Privacy Policy

Last updated: 1 April 2026

This Privacy Policy explains how Keith Burke trading as QualiHQ ("we", "us", "our") collects, uses, and protects your personal data when you use the QualiHQ service.

We are the data controller for the personal data described in this policy. You can contact us at [email protected].

1. Data we collect

Account data: When you register, we collect your name, email address, company name, and password (stored as a secure hash).

Billing data: Payment is processed by Stripe. We do not store your card details. We retain records of subscription status, plan, and transaction history.

QMS content: Requirements, verifications, risk analyses, releases, issues, CAPAs, and other content you create within QualiHQ.

Usage data: Log data including IP addresses, browser type, pages visited, and actions taken within the service. This is used to operate, improve, and secure the service.

Communications: If you contact us by email or through the contact form, we retain those communications to respond to your enquiry.

2. How we use your data

We use your data to:

  • Create and manage your account
  • Provide and operate the QualiHQ service
  • Process payments and manage subscriptions
  • Send transactional emails (email verification, billing receipts, important service notifications)
  • Respond to support enquiries and contact form submissions
  • Monitor and improve the security and performance of the service
  • Comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising purposes.

3. Legal basis for processing

We process your data under the following legal bases:

  • Contract: Processing necessary to provide the service you have signed up for
  • Legitimate interests: Security monitoring, fraud prevention, and service improvement
  • Legal obligation: Where we are required to process data by law
  • Consent: Where you have given explicit consent, such as for optional communications

4. Data processors and third parties

We use the following third-party services to operate QualiHQ. Each is bound by appropriate data processing agreements:

  • Stripe -- payment processing and subscription management
  • Resend -- transactional email delivery (verification codes, billing notifications)
  • Groq -- AI inference for QMS generation features. Content you submit to the AI bootstrap feature is processed by Groq's API
  • Amazon Web Services (AWS) -- application and database hosting

We do not share your data with any other third parties except where required by law.

5. Data retention

We retain your account data and QMS content for as long as your account is active. If you delete your account, your data is retained for 30 days to allow for recovery, after which it is permanently deleted.

Billing records may be retained for longer where required by tax or financial regulations.

6. Your rights

Under GDPR you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data, subject to legal retention obligations
  • Portability: Request your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (Ireland) at dataprotection.ie.

7. Cookies

We use essential cookies only. These are required for authentication and session management and cannot be disabled without breaking the service. We do not use tracking, advertising, or analytics cookies.

8. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. International transfers

Some of our third-party processors (including Stripe, Resend, and Groq) operate outside the European Economic Area. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by a notice within the service. Continued use of QualiHQ after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any questions or requests relating to this Privacy Policy, contact us at [email protected].

We use essential cookies for authentication. We'd also like to use analytics cookies to understand how people use the site. Privacy policy