Privacy Policy.

Infiniqo is a readiness practice operating from New Jersey, USA and Hyderabad, India. We act as the data controller for information collected through our public website and as a data processor for information handled on behalf of client organizations during simulations, tabletop exercises and assessments.

We collect only what we need to deliver and improve the Services:

• Identity and contact data — name, work email, role, organization and the briefing or demo you request.
• Engagement data — scenarios assigned, decisions taken in simulation, role played, timing, narrative responses and AI-generated assessment outputs.
• Sector-specific context — for Cyber Risk, Healthcare, Education and Enterprise programs we may handle role titles, team structures and exercise objectives supplied by your organization. We do not require, and ask you not to upload, real patient records, regulated PHI, live credentials or production secrets.
• Technical data — IP address, device, browser, referring page and aggregated usage telemetry collected through standard logs and analytics.
• Communications — messages you send via forms, email or scheduled meetings.

• Deliver scenario intelligence, simulations and assessments contracted by your organization.
• Generate measurable, auditable readiness outcomes and post-exercise after-action reports.
• Personalize learning paths and difficulty calibration through AI-driven assessment models.
• Respond to inquiries, schedule briefings and send service announcements.
• Maintain security, prevent abuse and meet legal, audit and regulatory obligations.
• Improve the practice through aggregated, de-identified analysis — never resold.

Where GDPR, UK GDPR or comparable laws apply we rely on: performance of a contract with your organization; your consent (which you may withdraw at any time); our legitimate interests in operating and securing the Services; and compliance with legal obligations.

Our assessments use proprietary models combined with vetted third-party model providers. Inputs you provide during a simulation are processed to score competency, surface decision patterns and generate after-action narratives. We do not use client engagement data to train foundation models, and we contractually require model providers to refrain from training on our inputs.

We do not sell personal information. We share it only with:

• Your organization's authorized administrators and exercise sponsors.
• Vetted sub-processors that host infrastructure, deliver email, schedule meetings, run analytics and provide AI inference — bound by data processing agreements.
• Professional advisors, auditors and regulators where legally required.
• An acquirer or successor in a merger, acquisition or asset transfer, with notice.

Infiniqo operates from the United States and India and engages global sub-processors. Where data crosses borders we rely on appropriate safeguards including Standard Contractual Clauses, adequacy findings and supplementary technical measures.

We retain personal and engagement data for the duration of the contracted program plus a defensible period for audit, dispute and legal compliance — typically up to 24 months unless your contract specifies otherwise. After-action reports may be retained in de-identified form for benchmarking.

We apply enterprise-grade controls: encryption in transit and at rest, least-privilege access, audit logging, secure software development practices, vendor risk reviews and ongoing monitoring. For Cyber Risk and regulated Healthcare programs we operate within additional controls defined per engagement. No system is perfectly secure; we commit to responsible, prompt disclosure of material incidents.

Subject to applicable law, you may request access, correction, deletion, restriction, portability or objection regarding your personal information, and you may withdraw consent at any time. Where Infiniqo processes data on behalf of your organization, we will route your request to that organization and support its response.

We use a minimal set of strictly necessary cookies and privacy- respecting analytics to understand site performance. We do not run advertising trackers. Where consent is required, a banner allows you to accept or decline non-essential cookies.

Our Services are designed for professionals, faculty and qualified learners. Education programs delivered to learners under 16 are configured exclusively through the sponsoring institution under its consent and safeguarding framework. We do not knowingly collect personal information from children outside that context.

We may update this Privacy Policy to reflect changes in the Services, technology or law. Material changes will be highlighted on this page and, where appropriate, notified to engaged organizations.

Email reach@infiniqo.com or write to Infiniqo, New Jersey, USA / Hyderabad, India.