BLACK DOLLAR INDEX

Privacy Policy

Effective Date: May 18, 2026 Last Updated: May 18, 2026 Website: blackdollarindex.com

This Privacy Policy explains how For the Equity Marketing & Consulting, LLC ("For the Equity," "Black Dollar Index," "BDI," "we," "us," or "our") collects, uses, shares, and protects information when you visit blackdollarindex.com or use any of our tools and services, including Index // MRKT — our AI-powered query tool with Search, Ask, and Find modes (collectively, "Query").

This policy operates alongside our Terms & Conditions, which are incorporated by reference. If you do not agree with any part of this policy, please do not use our Services.

Summary of Key Points

This is the short version. The full policy is below.

  • What we collect. Your Google account profile when you sign in (name, email). Calculator inputs (zip code, demographic info, financial info) — anonymously, unless you're signed in. Each Query you submit to Index // MRKT (your question text, mode, resolved company, success/error). Standard server logs.
  • How we use it. Operate the Services, enforce quotas, prevent abuse, and inform BDI's research and advocacy. We do not sell your data. We do not use it for targeted advertising.
  • AI. When you submit a Query to Index // MRKT, your question and BDI's retrieved data are sent to Google's Gemini API to generate an answer. Your name, email, and identity are not sent — only the words of your question and the data we retrieved.
  • Query history. Index // MRKT Query logs are behavioral data. We retain them indefinitely. They power BDI's advocacy research and improve the Query experience. Individual logs are never sold or shared.
  • Your rights. Depending on where you live (U.S., EU/UK, Canada), you have rights to access, correct, delete, port, restrict, or object to processing of your personal information. Email [email protected] to exercise them.
  • Children. The Services are for adults 18 and older.
  • Cookies. We use the minimum cookies needed to operate the Services. No advertising cookies.
  • Changes. Material changes will be communicated with at least 14 days notice.

Table of Contents

  1. Scope
  2. Information We Collect
  3. How We Use Your Information
  4. AI Processing — How Index // MRKT Works
  5. Legal Bases for Processing (UK / EU)
  6. How We Share Your Information
  7. Data Retention
  8. Cookies and Similar Technologies
  9. Do Not Track Signals
  10. Children's Privacy
  11. Your Privacy Rights
  12. Automated Decision-Making
  13. Data Security
  14. International Transfers
  15. Third-Party Links
  16. Re-Identification Risk Notice
  17. Ethical Data Use
  18. Changes to This Policy
  19. Contact Us

1. Scope

This policy applies to:

  • Visits to blackdollarindex.com and its subdomains
  • The free Corporate Equity Scorecards, Black Franchise Index, and other public research surfaces
  • The free financial calculators (Budget Health Calculator, Loan Fairness Audit, Cost of Loyalty Calculator)
  • Index // MRKT — our AI-powered Query tool, including its Search, Ask, and Find modes
  • Account creation, sign-in, and any purchase made on the platform (Query packs and BLK Beta)

2. Information We Collect

2.1 Information you provide directly

  • Account identity (when you sign in). We use Google OAuth via Supabase Auth. When you sign in, Google shares with us your name, email address, and Google profile photo. We do not receive your Google password.
  • Profile data. Your account record stores: user ID, email, account tier (Member / Power Pack / BLK Beta), monthly Query count, query-pack balance, and quota reset date.
  • Calculator inputs. Zip code, race/ethnicity, gender, income bracket, budget and expense breakdowns, debt amounts. As described in our Terms, these calculator inputs are stored anonymously when you use the free tools without an account.
  • Communications. Anything you email us, submit through the contact form, or include in a support request.

2.2 Information you generate by using Index // MRKT

When you submit a Query through Index // MRKT (Search, Ask, or Find), we log the request as behavioral data. The log includes:

  • Your user ID (so we can enforce per-account quotas and pack balances)
  • The text of your question
  • The mode you used (Search, Ask, Find)
  • The company or sub-brand the question resolved to (if any)
  • Whether it was a follow-up to a prior question in the same session
  • Your tier at the time of the Query
  • Whether the Query succeeded, the error code if it failed, and the response latency
  • Normalized topic tags and extracted keywords derived from your question

We do not log the AI's response back into the queries table — only your input and outcome metadata.

