Privacy policy

PART A — PRIVACY POLICY (UK‐GDPR / EU‐GDPR)
1 . Introduction
Quartz Labs Ltd ("Quartz Labs", "we", "us") operates The Mirror research‐intelligence SaaS platform at
quartzlabs.ai (the "Service") and this website. We are a controller for our own account and analytics data
and a processor for customer‐supplied interview content processed via the Service.

2 . The data we collect

​

3 . Sharing & international transfers
Recipient Location Safeguard
Google Cloud Platform (storage,
compute)

USA

2021 SCC Module 3 + UK IDTA Addendum; data
encrypted at rest & in transit

OpenAI LLC (LLM API) USA

2021 SCC Module 4 + UK IDTA; purpose‐limited
processing; no model training
A full list of sub‐processors and copies of SCCs/IDTA are available upon request.
4 . Security (Art 32)
• AES‐256 encryption at rest\ • TLS 1.3 everywhere\ • Role‐based access & MFA; quarterly access review\ •
ISO 27001‐aligned ISMS; annual penetration test
5 . Your rights
Access • Rectification • Erasure • Restriction • Portability • Objection. Request by emailing
privacy@quartzlabs.ai; we respond within 1 month (Art 12(3)).
6 . Complaints
UK: Information Commissioner’s Office (ico.org.uk).\ EEA: Your local Supervisory Authority.\ If you are in the
EEA we have appointed an EU representative under Art 27 GDPR: Jonathan Kahan, Calle de Galileo 19
28015 Madrid, Spain, privacy@quartzlabs.ai.
7 . Changes
We will post any changes here and email admin users if the changes are material.