QiLeader · Legal

Privacy Policy

QiLeader (part of QiLeader s.r.l. — BCE: BE 0536.251.830)

Last updated: May 2026

1. Who we are

QiLeader is operated by QiLeader s.r.l., a company registered in Belgium. We develop leadership programmes, diagnostic assessments, AI-powered coaching tools, and related services for leaders and organisations.

Data controller: QiLeader s.r.l., Chaussée de Vleurgat 282 B11, 1050 Brussels, Belgium.

Data protection contact: Murielle Machiels — murielle@qileader.com

This privacy policy applies to all personal data collected through the QiLeader website (qileader.com), our diagnostic assessments (including the Leadership Pressure Index), the Regenerative Coach app, our programmes, events, and any related services.

2. What personal data we collect

2.1 Website and general interactions

When you visit our website, contact us, or register for an event, we may collect:

  • Name, email address, phone number, organisation, and job title
  • Demographic information such as country, age range, and gender
  • Technical data: IP address, browser type, device information, pages visited, referring site, and access times (received by our web hosting infrastructure as part of standard server operation; not used for tracking or profiling)
  • Cookies strictly necessary to operate the website (see Section 10 below)

2.2 Leadership Pressure Index and other assessments

When you complete a QiLeader diagnostic assessment such as the Leadership Pressure Index (LPI), we collect:

  • Your name, email address, and organisation (provided at the gate form)
  • Demographic context: gender, age range, country or region, sector, organisation size, and function level
  • Your responses to all assessment questions (self-reported data about your internal experience, your external environment, the behaviour of people around you under pressure, your conversion capacity, and your leadership impact)
  • Computed scores derived from your responses, including dimension scores, a quadrant classification, a Regenerative Capacity score, and any diagnostic flags the scoring model produces
  • Your self-rated leadership effectiveness

This data includes self-reported psychological and behavioural information. It is collected solely for the purpose of delivering your personalised report and, where you have consented, follow-up communications. It is not shared with your employer or any third party beyond the data processors listed in Section 7.

2.3 Regenerative Coach app

When you use the Regenerative Coach app (a personal AI coaching companion available to enrolled leaders), we collect:

  • Your email address, first name, and preferred language (used to identify you and personalise the experience)
  • Your responses to the initial intake questions and any optional profile questions you choose to answer
  • A coaching profile narrative built from your answers, maintained and updated by the AI to reflect your current situation
  • Summaries of your coaching sessions, written by the AI to provide continuity across sessions
  • Insights flagged during conversations that you have agreed to save to your profile
  • The date of your most recent session, used for inactivity reminders

The full content of your in-session conversations is not retained after the session ends — only the AI-generated summary is kept. See Section 5 for the dedicated description of the coach app, its data handling, encryption, and retention.

2.4 Programme and event participation

When you enrol in a QiLeader programme or attend an event, we may collect registration details, payment information (processed by a third-party payment provider), attendance records, and any feedback or evaluation data you provide.

2.5 Communications

When you contact us by email, through a contact form, or via any other channel, we collect the content of your message, your contact details, and any attachments you include.

3. Why we collect your data and on what legal basis

We process your personal data for the following purposes:

  • To deliver your assessment report and follow-up emails. Legal basis: your consent, given via the checkbox at the assessment gate form. You may withdraw this consent at any time (see Section 8).
  • To deliver the Regenerative Coach app to you. Legal basis: your consent, given via the consent screen at first use, and performance of a contract where the coach is part of a programme you are enrolled in. You may withdraw this consent at any time by requesting deletion of your data from within the app.
  • To deliver programmes and services you have purchased or registered for. Legal basis: performance of a contract.
  • To improve our assessments, programmes, and services through aggregate analysis. Legal basis: our legitimate interest in improving our services. Individual data used for this purpose is anonymised or aggregated so that no individual can be identified.
  • To send you information about QiLeader programmes and events. Legal basis: your consent, or our legitimate interest where you are an existing client. Every promotional communication includes an unsubscribe option.
  • To comply with legal obligations. Legal basis: compliance with applicable law (e.g. tax, accounting, anti-fraud).

4. Special note on assessment data

The Leadership Pressure Index and other QiLeader assessments ask questions about your internal emotional state, your reactions under pressure, and the behaviour of people around you. While this data is not classified as "special category data" under GDPR (it is self-reported behavioural observation, not health data), we treat it with the same level of care:

  • Assessment responses and computed scores are visible only to the data controller and authorised QiLeader team members.
  • Assessment data is never shared with your employer, your organisation's HR department, or any third party, unless you explicitly request this in writing.
  • Assessment data is never sold.
  • Where assessment data is used for research or aggregate reporting, it is anonymised so that no individual can be identified.

