Privacy Policy

This Privacy Policy explains how Balans IQ processes personal data when you use the individual wellbeing application, including AI-assisted journaling, chat, reflection tools, weekly and monthly reports, evolution planning, shadow sessions, group chat, badges, billing, and support channels.

It applies to: account registration data, journal entries, chat messages, AI-generated responses and plans, mood inputs, behavioral analysis, evolution plans, subscription and billing records, device metadata, consent records, and all information you voluntarily submit through the service.

This policy is written for global use and is designed to comply with the UK GDPR, EU GDPR (Regulation 2016/679), the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, Sl. glasnik RS br. 87/2018 — ZPDP), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and similar privacy frameworks applicable in your jurisdiction. Where mandatory local consumer law provides stronger protections, those protections apply.

If you access Balans IQ through a specific app (individual app, employee app, or employer HR portal), the full role-specific Privacy Policy for that app applies and contains jurisdictional annexes for EU/EEA, Serbia, and US users. This landing page policy provides a general overview.

Data controller: TRIAXIS LTD, Company Number 16978369, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Privacy contact: office@balanscare.com. You may also use this address to exercise your rights, report concerns, or request clarification about this policy.

If your account is sponsored or provisioned by an employer through the HR platform, your employer may also act as an independent data controller for employment-related decisions. In that case, both this policy and your employer's privacy practices will apply to the relevant data.

Identity and account data: full name, email address, bcrypt-hashed password, preferred language, timezone, avatar, and system-generated account identifiers (UUIDs).

Wellbeing content: all journal entries, chat messages you send and AI responses you receive, mood inputs, weekly evolution plans, task completion status, daily behavioral patterns, and feature interaction logs.

AI interaction data: text content submitted to AI models for processing (journaling, reflection, chat, reports, evolution analysis, shadow sessions), language detected from your text, raw and structured AI outputs stored server-side.

Technical and security data: IP address at login and key actions, session tokens (HttpOnly JWT cookies), browser type and version, device type, consent records (legal acceptance timestamps and version hashes), and fraud-prevention signals.

Billing and commercial data: subscription tier, subscription start and end dates, Airwallex payment intent identifiers and consent identifiers, billed currency, IQ credit balance and transaction log, and support history.

Group and collaboration data: if you join or create a group chat, your messages, group membership, and participation history are stored in association with the group identifier.

Balans IQ includes an optional encrypted mode for supported sensitive content flows. Your device derives a 256-bit master key locally with PBKDF2-SHA256 and a user-specific salt before protected payloads are uploaded.

Protected payloads are encrypted client-side with AES-256-GCM. The server stores ciphertext, IV, authentication tag, and wrapped key material only, so the unlock secret itself is not stored by TRIAXIS LTD.

The master key is wrapped locally with both your unlock secret and a separate recovery key. This allows recovery by you, but not decryption by us without one of those secrets.

If you lose both your unlock secret and recovery key, encrypted content cannot be recovered. That tradeoff is part of the security model and is disclosed during encryption setup.

This landing page gives a general overview. Exact encryption coverage depends on the app and feature set you use, and the full app-specific policy governs those details.

Core AI features — including journaling analysis, AI chat responses, weekly report generation, monthly report generation, evolution plan creation, and shadow sessions — require sending relevant portions of your journal entries and chat history to an AI model (currently OpenAI GPT-4o or equivalent). No personally revealing metadata beyond your written text is transmitted in those requests.

Language detection: we analyze the textual content of your messages to detect the language and instruct the AI to respond in the same language. This analysis happens server-side and does not result in permanent storage of language labels beyond your session context.

AI-generated outputs (reports, plans, responses) are stored in our database associated with your account to provide continuity, allow you to review past outputs, and allow the AI to maintain context across conversations.

We do not train any AI model on your private content without explicit separate consent. Your journaling data is used solely to serve the features you activate — not to improve third-party model weights.

When you request a report, evolution plan, or shadow session, the AI reads recent journal entries and chat exchanges to produce a coherent, personalised output. You may delete your content at any time, which will affect the quality of future AI outputs.

International transfer to AI provider: text submitted to AI features is transmitted to OpenAI (a US-based provider). This transfer is necessary for core service delivery. TRIAXIS LTD relies on OpenAI's DPA and Standard Contractual Clauses (where required by UK/EU GDPR or ZPDP). By default, OpenAI API policies prohibit using your content to train their models.

Balans IQ operates a credit system called IQ Credits. Each AI action (chat message, report generation, shadow session, evolution plan) deducts a defined number of credits from your account balance. Journal entries and manual task tracking are free.

Free tier accounts receive 30 IQ credits. Paid subscription tiers receive a higher monthly credit allocation that is reset (not accumulated) upon each successful subscription payment or renewal.

Credit balances, transaction history (refills, deductions, action types), and billing references are stored in our database and used to enforce usage quotas, display your balance, and prevent fraud.

Payments are processed by Airwallex. Airwallex stores your payment method details and a payment consent identifier. We store only the non-sensitive reference identifiers returned by Airwallex — we do not store raw card numbers.

