Privacy Policy

1) Summary

We collect personal information that you provide directly, information we obtain automatically (e.g., via cookies and similar technologies), and information from third parties. We use it to provide and improve the Services, communicate with you, personalize experiences, for security and fraud prevention, to comply with law, and—where permitted and with your choices—for marketing/advertising.

We share information with service providers and partners under contracts that require them to protect it, with corporate affiliates, in connection with corporate transactions, to comply with law, and otherwise with your consent or at your direction. You have rights and choices described below, including how to opt out of certain processing, access/correct/delete your data, or object where applicable.

2) Scope & Definitions

This Policy applies when QGM determines the purposes and means of processing personal information (“Controller”). Where we process personal information on behalf of a customer (e.g., providing hosted services), we act as a “Processor.” In those cases, our processing is governed by our Data Processing Addendum (“DPA”) with that customer.

Personal information means information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable person. Definitions may vary by jurisdiction.

3) Information We Collect

A. Information You Provide

• Account & Profile (name, email, phone, address, password, roles).
• Business Details (company name, job title, tax IDs if provided for invoicing).
• Transactions (orders, invoices, payments, shipping, support tickets).
• Content (files, messages, forms, survey responses, reviews).
• Marketing Preferences (newsletter opt-ins, event registrations).
• Support Communications (call/chat/email recordings or transcripts where permitted).

B. Information Collected Automatically

• Usage Data (pages viewed, features used, clicks, referring/exit pages, timestamps).
• Device & Technical (IP address, OS, browser type, device IDs, app version, language, time zone, approximate location).
• Cookies/SDKs/Pixels (unique IDs, session info, ad IDs, attribution data). See Cookies & Tracking.

C. Information from Third Parties

• Auth/SSO providers (e.g., OAuth, enterprise SSO).
• Analytics & Advertising partners (traffic, conversions, audience segments as allowed by law/consent).
• Payments & Fraud Prevention (billing details, risk scores).
• Business Partners (resellers, referral partners, data enrichment with your consent where required).

D. Sensitive Information

We do not seek to collect sensitive categories (e.g., government IDs, precise geolocation, health/biometric data) unless you provide it or we clearly request it for a lawful purpose and with required notices/consents. Do not share sensitive data unless necessary.

E. Data Map (Illustrative)

Note: Actual retention depends on your settings, applicable law, and our legitimate business needs.

4) How We Use Information

• Provide, operate, maintain, and secure the Services.
• Create and manage accounts; fulfill transactions; provide customer support.
• Analyze usage to improve features, develop new products, and enhance safety.
• Personalize content and experiences.
• Send service, transactional, and (with your consent or as permitted) marketing communications.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce terms and policies.
• Research and statistical purposes (using aggregated or de-identified data where feasible).

5) Legal Bases (EEA/UK)

Applies where EU/EEA or UK data protection law governs.

• Contract: To provide Services you request.
• Legitimate interests: To improve Services, ensure security, prevent fraud—balanced against your rights.
• Consent: For cookies/analytics/marketing where required. You may withdraw at any time.
• Legal obligation: To comply with applicable laws (tax, accounting, sanctions, etc.).
• Vital interests: Rarely, to protect life or safety.

6) Cookies & Tracking

We use cookies, SDKs, pixels, and similar technologies to operate and improve the Services, remember settings, measure performance, and (where permitted) personalize and advertise. You can manage preferences via our Cookie Settings and your browser/device settings. Where required, we display a consent banner.

Cookie/SDK Overview (Illustrative)

Open Cookie Settings Do Not Sell/Share (US)

7) How We Share Information

• Service providers/Processors under contracts requiring confidentiality and security (hosting, analytics, payments, support, communications, logistics).
• Business partners with your consent or as permitted (e.g., integrations you enable).
• Affiliates and subsidiaries for consistent service delivery and internal administration.
• Legal/Safety: to comply with law, enforce terms, or protect rights, property, and safety.
• Corporate transactions (merger, acquisition, financing, sale of assets), subject to appropriate safeguards.
• With your direction or consent, including when you publish content or connect third-party services.

