Privacy Policy

Last Updated: February 25, 2026

1. Who We Are

Blok, Inc. is a Delaware corporation headquartered in California.

Contact: hello@joinblok.co

For purposes of applicable data protection law, Blok acts either as a Data Controller or Data Processor / Service Provider, as described below.

2. Scope

This Privacy Policy applies to:

  • Visitors to our website
  • Prospective customers
  • Authorized users of the Platform
  • Enterprise customers
  • Individuals whose personal data is processed through our Platform

This Policy does not apply to Customer Data processed by Blok on behalf of customers under the Data Processing Addendum (DPA), except as described below.

3. Roles and Responsibilities

Blok acts as:

  • Data Controller for website, marketing, and account management data
  • Data Processor / Service Provider for Customer Data processed through the Platform

Where Blok acts as a Processor, the Customer remains the Controller and is responsible for establishing a lawful basis for processing.

4. Information We Collect

4.1 Website Visitors

We collect:

  • IP address
  • Device and browser information
  • Referring URLs
  • Usage analytics (e.g., via PostHog)
  • Cookie identifiers

We use cookies and similar technologies for analytics and security purposes.

4.2 Prospective Customers

  • Name
  • Email address
  • Company and job title
  • Communications with us

4.3 Platform Users (Authorized Users)

  • Name and email
  • Account credentials
  • Platform usage logs
  • Simulation activity
  • Billing and payment information

4.4 Customer Data (Processed on Behalf of Customers)

We process Customer Data submitted by customers, including:

  • Behavioral analytics data
  • Pseudonymous identifiers
  • Event logs
  • Configuration inputs

We do not sell Customer Data.

We do not use Customer Data to train generalized or foundation AI models without explicit written agreement.

5. Sources of Personal Information

We collect personal information from:

  • Individuals directly
  • Customer organizations
  • Analytics tools
  • Payment processors
  • Service providers

6. How We Use Information

We use personal data to:

  • Provide and maintain the Platform
  • Authenticate users
  • Improve services
  • Monitor performance and security
  • Respond to inquiries
  • Comply with legal obligations

We do not use Customer Data for advertising purposes.

7. Legal Bases for Processing (GDPR)

Where GDPR applies, we rely on:

Contractual necessity – to provide services
Legitimate interests – to secure and improve services
Legal obligation – to comply with applicable laws
Consent – where required (e.g., cookies)

8. AI and Synthetic Data

Blok generates synthetic personas based on aggregated behavioral patterns.

These personas:

  • Are not real individuals
  • Do not represent identifiable persons
  • Are probabilistic models

Blok does not:

  • Attempt to re-identify individuals
  • Use Customer Data to train generalized AI models without explicit written agreement

9. Information Sharing

We may share information with:

  • Cloud infrastructure providers
  • Authentication providers
  • Analytics providers
  • Payment processors
  • Professional advisors
  • Law enforcement where required

A current list of subprocessors is available at:
trust.joinblok.co/subprocessors

We do not sell or share personal information for advertising purposes.

10. International Transfers

Personal data may be processed in the United States and other jurisdictions.

Where required, we rely on:

  • EU Standard Contractual Clauses (Module 2)
  • UK International Data Transfer Addendum (IDTA)
  • Other lawful transfer mechanisms

11. Data Retention

We retain personal data only as long as necessary for:

  • Contractual obligations
  • Legal compliance
  • Security purposes

Customer Data retention is governed by the DPA and deleted or returned within 30 days of contract termination unless otherwise required by law.

12. Your Privacy Rights

12.1 GDPR Rights (Where Applicable)

Individuals may have the right to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability

To exercise rights: hello@joinblok.co

12.2 California Privacy Rights (CCPA/CPRA)

California residents may have the right to:

  • Know what personal information we collect
  • Access personal information
  • Correct inaccuracies
  • Delete personal information
  • Opt out of sale or sharing
  • Limit use of sensitive personal information

Blok does not sell or share personal information as defined under CPRA.

We do not use or disclose sensitive personal information for purposes other than those permitted under CPRA.

To exercise rights: hello@joinblok.co

We will not discriminate against individuals for exercising privacy rights.

13. Security

We implement technical and organizational measures including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256 or equivalent)
  • Role-based access controls
  • Monitoring and anomaly detection
  • Incident response procedures

Details are described in Annex II of our DPA and available under NDA upon request.

14. Children

Our services are intended for business use only.

We do not knowingly collect personal information from individuals under 16.

15. Changes to This Policy

We may update this Privacy Policy periodically.

For material changes, we will provide at least 30 days’ notice via email or prominent website notice.

Non-material updates will be reflected in the “Last Updated” date.

See how your users behave before you ship

Turn weeks of product experimentation into hours.

BOOK DEMO

SMARTER PRODUCT DECISIONS, POWERED BY SIMULATION.

hello@joinblok.co
INSIGHTS
OPEN ROLES
QUIZ
SECURITY
PRIVACY
TERMS
CONTACT
start simulating