Subscriptions auto-renew monthly unless cancelled before the renewal date. We record payment consent identifiers provided by Airwallex to execute authorized renewals on your behalf. Auto-renewal activity is logged in the billing transaction history.

To provide and personalize the service: authenticate your account, serve AI responses, generate reports and evolution plans, maintain journal and chat history, manage credits, and display billing status.

To operate billing: process subscription payments, execute authorized auto-renewals via stored payment consent, calculate correct credit allocations, and send subscription confirmation and renewal emails.

To maintain security: detect unauthorized access, block abuse, enforce rate limits, investigate incidents, and maintain audit logs for fraud and legal compliance.

To improve the service: using aggregated and de-identified operational analytics (error rates, feature usage patterns, response latencies). We do not use your private journal content for product analytics.

To meet legal obligations: tax records, accounting, lawful regulatory requests from public authorities, and compliance with applicable data protection law.

Contract (Article 6(1)(b)): account creation and management, delivering chat, reports, evolution, shadow sessions, journal storage, and subscription billing you request.

Legitimate interests (Article 6(1)(f)): fraud detection, security monitoring, abuse prevention, service diagnostics, product improvement using aggregated data, and business continuity planning — where these interests are not overridden by your rights.

Consent (Article 6(1)(a)): legal acceptance records at account creation, optional marketing communications where applicable, and any additional uses specifically flagged at the point of collection.

Legal obligation (Article 6(1)(c)): financial recordkeeping, tax compliance, auditing, sanctions screening, and responding to lawful requests from regulators, courts, or law enforcement.

If your Balans IQ account is linked to an employer-sponsored HR platform deployment, authorized administrators within your employer's account may receive aggregated analytics, risk indicators, or performance-related outputs generated within that deployment.

Individual journal entries and personal chat messages are NOT disclosed to your employer unless you explicitly share them. The scope of employer visibility is defined in the employer's contract with TRIAXIS LTD and disclosed during onboarding.

Do not use an employer-sponsored account for content you strictly wish to keep confidential from your employer. TRIAXIS LTD is not responsible for how your employer uses data once lawfully disclosed to them under the applicable contract.

Data may be processed in the United Kingdom, European Economic Area, United States, and other jurisdictions where our infrastructure providers operate. Known transfers: (1) AI processing — OpenAI, US-based, DPA and SCCs; (2) Payments — Airwallex, contractual safeguards. For transfers outside the UK/EEA, we rely on Standard Contractual Clauses or adequacy decisions. For transfers outside Serbia, we rely on safeguards recognized under ZPDP Chapter V.

We retain account data and wellbeing content for as long as your account is active and for a reasonable period thereafter to support dispute resolution, auditing, and legal obligations. You may request deletion at any time — see Your Rights below.

Billing records and transaction logs are retained for a minimum of seven years to satisfy tax and accounting obligations, even after account deletion.

Depending on your jurisdiction, you may have the right to: access your personal data, correct inaccurate data, request deletion of your account and content, restrict or object to specific processing, receive a portable copy of your data, and withdraw consent where processing is based on consent.

To exercise any of these rights, contact office@balanscare.com from the email address associated with your account. We will respond within the timeframe required by applicable law (30 days for UK/EU GDPR and Serbian ZPDP requests; 45 days for US state privacy requests).

UK supervisory authority: Information Commissioner's Office — ico.org.uk. EU supervisory authority: your national DPA — edpb.europa.eu. Serbia supervisory authority: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti — poverenik.rs. US users: contact office@balanscare.com; we do not sell personal information and do not discriminate for exercising privacy rights.

Passwords are stored as bcrypt hashes — never in plain text. Sessions use HttpOnly JWT cookies with short expiry periods. API endpoints require valid session tokens for all authenticated actions.

All connections to the Balans IQ platform use HTTPS/TLS. Communication between backend services and AI model APIs is encrypted in transit.

When optional encrypted mode is enabled in supported app flows, protected content is encrypted on the user device before upload using AES-256-GCM, while the server stores only ciphertext and wrapped key material.

Access to production databases is restricted to authorized personnel. We implement rate limiting, input validation, and SQL injection protections across all API endpoints.

Despite these measures, no system is perfectly secure. You are responsible for keeping your login credentials confidential and notifying us immediately at office@balanscare.com if you suspect unauthorized access.

Balans IQ is not an emergency service, not a medical device, and is not a substitute for medical care, psychotherapy, legal advice, or crisis intervention. If you or someone else is in immediate danger, contact local emergency services immediately.

AI outputs are probabilistic, may contain errors, and must not be relied upon for decisions with significant health, financial, legal, or safety consequences without independent verification.

Do not submit to the service: information that is legally privileged, classified, export-controlled, or that you are not authorized to process under applicable law. We may suspend access to protect the platform or comply with legal obligations.

Your private journal and chat content is your own. We do not sell, rent, or monetize your personal wellbeing content to third parties.