Privacy Policy

1. Who We Are

Data Fiduciary: Qbiqal Technologies Pvt. Ltd., India

Contact: [email protected] · WhatsApp +91 74392 87439

This policy applies to the Qbiqal platform, website, APIs, and all related services.

2. Data We Collect

Account Data: Name, email address, phone number, business name, GSTIN (optional).

Usage Data: Feature usage logs, AI task execution records, credit consumption, session data.

Business Data: Content you upload to the platform (documents, images, contact lists) to enable AI services.

Payment Data: Processed by Razorpay — we store only order IDs and amounts, never card numbers.

Communications: Support messages and enquiry form submissions sent to [email protected].

3. Legal Basis for Processing

• Consent (DPDP Act §6): For marketing communications and optional data processing beyond service delivery.
• Contract Performance: Processing necessary to provide the SaaS platform and AI services you have subscribed to.
• Legal Obligation: Compliance with Indian law, GST, and government directives.
• Legitimate Interest: Security monitoring, fraud prevention, and service improvement.

4. How We Use Your Data

• Create and manage your Qbiqal account and workspace.
• Provide AI Agency services and pipeline execution.
• Process payments and manage billing.
• Send transactional emails (OTP, receipts, invitations) via Resend, using our verified domain qbiqal.com.
• Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations and respond to government requests.
• Improve and secure the platform (aggregate, de-identified analytics only).

5. Data Storage & Infrastructure

Your data is stored on Hetzner Cloud servers located in Germany (EU), operated by Hetzner Online GmbH. Media assets are stored in Cloudflare R2 with configurable bucket regions.

All databases are encrypted at rest. Sensitive credentials (API keys, connection strings) are encrypted with AES-256-GCM before database storage.

6. Data Retention

• Account data: Until account deletion + 30 days grace period.
• Transaction records: 7 years (Indian accounting law requirement).
• Activity logs: 90 days.
• AI execution outputs: 30 days unless exported.
• OTP logs: 30 days.

See our Data Retention Policy for full details.

7. Third-Party Data Processors

8. Your Rights Under DPDP Act 2023

• Right to Information (§11): Know what personal data we hold about you.
• Right to Correction & Erasure (§12): Request correction of inaccurate data or erasure of your personal data.
• Right to Grievance Redressal (§13): File a complaint with our Grievance Officer.
• Right to Nominate (§14): Nominate another individual to exercise rights on your behalf in case of incapacity.
• Right to Withdraw Consent: Withdraw consent at any time — note this will result in service termination.

To exercise any right, email: [email protected] or WhatsApp +91 74392 87439. We respond within 30 days.

9. Children's Data (DPDP Act §9)

Qbiqal does not knowingly collect personal data from children under 18. We do not process personal data of children, and we do not undertake targeted advertising directed at children. If you believe a child has provided us personal data, contact [email protected] for immediate erasure.

10. Security Measures

• AES-256-GCM encryption for sensitive data at rest.
• TLS 1.2+ for all data in transit.
• JWT with short expiry (15 min access tokens, 7-day refresh tokens).
• TOTP 2FA available for all accounts.
• Rate limiting on all authentication endpoints.
• Soft-delete with audit trail — data is never hard-deleted without explicit request.
• Immutable activity logs for all critical operations.

11. Changes to This Policy

We will notify you of material changes to this policy via email and in-app notification at least 15 days before the changes take effect. Continued use after the effective date constitutes acceptance.

12. Contact Us

Grievance Officer / DPO: [email protected]

WhatsApp: +91 74392 87439

Company: Qbiqal Technologies Pvt. Ltd., India