2.3 Information collected automatically

  • Authentication tokens. Supabase issues a session JWT in your browser to keep you signed in. It expires and refreshes on a normal schedule.
  • Server logs. When you make a request to our servers, we receive standard request data including IP address, user-agent, timestamps, referring URL, and HTTP status codes. These logs are used for security, abuse prevention, and debugging.
  • Cookies and similar technologies. We use a small set of cookies — see Section 8.

2.4 Information from third parties

  • Stripe (payments). When you purchase a query pack or BLK Beta, Stripe collects and processes your payment information. We receive a confirmation of the purchase, the product purchased, the amount, and an internal Stripe customer ID. We never see or store your card number.
  • Google (authentication). We receive the profile information you authorize Google to share when you sign in.

2.5 Sensitive personal information

Some U.S. state privacy laws and the GDPR treat racial or ethnic origin as sensitive personal information. When you use BDI's calculators, you may voluntarily provide race/ethnicity data. We treat this category with extra care:

  • We collect it only when you choose to provide it.
  • We use it only for the research and advocacy purposes described in Section 3.
  • We do not sell it, share it with advertisers, or use it for any inference about you as an individual.
  • We do not process it for profiling that produces legal or similarly significant effects on you.
  • You may withhold this field at any time and still use the calculators.

We do not knowingly collect any other category of sensitive personal information (precise geolocation, health, biometric, sexual orientation, immigration status, religion, union membership, or government identifiers).

3. How We Use Your Information

We use the information described above to:

  • Operate the Services. Authenticate you, route you to the right tier, enforce quotas, process payments, deliver query-pack credits.
  • Run Index // MRKT. Route your Query to our retrieval-augmented generation (RAG) pipeline, fetch the relevant BDI data, send the assembled prompt to our AI model provider (see Section 4), stream the response back to your browser.
  • Protect the Services. Rate-limit abusive traffic, block prompt content that violates our acceptable-use rules, investigate fraud or unauthorized access.
  • Advance BDI's research and advocacy. Aggregate Query patterns and calculator data to identify what readers ask about most, where corporate data has gaps, and which signals to publish next. Aggregate analysis is reported in non-identifiable form. Index // MRKT Query history is behavioral data that directly informs this work.
  • Improve Index // MRKT. Use Query logs to understand what works, what fails, where users get stuck, and which features to build next.
  • Communicate with you. Respond to support requests, send transactional messages about your account or purchases, and — only with your consent — send research updates or newsletter content.
  • Comply with law. Respond to lawful requests, enforce our Terms, and protect the rights and safety of our users and the public.

We do not use your information for targeted advertising. We do not sell your personal information.

4. AI Processing — How Index // MRKT Works

Index // MRKT is a retrieval-augmented AI tool. When you submit a Query, three things happen:

  1. Retrieval. Our system pulls structured data from BDI's database that matches your question.
  2. Synthesis. We assemble your question together with the retrieved BDI data into a prompt and send that prompt to a third-party AI model.
  3. Streaming. The AI's response is streamed back to your browser and displayed in the chat.

4.1 Third-party AI model provider

We currently use Google's Gemini API to generate Index // MRKT responses. Google processes the prompt content — which includes your question text and the BDI data we retrieved — to produce a response.

Google's handling of API content is governed by Google's AI/ML Privacy Commitment and the Gemini API Terms. Per those terms, Google does not use prompts or responses from this API to train its general-purpose models.

We may change the specific model version we use within the Gemini API, and we reserve the right to use additional or alternative AI providers in the future. If we add a new provider or materially change how Queries are processed, we will update this section.

4.2 What we send to the AI provider

The prompt we send to the AI model contains:

  • Your question text (the words you typed or chose from a suggestion chip)
  • BDI's retrieved data for the relevant companies, signals, or topics
  • BDI's system prompt (our editorial instructions to the model)
  • For follow-ups: the prior turns of the current Query thread

The prompt does not include your email address, your name, your Google profile, your IP address, your payment information, or any identifier that links back to your account. The AI provider sees the words of your question — it does not see who you are.

4.3 AI-generated content is not advice

AI responses are BDI's editorial read produced with assistance from a large language model. They are informational only. They may be incomplete, out of date, or wrong. Nothing returned by Index // MRKT is financial, investment, legal, tax, medical, or credit advice. Verify before acting. See our Terms & Conditions for the full disclaimer.