5. The Regenerative Coach app

The Regenerative Coach is an AI-powered coaching companion available between live sessions to leaders enrolled in QiLeader programmes. It is not a therapist, psychologist, or crisis counsellor. It is a coaching tool. Because the coach handles more sensitive data than the rest of our services, this section sets out exactly how that data is handled.

5.1 What is stored

Two kinds of data are stored when you use the coach:

  • In ActiveCampaign (our customer system): your email, first name, preferred language, consent date, the date of your most recent session, and an access flag indicating whether you have permission to use the app. This is the identifying data we need to know who you are.
  • In the coach app's database (separately, encrypted at rest): your coaching profile narrative, summaries of your sessions, any insights you have agreed to save, and a record of any safety detection events (see Section 5.4). This data is linked to your identity only via a random anonymous identifier — anyone looking at the coaching content alone would not be able to identify you.

The content of your in-session conversations is not retained. Only the AI-generated summary of each session is kept.

5.2 Encryption and access

No coach at QiLeader reads your conversations. Coaching content (your profile, your session summaries, your insights) is encrypted at rest in our database. Access to decrypt this content is restricted to the running coach application itself, used solely to construct your next coaching response. No member of the QiLeader team — including Murielle Machiels — opens or reads individual coachees' conversations.

5.3 AI processing — Anthropic

Coaching responses are generated by Anthropic's Claude API. Your messages and the relevant context (your profile, recent session summaries) are sent to Anthropic for processing under their Data Processing Agreement, and responses are returned to you. Anthropic does not use API content to train its models, and content is retained by Anthropic only for the time required to deliver the response and meet abuse-detection obligations.

Anthropic is based in the United States. This transfer is covered by Standard Contractual Clauses approved by the European Commission, in accordance with Chapter V of GDPR.

5.4 Safety detection

If the coach detects signs of serious distress during a conversation — for example, expressions of intent to harm yourself or others — it will direct you to professional support resources at qileader.com/coachingsupport rather than continue as if it were ordinary coaching. A brief flag is recorded in your encrypted record to support pattern detection over time. The flag contains a one-line description of what triggered it, not the conversation itself.

QiLeader receives only anonymous monthly statistics — totals of how often safety detection has fired across all coachees, with no names, no content, and no individual records. No member of the QiLeader team is notified of individual safety events.

5.5 Retention

Your coaching data (profile, sessions, insights) is retained for as long as your account is active. If you have not used the coach for 24 months, we will email you to ask whether you want to keep your data, extend the period, or have it deleted. If you do not respond within three months of the reminder, your coaching data is automatically deleted. Your account identity (email, name, language) remains in our customer system unless you also request its deletion.

5.6 Your data, your control

From the My Profile screen inside the coach app, you can at any time:

  • Download your data. A plain-text file containing your profile narrative, all session summaries, and any saved insights.
  • Delete your data. Your encrypted coaching record is permanently deleted. Your identity in our customer system is preserved so you can re-enrol later if you choose; if you want full erasure including the customer record, contact us at murielle@qileader.com.

6. How long we keep your data

We retain your personal data only for as long as necessary for the purposes described in this policy:

  • Assessment data (responses and scores): retained for as long as your contact record is active in our systems, or until you request deletion.
  • Coach app data (profile, session summaries, insights): retained for 24 months after your last session, then deleted, as described in Section 5.5. You may request earlier deletion at any time.
  • Email and marketing data: retained until you unsubscribe or request deletion.
  • Programme and event data: retained for the duration of the programme relationship and for up to 5 years afterward for follow-up and legal compliance purposes.

When data is no longer needed, it is securely deleted or anonymised.

7. Who has access to your data

We do not sell, lease, or rent your personal data to third parties. Your data may be processed by the following service providers, acting on our instructions:

ActiveCampaign — email marketing and CRM
Based in the United States; our account is configured on a European Union data centre. Stores contact details, assessment scores, programme enrolment information, and the identifying data linked to coach app accounts. Some processing of contact data may occur in the US under the EU-US Data Privacy Framework, for which ActiveCampaign holds certification.
Jotform — forms and surveys
Editor based in the United States. Our account has the GDPR Data Center option active: form submissions are stored exclusively in Germany. Used to collect assessment intake data, event registrations, and feedback. Jotform is SOC 2 certified.
Learnybox — learning platform
Editor based in France; servers hosted on Amazon Web Services in Ireland (European Economic Area). Hosts our online courses and related content for enrolled participants. Some peripheral platform features may involve sub-processors outside the EEA; these transfers are covered by Standard Contractual Clauses.
Anthropic — AI processing for the coach app
Based in the United States. Processes coaching messages via the Claude API to generate responses. Operates under a Data Processing Agreement with QiLeader. API content is not used to train Anthropic's models. Transfers covered by Standard Contractual Clauses.
Render — coach app hosting and database
Based in the United States. Hosts the Regenerative Coach application and its encrypted database. Transfers covered by Standard Contractual Clauses. We are evaluating migration to Render's EU (Frankfurt) infrastructure to keep coach data within the European Economic Area; this policy will be updated when the migration is complete.
Resend — transactional email delivery
Used to deliver sign-in codes and operational emails for the coach app. Resend processes only the email address and the content of the operational message; no coaching content passes through it.
WordPress hosting and website infrastructure
Our website is hosted on standard WordPress infrastructure. Hosting providers receive only the technical data needed to deliver the website (IP addresses, request data); they do not have access to assessment, programme, or coach app content.

