Privacy Policy
Protecting your privacy and personal data is very important to us. We therefore only use your personal data within the scope of legal regulations, in particular the General Data Protection Regulation (GDPR). With this privacy policy, we would like to inform you about the nature, scope and purposes of the collection, use and processing of your personal data by QInsights B.V. regarding the use of our AI-Powered software application.
At the heart of our operations, QINSIGHTS, our premier AI-powered software application, is designed with an unwavering commitment to data privacy and security. Utilizing advanced large language models, our infrastructure and operational practices are meticulously crafted to align with the highest standards for data protection, particularly within the European context. This entails choosing services that fulfil the following criteria:
Security: Ensuring data is protected against unauthorized access, disclosure, and destruction.
Availability: Ensuring systems are available for operation and use as agreed upon.
Processing Integrity: Ensuring that system processing is complete, valid, accurate, timely, and authorized.
Confidentiality: Ensuring that confidential information is protected.
Privacy: Addressing the collection, use, retention, disclosure, and disposal of personal information.
This Privacy Policy describes our practices with respect to Personal Information we collect from or about you when you use our website and service (collectively, "Services").
Our Responsibility
At QInsights, we understand that the integrity and confidentiality of your research data are paramount. Safeguarding the privacy of your research participants and ensuring their information remains secure is a responsibility we embrace with utmost seriousness. We are dedicated to continuously advancing our security measures and refining our privacy practices to uphold and surpass the most stringent standards for data protection, specifically catering to the unique needs of researchers and research organizations.
1.1 Infrastructure and Data Hosting
Our operational base in Europe signifies more than just a geographical location; it represents our dedication to upholding the stringent data privacy standards set by the European Union. QInsights is supported by a robust infrastructure, with our main application hosted at Hetzner Online GmbH, Germany and Google Cloud EMEA Limited, Ireland. For more information on third-party vendors, see our Compliance page.
1.1.1 Use of LLMs
We combine various Large Language Models (LLMs) with custom-built algorithms to achieve optimal results. Currently we use the various GPT models through Microsoft Azure Microsoft Ireland Operations Limited for the various analysis options. This might change in the future as we constantly testing what are the best solutions for the purpose of qualitative analysis. If we change the LLMs that we are using, we will inform all registered users. In addition, this information will be made available in the Compliance page.
Location of data centres where data is processed: Sweden, France, The Netherlands
1.1.2 Our Privacy Promise
The privacy and security of your data are paramount at every stage of your interaction with QInsights. We implement advanced encryption, strict access controls, and continuous surveillance to prevent unauthorized access and potential data breaches.
For data at rest, all data is encrypted through 256-bit AES encryption and is FIPS 140-2 compliant.
For data in transit - data moving between user devices and data centers or within and between the data centres themselves - our suppliers adhere to IEEE 802.1AE MAC Security Standards, and use industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
Data is siloed from other company data in a logical order and arrangement.
There are legally binding agreements in place for all third parties used by QInsights B.V. (Privacy Policy, Data Processing Addenda and NDAs).
You can download our DPA here.
1.1.3 Your Data is Yours Alone
As users of QINSIGHTS, you may submit data to the Services ("Input") and, in turn, receive results generated from your Input ("Output"). Collectively, Input and Output constitute "Customer Content." You maintain full ownership rights over the Input and are granted exclusive ownership of the Output. Any data you provide while using our service is processed securely and never used to train or improve the underlying language models. We are committed to ensuring that your data remains confidential and is solely used to provide the services you need, not for model training or any other unintended purpose.
Data Deletion: If you remove a document from your project or delete a project, the document and the project including all related documents and analyses will be permanently removed from our servers.
2. Personal information we collect
We collect information that alone or in combination with other information in our possession could be used to identify you ("Personal Information") as follows:
Personal Information You Provide:
We may collect Personal Information if you create an account to use our Services or communicate with us as follows:
Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history, (collectively, "Account Information").
User Content: When you use our Services, we may collect Personal Information that is included in the input, file uploads, or feedback that you provide to our Services ("Content").
Communication Information: If you communicate with us, we may collect your name, contact information, and the contents of any messages you send ("Communication Information").
Webinars: When you register for a webinar, we will collect Personal Information that you elect to provide to us, such as your contact details and questions related to your webinar attendance.
Personal Information We Receive Automatically From Your Use of the Services:
When you visit, use, and interact with the Services, we may receive the following information about your visit, use, or interactions ("Technical Information"):
Log Data: Information that your browser automatically sends whenever you use our website ("log data"). Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with our website.
Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, computer connection, IP address, and the like.
Device Information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
Cookies: We use cookies to operate and administer our Services and improve your experience on it. A "cookie" is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies or to reject all cookies. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website.
Analytics: We may use a variety of online analytics products that use cookies to help us analyse how users use our Services and enhance your experience when you use the Services.
3. How we use personal information
We may use Personal Information for the following purposes:
To provide, administer, maintain and/or analyse the Services;
To improve our Services and conduct research;
To communicate with you;
To develop new programs and services;
To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and
To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated or De-Identified Information. We may use personal information, such as your email address, in association with the use of our Services for internal analytics purposes. This allows us to improve the quality and functionality of our Services. These analytics are conducted in a manner that keeps your information secure. Any reporting or sharing of information will be done in an aggregated, non-identifiable form.
As noted above, we may use Content you provide us to improve our Services, however, we do not use your content to train AI models.
4. Disclosure of personal information
In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:
Vendors and Service Providers (see sub-processors): To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting, cloud, platform, email communication, operational, scheduling, CRM, community, administration, email newsletter, web analytics, and/or other information technology services. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively a "Transaction"), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.
