any of these rights. We will respond within 30 days.

7. AI Data Processing

When you use AI-powered features (OIQ Analysis, Ask Thalen, OIQ Forecasting), relevant portions of your financial data are sent to Anthropic's API to generate responses. Only the minimum data necessary to generate the requested analysis is sent. Anthropic does not use API-submitted data to train its models.

Sensitive Data Caution: Do not enter sensitive personal information — such as Social Security numbers, government ID numbers, protected health information (PHI), or personal financial data unrelated to your business — into any AI chat feature. These features are designed for business financial data only.

OperatorIQ does not use your individual financial data to train any AI model.

7A. Thalen Vision — AI Video Processing

When you use Thalen Vision, detection event frames from your premises are transmitted to Anthropic's Vision API to generate plain-English narrations. The following governs how that data is handled:

  • What is sent to Anthropic. Individual JPEG frames that have passed the on-device YOLO detection threshold (score ≥ 0.65). Only frames where an object or activity has been detected are transmitted. Raw video streams are never transmitted to OperatorIQ or Anthropic.
  • What Anthropic generates. A plain-English text description of the detected scene, such as "A person is walking near the front entrance." This narration is stored in your Thalen Vision detection feed.
  • Anthropic's data practices. Anthropic does not use API-submitted data to train its models. Frames are processed to generate the narration and are not retained by Anthropic beyond the API transaction. Anthropic's privacy policy governs their handling of API data.
  • No facial recognition. Anthropic's API is instructed to describe scenes and activities only. OperatorIQ's prompts do not request or enable identification of individuals. We do not use Anthropic's API in any way that would constitute biometric data processing as defined under BIPA (740 ILCS 14/1), CUBI (Tex. Bus. & Com. Code § 503.001), or CPRA (Cal. Civil Code § 1798.121).
  • No model training on your data. OperatorIQ does not use your video frames, narrations, or detection event data to train any AI model.
Notice to your end-users: If you deploy Thalen Vision at premises where individuals who are not your employees may be captured on camera (customers, visitors, the public), you are responsible for posting visible notice of AI-assisted video surveillance at your location. This is a legal obligation in many jurisdictions and is required under your Terms of Service with OperatorIQ. OperatorIQ provides suggested signage language upon request.

7B. Geographic Availability and Applicable Law Notices

Thalen Vision is currently available only for deployment within the contiguous United States, excluding the State of Illinois (see Terms of Service, Section 21). Customers in the following jurisdictions should be aware of additional applicable laws:

  • California. Biometric data and video data may constitute "sensitive personal information" under the California Privacy Rights Act (CPRA, Cal. Civil Code § 1798.121). California residents whose images are captured at your premises may have rights under CCPA/CPRA that you, as the Business, are responsible for honoring.
  • New York / New York City. NYC Local Law 144 (NYC Admin. Code § 22-1202) requires businesses in places of public accommodation to post notice of biometric identifier collection. NY Labor Law § 52-c requires employer notification of electronic monitoring of employees.
  • Texas. The Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code §§ 503.001–503.004) governs commercial use of biometric identifiers. As OperatorIQ does not collect biometric identifiers, this law primarily governs your own camera placement and notification obligations.
  • Colorado and Virginia. Both states treat biometric data as "sensitive data" under their respective Consumer Privacy Acts, requiring opt-in consent before processing. Your obligations as a Business operating in these states are separate from OperatorIQ's obligations as your Service Provider.

OperatorIQ is a data processor with respect to Thalen Vision data. You (our customer) are the data controller and bear primary responsibility for compliance with applicable surveillance, biometric, and privacy laws in your jurisdiction. OperatorIQ will assist with data subject requests to the extent practicable under our data processing role.

8. De-identified Benchmarking Data

In the future, OperatorIQ may use anonymized, aggregated data across clients in the same industry to generate industry benchmarks available within the Service ("Benchmark Data"). Benchmark Data is de-identified and cannot be used to identify you or your business.

Before including any of your data in Benchmark Data for the first time, OperatorIQ will:

  • Provide at least 30 days written notice by email
  • Clearly describe what data categories will be included
  • Give you a simple mechanism to opt out before any inclusion occurs

OperatorIQ owns all rights to Benchmark Data. Opting out does not affect your access to any features of the Service.

9. Security Incident Response

In the event of a data security incident affecting your personal or financial data, OperatorIQ will notify affected users by email within 72 hours of becoming aware of the incident, to the extent required by applicable law. The notification will describe the nature of the incident, data affected, steps taken to contain it, and recommended protective actions.

OperatorIQ maintains an incident response plan and will cooperate with law enforcement and relevant regulatory authorities as required. OperatorIQ will not pay ransoms.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know — the categories and specific pieces of personal information we collect about you
  • Right to Delete — request deletion of your personal information, subject to certain exceptions
  • Right to Correct — request correction of inaccurate personal information
  • Right to Opt Out of Sale or Sharing — OperatorIQ does not sell or share your personal information for cross-context behavioral advertising
  • Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights

To exercise California privacy rights, contact legal@myoperatoriq.com with the subject line "California Privacy Request." We will verify your identity and respond within 45 days.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided personal information, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email to your registered address at least 14 days before changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

For privacy questions, data requests, or concerns:

OperatorIQ LLC
Email: legal@myoperatoriq.com
Website: myoperatoriq.com

This Privacy Policy was last updated on April 10, 2026.