We do not sell personal information for money. Where “sale” or “sharing” includes cross-context behavioral advertising under certain U.S. laws, you can opt out via the links above.

8) International Transfers

We may transfer personal information to countries with different data protection laws. Where required, we use appropriate safeguards, such as Standard Contractual Clauses, and implement additional measures as needed. You can request a copy by contacting us.

9) Data Retention

We retain personal information only as long as necessary for the purposes described, including to meet legal, accounting, or reporting requirements, resolve disputes, and enforce our agreements. When no longer needed, we delete or de-identify information unless retention is required by law.

10) Security

We employ organizational, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, least-privilege practices, logging/monitoring, and vendor due diligence. No method is 100% secure; please use strong passwords and safeguard your account.

Incident Reporting: If you suspect a security issue, contact us immediately at security@qtadagm.com.

11) Your Rights & Choices

Depending on your location, you may have some or all of the following rights, subject to legal limits:

• Access/Know what personal information we hold about you.
• Correction of inaccurate or incomplete information.
• Deletion (erasure) of personal information.
• Portability of certain information in a usable format.
• Restriction or objection to certain processing (including profiling) where applicable.
• Withdraw consent where processing is based on consent.
• Opt out of targeted advertising, the sale or sharing of personal information (as defined by certain U.S. laws), and certain profiling.
• Appeal our decision on a privacy request where your law provides a right to appeal.

To exercise rights, submit a request at /privacy/requests or email privacy@qtadagm.com. We may verify your identity and ask for information to process your request. Authorized agents may submit requests as permitted by law with valid proof of authorization.

Marketing emails: click “unsubscribe” in any email or adjust Account Settings. Cookie/advertising choices: see Cookie Settings and device/system controls.

12) Regional Addenda

12.1 EEA/UK Addendum

Applies to individuals in the EEA/UK.

• Controller: QGM – Qtada GM LLC, [Insert EU/UK representative if required by Art. 27 GDPR].
• Data Protection Officer (if applicable): [Insert].
• Transfers: We rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers outside the EEA/UK.
• Complaints: You may lodge a complaint with your local supervisory authority.

12.2 United States Addendum (CPRA/Other State Laws)

Applies to residents of California, Colorado, Connecticut, Virginia, Utah, and other similar U.S. state laws.

• Categories Collected: See Section 3 and the Data Map table.
• Sources: You, your devices, service providers, partners, public sources.
• Business/Commercial Purposes: See Section 4.
• Disclosures for Business Purposes: Service providers, processors, and other recipients as described in Section 7.
• “Sale”/“Sharing”: We do not sell for money; some uses for targeted advertising may be considered “selling” or “sharing.” You can opt out at /privacy/do-not-sell-or-share.
• Sensitive PI: Processed only for limited purposes described; no use beyond permitted purposes without consent.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.
• Metrics (if required): We publish annual request metrics at /privacy/transparency.

12.3 Other Regions (Template)

If your local law provides specific rights or imposes additional obligations (e.g., data localization, registration, breach notification timelines), they will be listed here.

• [Insert Region/Country Name]: [Insert legally required notices, regulator contacts, localization, etc.]

13) Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children without appropriate consent where required by law. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete such information.

14) Changes to This Policy

We may update this Policy to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will provide prominent notice (e.g., by email or through the Services) and indicate the “Last updated” date above. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

15) How to Contact Us

If you have questions or complaints about this Policy or our privacy practices, contact us at:

Annexes

Annex A — Sub-Processors & Service Providers

Publish and keep this list current; include purpose and data categories.

Annex B — Data Processing Addendum (Processor Role)

Where QGM acts as a Processor for a customer, our DPA (incorporating the EU/UK Standard Contractual Clauses as applicable) governs such processing. The DPA is available at /legal/dpa and forms part of our customer agreements.

Annex C — Records of Processing Activities (RoPA) Summary

Maintain internally; include systems of record, purposes, recipients, retention, and transfer safeguards.