Last updated: 1 April 2026 · BK Intelligence · Belgium
This Privacy Policy explains how BK Intelligence collects, uses, and protects personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Belgian data protection law.
The data controller responsible for your personal data is:
BK Intelligence
Belgium, European Union
Email: [email protected]
Where BK Intelligence processes personal data on behalf of clients, it acts as a data processor. See Section 5 for details.
This policy applies to personal data processed through:
When you visit our website, we may collect:
When you complete a form on our website, we collect the information you provide, which may include:
In the course of providing automation services to client firms, we may process personal data on behalf of those clients (acting as a data processor). This typically includes data contained in documents, emails, spreadsheets, and other files submitted to automation workflows. The nature of this data depends on the specific workflows built for each client and is governed by a Data Processing Agreement (DPA) entered into with each client prior to the commencement of work.
We do not collect special categories of personal data (as defined in Article 9 GDPR), payment card information, or any data from individuals under the age of 18.
| Processing activity | Legal basis (GDPR Article 6) |
|---|---|
| Responding to contact form enquiries | Article 6(1)(b) — necessary for pre-contractual steps at the data subject's request |
| Managing the waitlist and early access programme | Article 6(1)(a) — consent (given when submitting the form) |
| Performing automation services for clients | Article 6(1)(b) — performance of a contract |
| Website analytics and security logging | Article 6(1)(f) — legitimate interests (operating and securing our website) |
| Compliance with legal obligations | Article 6(1)(c) — legal obligation |
Where we rely on consent as the legal basis, you may withdraw that consent at any time by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
BK Intelligence operates in two distinct capacities under the GDPR:
BK Intelligence is the data controller for personal data collected through its website, contact forms, and waitlist — meaning we determine the purposes and means of processing that data.
When BK Intelligence operates automation workflows on behalf of client firms, it acts as a data processor. In this capacity, we process personal data only on documented instructions from the client (who is the data controller), and we do not use that data for any purpose other than the provision of contracted services.
For all client engagements involving the processing of personal data, BK Intelligence enters into a Data Processing Agreement (DPA) with the client that satisfies the requirements of Article 28 GDPR. Clients who wish to obtain or review our standard DPA should contact us at [email protected].
To deliver our services, BK Intelligence uses the following third-party subprocessors. Each subprocessor has been assessed for GDPR compliance, and appropriate data processing agreements or standard contractual clauses are in place.
All access to client systems (including Gmail, Google Drive, and Google Sheets) is carried out exclusively via authorised API connections. BK Intelligence does not manually access, read, or monitor client email accounts or files. Processing is automated via OAuth2-authorised API calls, limited to the scopes required for each workflow to function.
| Subprocessor | Purpose | Entity & Location | Safeguard |
|---|---|---|---|
| n8n GmbH | Workflow automation engine — orchestrates all automation flows; hosted on Hetzner cloud (EU) by BK Intelligence | n8n GmbH, Germany (EU) | DPA; EU-based processing |
| Google LLC (Gmail API) | Email processing — automated reading and classification of incoming emails via OAuth2-authorised API access. BK Intelligence does not have direct inbox access; all processing is automated. | Google LLC, USA | EU Standard Contractual Clauses (SCCs); Google Workspace DPA |
| Google LLC (Drive & Sheets APIs) | File storage in client-owned Google Drive folders; structured data written to client-owned Google Sheets. Files remain in the client's own Google account. | Google LLC, USA | EU Standard Contractual Clauses (SCCs); Google Workspace DPA |
| Slack Technologies LLC | Slack API — automated internal notifications and workflow alerts sent to designated Slack channels | Slack Technologies LLC, USA | EU Standard Contractual Clauses (SCCs); Slack DPA |
| Anthropic PBC | Claude API — AI document understanding, classification, and generation tasks; data is processed transiently and not retained by Anthropic beyond API request processing | Anthropic PBC, USA | EU Standard Contractual Clauses (SCCs); Anthropic DPA |
| Google LLC (Gemini API) | Gemini API — AI document processing and data extraction tasks; data is processed transiently and not retained by Google beyond API request processing | Google LLC, USA | EU Standard Contractual Clauses (SCCs); Google Cloud DPA |
We will notify clients of any intended changes to this subprocessor list (additions or replacements) in advance, giving clients the opportunity to object in accordance with Article 28(2) GDPR.
Several of our subprocessors are located outside the European Economic Area (EEA), in particular in the United States. Where personal data is transferred to countries not providing an adequate level of data protection under EU law, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Article 46(2)(c) GDPR as the transfer mechanism.
Clients may request copies of the applicable SCCs and supplementary technical and organisational measures by contacting us at [email protected].
| Data type | Retention period |
|---|---|
| Contact form and waitlist submissions | 24 months from submission, or until you request deletion |
| Client correspondence (email) | Duration of the client relationship plus 5 years (Belgian commercial law obligations) |
| Data processed through automation workflows | As specified in the client DPA; typically not retained beyond the operational necessity of the workflow |
| Website server logs | 90 days |
| Client files and documents processed through automation workflows | BK Intelligence does not store client files independently. Files processed by automation flows are written directly to the client's own Google Drive. BK Intelligence does not maintain persistent access to stored documents after the workflow has completed execution. |
Under the GDPR, you have the following rights with respect to your personal data:
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. In complex cases we may extend this by a further two months; we will inform you of any such extension.
Our website uses a limited number of cookies. A detailed breakdown is provided in our Cookie Notice. In summary:
You may manage or withdraw consent for non-essential cookies at any time via our cookie settings or by adjusting your browser settings.
BK Intelligence implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR. These measures include:
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with Articles 33 and 34 GDPR.
Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly.
For any questions, requests, or concerns relating to this Privacy Policy or our data processing practices, please contact:
BK Intelligence
Privacy enquiries: [email protected]
General enquiries: [email protected]
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the tools we use. We will publish the revised policy on this page with an updated "Last updated" date. Where changes are material, we will take reasonable steps to notify affected individuals (for example, by email to waitlist members). We encourage you to review this page periodically.