Data & Privacy

How BlackBook handles your clients' data.

Written for boutique directors and Client Advisors, not lawyers. Clear answers to the questions that matter before you pilot BlackBook.

Last updated: May 2026
Data location
European servers
EU West · GDPR covered
AI processing
Zero retention
Anthropic API · Not trained on
Data sharing
Never sold
No third parties · No ads
The short version

Your clients' data belongs to your boutique. BlackBook is an intelligence layer that sits on top of what you already have. We do not sell data, we do not share it with other boutiques, and we do not use it to train AI models.

The AI that generates briefings and recommendations processes client data in real time and immediately discards it. Nothing is stored on Anthropic's servers. The output lives in BlackBook and nowhere else: the briefing, the picks, the draft message.

Common questions
Does BlackBook store client personal data?
BlackBook stores only the client data you explicitly input or sync from your existing CRM. This includes names, contact preferences, purchase history, and style notes. No data is sold, shared with third parties, or used to train AI models.
Where is the data hosted?
All client data is stored in Supabase on European servers (EU West region), covered by GDPR. Each boutique's data is isolated: one boutique cannot access another boutique's records under any circumstances.
Does the AI store or learn from client data?
No. BlackBook uses the Anthropic API which operates under a zero data retention policy for API calls. Client data sent to generate a briefing or recommendation is processed in real time and immediately discarded. Anthropic does not store it and does not use it to train Claude or any other model.
Can Client Advisors see each other's notes?
Notes and activity logs are scoped to the boutique. All CAs within the same boutique share access to client records. This mirrors how a shared CRM works. Notes from one boutique are never visible to another boutique.
What happens to data if we stop using BlackBook?
Your data can be exported in full at any time. On request, all client records associated with your boutique will be permanently deleted from our database within 30 days.
Is BlackBook GDPR compliant?
BlackBook is designed with GDPR principles in mind. Data is stored in the EU, access is restricted by boutique, and client data is never processed for purposes beyond delivering the intelligence features you use. For enterprise pilots requiring a formal DPA, please contact us directly.
What we collect and why

BlackBook collects client profile data, including names, contact preferences, purchase history, style preferences, and CA notes, for one purpose: generating intelligence that helps your team serve those clients better.

We collect CA login information to authenticate access and scope data correctly to each boutique. We do not collect behavioural analytics, advertising identifiers, or any data beyond what is necessary to operate the product.

Third party services

BlackBook uses three external services to operate:

Anthropic: processes client data in real time to generate briefings, recommendations, and message drafts. Zero data retention policy applies. Data is not stored or used for training.

Supabase: stores client records, notes, and activity logs on European servers. Data is encrypted at rest and in transit.

Airtable: stores your boutique's product catalog. No client personal data is stored in Airtable.

Questions about data handling, GDPR compliance, or enterprise pilots?
contact@blackbookai.app →