4.4 Content filtering

Index // MRKT blocks Queries that contain slurs, explicit profanity, or other categories of language we have decided not to process. Blocked Queries are logged with an error code (CONTENT_BLOCKED) and do not consume your free or paid quota. We use these logs to refine the filter and investigate abuse.

If you are in the United Kingdom or the European Economic Area, the GDPR / UK GDPR requires us to identify a lawful basis for each category of processing. We rely on the following:

  • Consent (Art. 6(1)(a)). For optional features such as marketing emails, for cookies that are not strictly necessary, and for any explicit category you actively volunteer (including race/ethnicity in the calculators). You may withdraw consent at any time.
  • Performance of a contract (Art. 6(1)(b)). To operate your account, deliver the Services you have signed up for, process payments, and provide Query packs and BLK Beta features.
  • Legitimate interests (Art. 6(1)(f)). To run security, abuse prevention, rate limiting, content filtering, internal analytics, and aggregate research and advocacy. We balance our interests against your rights and only rely on this basis when our interests are not overridden by yours.
  • Legal obligation (Art. 6(1)(c)). To meet tax, accounting, anti-fraud, and lawful disclosure requirements.
  • Vital interests (Art. 6(1)(d)). Rare. Only where processing is necessary to protect someone's life or physical safety.

For sensitive personal information (Art. 9), we rely on your explicit consent when you choose to provide race/ethnicity in the calculators, and on the substantial public interest basis (Art. 9(2)(g)) for aggregate, non-identifiable economic-equity research conducted by a nonprofit-affiliated research program.

6. How We Share Your Information

We share personal information only as described below. We do not sell your personal information, and we do not share it with advertisers.

Recipient Purpose What they receive
Supabase, Inc. (database + auth host) Hosting our database, authentication, and edge functions Your account record, Query logs, calculator inputs, session tokens
Google (Cloud Identity) OAuth sign-in The fact that you authenticated; we receive your Google profile back
Google (Gemini API) Generating AI responses in Index // MRKT Prompt content as described in Section 4.2
Stripe, Inc. Payment processing Payment method, billing address (collected by Stripe directly); we receive purchase confirmation only
Analytics provider Page-view and feature-usage counts (aggregate) Limited event data; configured to minimize personal information
Mission-aligned researchers and advocacy partners Aggregate research findings Aggregated, non-identifiable findings only — never individual records
Service providers (email delivery, error monitoring) Operating the Services Only the data needed to perform their function, under written contract
Legal authorities Compliance with valid legal process or to protect rights and safety Only what is legally required
Successor entities In the event of a merger, acquisition, or sale of assets Notice will be provided; this policy continues to apply unless updated

7. Data Retention

We retain personal information for as long as needed to operate the Services, meet legal obligations, and support BDI's research and advocacy mission.

  • Account records: retained while your account is active and for up to 24 months after deactivation.
  • Index // MRKT Query logs: retained indefinitely. Query history is behavioral data that powers BDI's research and advocacy work and is used to improve the Query experience. Individual logs are never sold or shared; aggregation and de-identification are applied before any external publication.
  • Anonymous calculator data: retained indefinitely in aggregated, non-identifiable form for research.
  • Payment records: retained as required by law (typically 7 years for tax and accounting).
  • Server logs: retained for up to 90 days unless required for an active investigation.
  • Marketing preferences: retained for as long as you remain on the mailing list.

You can request deletion of personal information associated with your account — see Section 11.

8. Cookies and Similar Technologies

We use the minimum cookies required to operate the Services:

  • Strictly necessary cookies / local storage — used to keep you signed in, remember your selected mode, and persist short-lived state across an OAuth redirect.
  • Functional cookies — used to remember UI preferences (e.g., dismissing the Power Pack expiration banner for the current session).
  • Analytics — we may use a privacy-respecting analytics provider to count page views and feature usage in aggregate.

We do not use cookies for advertising or for cross-site tracking. Where required by law, you will see a cookie consent banner that lets you opt in or out of non-essential cookies.

9. Do Not Track Signals

Some web browsers transmit a "Do Not Track" (DNT) signal. There is no industry consensus on how to respond, and we do not currently change behavior based on DNT signals. We do, however, honor the equivalent opt-outs available under state laws — including the Global Privacy Control (GPC) signal where required.

10. Children's Privacy

The Services are intended for adults age 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact [email protected] and we will delete it.

11. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we fix inaccurate information.
  • Deletion — request that we delete your personal information.
  • Portability — receive your information in a portable format.
  • Restriction — limit how we process your information.
  • Objection — object to certain types of processing, including any automated decision-making.
  • Withdraw consent — withdraw consent you previously gave (for example, marketing emails or providing race/ethnicity to the calculators).
  • Opt out of "sales" or "sharing" — under U.S. state laws that use that framing, even though we do not sell personal information.

Where you live changes how this works

  • California (CCPA / CPRA). Right to know, access, correct, delete, and obtain a copy of personal data. Right to opt out of "sale" or "sharing" of personal data and of profiling that produces legal or similarly significant effects. We do not engage in either, but you may submit a request to confirm. Right to limit use of sensitive personal information.
  • Other U.S. states with comprehensive privacy laws — Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — residents have access, deletion, correction, and opt-out rights consistent with their state's law.
  • United Kingdom and European Economic Area (UK GDPR / GDPR). Rights of access, rectification, erasure, restriction, portability, and objection — including the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. You may also lodge a complaint with your local supervisory authority.
  • Canada (PIPEDA). Express consent required. You may withdraw consent and request access or correction at any time.

How to exercise your rights

Email [email protected] with the request and the email address associated with your account. We will respond within the timeframe required by your jurisdiction (typically 30 to 45 days). We may need to verify your identity before fulfilling certain requests. There is no charge for reasonable requests.

Authorized agents

You may use an authorized agent to submit a request on your behalf where the law permits. We will require written authorization and identity verification.

Appeals

If we deny your request, you may appeal by replying to our response. We will review and respond within the statutory window. Where required, we will also direct you to your state Attorney General or equivalent supervisory authority.

12. Automated Decision-Making

Index // MRKT generates editorial AI responses to your Query. These responses are not automated decisions about you, do not affect your legal rights, and are not used to evaluate your creditworthiness, employment, insurance, housing, or any similar matter. You may opt out of receiving AI-generated responses at any time by simply not using Index // MRKT.

13. Data Security

We use industry-standard security practices including encrypted connections (HTTPS/TLS), encryption at rest for our database, scoped service-role keys, JWT-based authentication, and row-level access controls on user data. No system is perfectly secure. If we ever experience a data breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

14. International Transfers

We are based in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws than your country. For transfers from the UK / EEA, we rely on appropriate safeguards permitted by GDPR (such as the EU Standard Contractual Clauses or the UK International Data Transfer Addendum) where required. By using the Services, you consent to this transfer to the extent permitted by your local law.

The Services link to third-party websites (corporate disclosures, government data, news outlets). This policy does not apply to those sites. Review each third party's policy before sharing information with them.

16. Re-Identification Risk Notice

Some of the data we collect through the calculators — zip code combined with demographic and financial details — can be quasi-identifying in small geographic or demographic groups, even when no single field identifies you. We apply minimum sample size thresholds before publishing any aggregate finding so that no single user can be re-identified from a published report.

17. Ethical Data Use

BDI was built to redirect economic power toward Black communities, not to extract it. That mission shapes how we handle data:

  • No surveillance advertising. We do not sell data, do not share it with advertisers, and do not build advertising profiles.
  • Aggregate before publish. Research findings are only ever published in aggregate, non-identifiable form, with sample-size minimums to prevent re-identification.
  • Behavioral logs serve the community. Index // MRKT Query history is used to identify gaps in corporate disclosure, support advocacy, and improve the tool — not to score, target, or rank you.
  • Mission-aligned partners only. When we share aggregate findings, it is with researchers and advocacy organizations whose work is consistent with BDI's mission.
  • No automated decisions about you. AI responses are editorial reads, not determinations about your eligibility, creditworthiness, or any other right.

If you believe a specific use of your data falls outside this commitment, write to [email protected] and we will review it.

18. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated on the website and, where appropriate, by email to registered users at least 14 days before they take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.

The "Effective Date" and "Last Updated" lines at the top of this document reflect the most recent revision.

19. Contact Us

For the Equity Marketing & Consulting, LLC Operating as: Black Dollar Index Website: blackdollarindex.com Email: [email protected] Contact form: https://www.blackdollarindex.com/contact-us/

For privacy-specific requests, please put "Privacy Request" in the subject line.

To review, update, or delete the personal data we hold about you, see Section 11 or email the address above.

Black Dollar Index is committed to economic equity, data transparency, and community trust. Built with ♥ by and for the community.