All service providers are contractually required to protect your data, use it only for the purposes we specify, and delete it when no longer needed. We do not permit any service provider to use your data for their own marketing purposes.

We may also disclose your personal data where required by law, to protect the rights and safety of QiLeader or others, or to enforce our terms of service.

8. Your rights under GDPR

As a data subject in the European Economic Area, you have the following rights:

  • Right of access. You may request a copy of the personal data we hold about you. For coach app data, you can download this directly from My Profile.
  • Right to rectification. You may request that we correct inaccurate or incomplete data.
  • Right to erasure. You may request that we delete your personal data. We will do so unless we have a legal obligation to retain it. For coach app data, you can delete this directly from My Profile.
  • Right to restriction of processing. You may request that we limit how we use your data in certain circumstances.
  • Right to data portability. You may request your data in a structured, commonly used, machine-readable format.
  • Right to object. You may object to processing based on legitimate interest. We will stop unless we have compelling legitimate grounds.
  • Right to withdraw consent. Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, contact us at murielle@qileader.com. We will respond within 30 days.

Right to lodge a complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse 35, 1000 Brussels
www.dataprotectionauthority.be
contact@apd-gba.be

9. Data security

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encrypted connections (HTTPS) for all data in transit.
  • Encryption at rest for coach app data: profile, session summaries, and insights are encrypted before being stored in our database, and can only be decrypted by the running coach application itself.
  • Pseudonymisation: coach app data is linked to your identity only via a random anonymous identifier, separately from the customer system that holds your name and email.
  • Access controls on our systems and those of our service providers, including individual authentication and two-factor authentication where supported.
  • Regular review of our data processing practices and the security posture of our sub-processors.
  • A record of processing activities maintained in accordance with Article 30 of GDPR.

If a password or sign-in code is used to protect your account, it is your responsibility to keep it confidential.

10. Cookies and tracking technologies

Our website uses only strictly necessary cookies — those needed for the website to function, such as remembering your input in forms during a session, or keeping you signed in if you are an enrolled user. Under European law, these cookies do not require your consent.

We do not use analytics cookies. We do not use advertising or marketing cookies. We do not use tracking pixels from social media platforms.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete them.

We may use web beacons (small electronic images) in emails to determine whether messages have been opened and which links have been clicked. This helps us improve our communications. You can avoid this by disabling images in your email client or by unsubscribing.

11. Children

Our services are designed for adult professionals. We do not knowingly collect personal data from anyone under the age of 16. If we discover that we have collected data from a child, we will delete it promptly.

12. International data transfers

QiLeader prioritises hosting and processing of personal data within the European Economic Area. Some of our service providers, however, are based outside the EEA — primarily in the United States.

Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place, in accordance with Chapter V of GDPR:

  • ActiveCampaign (United States): EU-US Data Privacy Framework certification, with EU data centre configuration.
  • Anthropic (United States): Standard Contractual Clauses, Data Processing Agreement in force.
  • Render (United States): Standard Contractual Clauses. Migration to Render's EU infrastructure is under review.
  • Resend (United States): Standard Contractual Clauses.
  • Jotform, Learnybox: primary hosting in the EEA; any peripheral processing outside the EEA is covered by Standard Contractual Clauses.

13. Anti-spam commitment

We do not send unsolicited commercial email. We do not sell, lease, or rent our email subscriber lists to third parties. Every email we send includes an unsubscribe mechanism. When you unsubscribe, we stop sending promotional communications promptly.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our services, our data practices, or applicable law. When we make material changes, we will notify you by posting a prominent notice on our website or by contacting you directly. We encourage you to review this policy periodically.

15. Contact us

If you have any questions about this privacy policy or about how we handle your personal data, please contact us:

QiLeader s.r.l.
Chaussée de Vleurgat 282 B11
1050 Brussels, Belgium
murielle@qileader.com

© QiLeader s.r.l. · qileader.com