Compliance
Security & Ethics - how does QInsights remain secure
At QInsights B.V., we are committed to maintaining the highest standard of privacy, security and compliance. In this document, we outline the key points and describe the measures QInsights puts in place to ensure your data privacy, ownership and ultimate control are respected.
Company Information
QInsights B.V.
Directors: Dr. Susanne Friese & Wissem Golli
Address: Bierstraat 123C, 3011 XA Rotterdam, Netherlands
Chamber of Commerce number: 95337822
VAT number: NL867092142B01
Email: contact@qinsights.ai
Call: +31(0) 6 39205531
Third-party Vendors
Third-party vendors are a particular consideration when evaluating AI tools. This is because a vast majority of AI application providers rely in some way or another on privately hosted "Foundational Models".
What do we do at QInsights?
Equivalent Provisions: All third-party providers we work with are bound by equivalent provisions to those in our own Data Processing Addendum (DPA) and Privacy Policy. This includes OpenAI who are contractually restricted from using any data they come into contact with for the improvement of their product and services.
Data Minimization: All systems are engineered to provide limited access to data strictly defined by their function. Data is only shared with each service where required.
Vendor Management: All third parties are vetted to ensure compliance with our standards when being considered.
Sub-Processors
Hetzner Online GmbH
Service: Cloud provider
Address: Industriestr. 25, 91710 Gunzenhausen, Germany
Location of Data Processing: Germany
Data Protection Guarantees for Processing Outside the EEA: Not required
Subject of Processing: Hosting the infrastructure
Type of Processing: Storing the data required for service provision
Duration of Processing: Customer-provided data will be deleted promptly once processing is no longer required.
Terms of Use: https://www.hetzner.com/legal/legal-notice/
Data Security Measures: https://www.hetzner.com/legal/privacy-policy/
Google Cloud EMEA Limited
Service: Infrastructure
Address: 70 Sir John Rogerson's Quay, Dublin 2, Ireland.
Location Data Processing: Netherlands
Data Protection Guarantees for Processing Outside the EEA: Not required
Subject of Processing: Hosting the infrastructure
Type of Processing: Storing the data required for service provision
Duration of Processing: Customer-provided data will be deleted promptly once processing is no longer required.
Terms of Use: cloud.google.com/terms
Data Security Measures: cloud.google.com/docs/security
Notes: Google does not use your data for training its AI. See cloud.google.com/vertex-ai/generative-ai/docs/data-governance for details on how Google processes and governs customer data.
Microsoft Ireland Operations Limited
Service: Providing Microsoft Azure and Azure OpenAI Service
Address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
Location of Personal Data Processing: Sweden and France
Data Protection Guarantees for Processing Outside the EEA: Not required.
Type of Processing: Generating a response with a large language model. We currently use the following models: GPT-4 and 5
Duration of Processing: Customer-provided data will be deleted promptly once processing is no longer required.
Data Security Measures: Microsoft Trust Centre and Azure security documentation
Terms of Use: Microsoft Product Terms, Microsoft Products and Services Data Protection Addendum, and Microsoft Azure Legal Information
Notes: Customer prompts, completions, embeddings and uploaded data are not made available to OpenAI and are not used to train Microsoft or third-party foundation models without the customer's permission or instruction.
AssemblyAI, Inc.
Service: Transcription service for converting audio and video to text
EU Member Representative: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland
Data Processing: AssemblyAI's European servers (Slam-1 and Lemur)
Data Protection Guarantees for Processing Outside the EEA: AssemblyAI's Data Processing Addendum incorporates appropriate transfer safeguards, including the European Commission's Standard Contractual Clauses where applicable.
Subject of Processing: Transcription of audio and video files uploaded by QInsights users.
Type of Processing: Temporary receipt and processing of audio or video files to generate transcripts, timestamps and speaker information.
Duration of Processing: Data uploaded to AssemblyAI is not retained and is removed immediately after inference is provided.
Data Security Measures: https://www.assemblyai.com/security and https://app.vanta.com/assemblyai/trust/
Terms of Use: https://www.assemblyai.com/legal/terms-of-service
Notes: Files submitted are not used for model training.
Paddle.com Market Limited
Service: Payment processing service, merchant of record
Address: Judd House, 18-29 Mora Street, London EC1V 8BT, United Kingdom
Location of Personal Data Processing: United Kingdom and other locations used by Paddle and its payment partners
Data Protection Guarantees for Processing Outside the EEA: The United Kingdom is covered by an adequacy decision of the European Commission. Where Paddle transfers Personal Data to other countries, Paddle applies the transfer mechanisms described in its privacy notice and contractual documentation.
Subject of Processing: Acting as Merchant of Record for QInsights licences and subscriptions, including payment collection, invoicing, taxation, fraud prevention, refunds, chargebacks and subscription administration.
Type of Processing: Collection and processing of customer identity, billing, payment, transaction and subscription information.
Duration of Processing: Paddle retains Personal Data for as long as necessary to complete transactions, comply with tax, financial, anti-fraud and legal obligations, resolve disputes and administer subscriptions, in accordance with Paddle's privacy notice.
Data Security Measures: https://www.paddle.com/legal/privacy
Terms of Use: https://www.paddle.com/legal/terms
Notes: Paddle does not have access to Customer Content uploaded to QInsights.
Stratto.ai
Service: Customer relationship management and sales administration
Address: 530 Rue des Fauvettes, Longueuil, Quebec J4G 2K6, Canada
Location of Personal Data Processing: Canada
Data Protection Guarantees for Processing Outside the EEA: Canada is recognised by the European Commission as providing an adequate level of data protection for commercial organisations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Subject of Processing: Management of prospective customers, trial users, customers, business contacts and related sales and communication activities.
Type of Processing: Storage, organisation, updating and analysis of contact and customer relationship data, including names, business email addresses, organisations, communication history, trial or licence status, sales activities and related notes.
Duration of Processing: Personal Data is retained for the duration of the business relationship and thereafter in accordance with QInsights' retention requirements and Stratto.ai's contractual deletion provisions.
Privacy Policy: https://stratto.ai/en/privacy-policy
Notes: Stratto.ai is used for customer relationship management and sales administration. It does not receive Customer Content uploaded to QInsights, including research documents, transcripts, audio or video files, prompts or analytical outputs.