Blok, Inc. is a Delaware corporation headquartered in California.
Contact: hello@joinblok.co
For purposes of applicable data protection law, Blok acts either as a Data Controller or Data Processor / Service Provider, as described below.
This Privacy Policy applies to:
This Policy does not apply to Customer Data processed by Blok on behalf of customers under the Data Processing Addendum (DPA), except as described below.
Blok acts as:
Where Blok acts as a Processor, the Customer remains the Controller and is responsible for establishing a lawful basis for processing.
We collect:
We use cookies and similar technologies for analytics and security purposes.
We process Customer Data submitted by customers, including:
We do not sell Customer Data.
We do not use Customer Data to train generalized or foundation AI models without explicit written agreement.
We collect personal information from:
We use personal data to:
We do not use Customer Data for advertising purposes.
Where GDPR applies, we rely on:
Contractual necessity – to provide services
Legitimate interests – to secure and improve services
Legal obligation – to comply with applicable laws
Consent – where required (e.g., cookies)
Blok generates synthetic personas based on aggregated behavioral patterns.
These personas:
Blok does not:
We may share information with:
A current list of subprocessors is available at:
trust.joinblok.co/subprocessors
We do not sell or share personal information for advertising purposes.
Personal data may be processed in the United States and other jurisdictions.
Where required, we rely on:
We retain personal data only as long as necessary for:
Customer Data retention is governed by the DPA and deleted or returned within 30 days of contract termination unless otherwise required by law.
Individuals may have the right to:
To exercise rights: hello@joinblok.co
California residents may have the right to:
Blok does not sell or share personal information as defined under CPRA.
We do not use or disclose sensitive personal information for purposes other than those permitted under CPRA.
To exercise rights: hello@joinblok.co
We will not discriminate against individuals for exercising privacy rights.
We implement technical and organizational measures including:
Details are described in Annex II of our DPA and available under NDA upon request.
Our services are intended for business use only.
We do not knowingly collect personal information from individuals under 16.
We may update this Privacy Policy periodically.
For material changes, we will provide at least 30 days’ notice via email or prominent website notice.
Non-material updates will be reflected in the “Last Updated” date.