Affiliates: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with QInsights B.V. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.
Who is responsible for your personal data?
For personal data relating to our website, user accounts, subscriptions, support services, webinars and communications, the data controller is:
QInsights B.V.
Registered address: Bierstraat 123c, 3011 XA Rotterdam, NL
Email for privacy enquiries: security@qinsights.ai
General support email: support@qinsights.ai
Our role when customers use QInsights
QInsights may act in different data-protection roles depending on the type of information being processed.
QInsights as data controller
QInsights acts as the data controller for personal data that we determine how and why to process, including:
account and registration information; contact details; licence and subscription information; billing and transaction information; website usage information; technical and security logs; customer-support communications; webinar registrations; requests for downloadable materials; and newsletter and marketing information.
QInsights as data processor
Customers may upload documents, interview transcripts, survey responses, audio recordings, video recordings and other material to QInsights. This material is referred to in this policy as Customer Content.
For Customer Content, the customer generally determines the purpose of the research or analysis and which information is uploaded. The customer therefore normally acts as the data controller, and QInsights acts as a data processor on the customer's behalf.
QInsights processes Customer Content only:
to provide the contracted QInsights services;
in accordance with the customer's instructions;
as described in our Data Processing Agreement;
as necessary to maintain the security and operation of the service; and
where required by applicable law.
The customer is responsible for ensuring that it has an appropriate legal basis for uploading and analysing personal data through QInsights.
Customer Content
Users may upload or create Customer Content, including:
text documents; interview and focus-group transcripts; open-ended survey responses; reports; spreadsheets; audio recordings; video recordings; project descriptions; metadata and profile variables; user questions and prompts; AI-generated analysis results; notes and saved analysis content; and transcription dictionaries or terminology lists.
Customer Content may include special categories of personal data within the meaning of Article 9 GDPR, such as health data, political opinions, racial or ethnic origin, religious beliefs, or information concerning a person's sex life or sexual orientation. QInsights processes such data solely on behalf of and according to the documented instructions of the customer. The customer, as data controller, is responsible for determining the applicable legal basis under Articles 6 and 9 GDPR, assessing whether the processing qualifies as scientific research, and implementing any safeguards required under Article 89 GDPR or applicable national law.
QInsights does not require customers to upload special-category personal data. The customer decides which data is uploaded and remains responsible for ensuring that the processing is lawful and appropriate. In support, QInsights offers a Data Anonymizer that customers can use to anonymize their data offline.
5. Your rights
Depending on location, individuals in the EEA, the UK, and across the globe may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:
Access your Personal Information.
Delete your Personal Information.
Correct or update your Personal Information.
Transfer your Personal Information elsewhere.
Withdraw your consent to the processing of your Personal Information where we rely on consent as the legal basis for processing.
Object to or restrict the processing of your Personal Information where we rely on legitimate interests as the legal basis for processing.
You can exercise these rights by sending your request to security@qinsights.ai.
6. Children
Our Service is not directed to children who are under the age of 13. QInsights B.V. does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to QInsights B.V. through the Service please email us at security@qinsights.ai. We will investigate any notification and if appropriate, delete the Personal Information from our systems. If you are 13 or older, but under 18, you must have consent from your parent or guardian to use our Services.
7. Links to other websites
The Service may contain links to other websites not operated or controlled by QInsights B.V., including social media services ("Third Party Sites"). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
8. Security and Retention
We implement commercially reasonable technical, administrative, and organisational measures to protect Personal Information both online and offline from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
We'll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, our purpose for processing the information, and any legal requirements.
We may also anonymise or de-identify your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, as described above, in which case we may use this information indefinitely without further notice to you.
9. International Users
QInsights B.V. is established in the Netherlands. Customer Content uploaded to the QInsights application is processed within the European Union.
Other categories of Personal Information may be processed outside the European Economic Area: contact, communication and customer relationship data may be stored in Canada through our customer relationship management provider; and purchase, billing and transaction information is processed in the United Kingdom by Paddle, which acts as our Merchant of Record.
If you believe that we have not adequately addressed a privacy concern, you have the right to lodge a complaint with the Dutch Data Protection Authority or with the competent supervisory authority in your country.
International Data Transfers
Where Personal Information is transferred outside the European Economic Area, QInsights relies on a legally recognised transfer mechanism.
Certain contact and communication data may be processed in Canada. Where the relevant Canadian provider is subject to Canada's Personal Information Protection and Electronic Documents Act, the transfer is covered by the European Commission's adequacy decision for qualifying Canadian commercial organisations.
Purchase, billing and transaction information is processed by Paddle in the United Kingdom. The United Kingdom is currently recognised by the European Commission as providing an adequate level of protection for personal data.
Where an adequacy decision does not apply, QInsights uses appropriate safeguards, such as the European Commission's Standard Contractual Clauses or another legally recognised transfer mechanism.
10. Cookie Policy
This Cookie Policy explains how QInsights B.V. uses cookies and similar technologies to recognise you when you visit our Services. It explains what these technologies are and why we use them, as well as your rights to control our use of them.
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Services to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our online properties.
The specific types of first and third-party cookies served through our Services and the purposes they perform are described below:
Strictly Necessary Cookies: These cookies are strictly necessary to provide you with services available through our Services and to use some of its features, such as access to secure areas.
Performance and Analytics Cookies: These cookies are used to monitor and enhance the performance and functionality of our Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in your web browser or upon visiting our website.
11. Sub-processors
See the Compliance page.
12. Changes to the privacy policy
We may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy.
13. How to contact us
Please contact support or security@qinsights.ai if you have any questions or concerns not already addressed in this Privacy Policy.