Effective Date: 16.05.2025
At Qlarr, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your data, and how we ensure compliance with the General Data Protection Regulation (GDPR).

1. Information We Collect
We may collect the following types of information when you use Qlarr:
a) Personal Information
Name, email address, and other contact details provided during registration or communication with us.
Billing information, if applicable.
b) Survey Data
Data you collect through surveys created on our platform, including responses and metadata.
You remain the data controller for this information, and Qlarr processes it on your behalf as a data processor.
c) Device & Usage Information
IP address, browser type, operating system, device model, and usage patterns.
Error logs and crash reports to diagnose and improve platform performance.
d) Cookies & Tracking Technologies
Cookies and similar technologies are used to analyze traffic, remember preferences, and enhance the user experience.

2. Legal Basis for Processing
We process your personal data based on one or more of the following lawful bases:
Consent: When you explicitly agree (e.g., for marketing or cookies).
Contractual Necessity: To provide you with the services you’ve requested.
Legitimate Interests: To improve and maintain our platform and ensure its security.
Legal Obligations: To comply with legal or regulatory requirements.

3. How We Use Your Information
We use your data to:
Provide and improve our services.
Communicate with you about updates, offers, and support.
Monitor platform performance and resolve technical issues.
Ensure compliance with legal and regulatory requirements.

4. Data Ownership
Survey Data: You retain full ownership of your survey data. Qlarr does not access or share your data unless explicitly authorized by you.
Open-Source Platform: If you use our self-hosted option, all data remains fully within your control.

5. Data Subprocessors
To deliver and improve our services, we work with carefully selected third-party service providers (subprocessors). These providers support core functions such as infrastructure and analytics. All subprocessors are assessed for GDPR compliance and appropriate data protection safeguards.

Our current subprocessors include:

• Amazon Web Services (AWS) – Provides secure hosting infrastructure. Data is stored in Frankfurt, Germany (EU Central-1 region).
• Google LLC (Firebase Analytics) – Provides analytics services to help us understand usage patterns and improve platform performance. Data may be processed in the United States and other countries where Google operates. Data transfers are protected using Standard Contractual Clauses (SCCs) and other legal safeguards.

6. Data Retention
We retain your personal data only for as long as necessary to:
Provide our services.
Comply with legal obligations.
Resolve disputes.
Specific Retention Periods:
Survey Data: Retained for 24 months after the last activity on your account or until deleted by you.
Account Information: Retained while your account is active and for up to 12 months after account closure, unless otherwise required by law.
Usage Data: Data collected via Firebase Analytics is retained for up to 14 months, consistent with Firebase’s data retention settings, and is used for performance analysis, diagnostics, and user experience improvements.

7. Your Rights
Under GDPR, you have the following rights:
Access: Request a copy of your personal data.
Correction: Correct inaccurate or incomplete data.
Deletion: Request deletion of your data where applicable.
Restriction: Restrict processing of your data in certain cases.
Data Portability: Receive your data in a structured, machine-readable format.
Objection: Object to data processing, such as for direct marketing.
Withdraw Consent: If data is processed based on consent, you can withdraw it at any time.
As the data controller of survey data, you are also responsible for ensuring GDPR compliance for the data you collect.
To exercise these rights, contact us at contact@qlarr.com.

8. Data Security
We implement industry-standard measures, including encryption and secure servers, to protect your personal data. While we work hard to safeguard your information, no system is entirely secure, so please use our platform responsibly.

9. International Data Transfers
Qlarr ensures that any data transfers outside the European Economic Area (EEA) comply with GDPR.
Data Storage Locations: Your data is securely stored on Amazon Web Services (AWS) servers located in Frankfurt, Germany (EU Central-1 region).
Safeguards: We use Standard Contractual Clauses (SCCs) and other appropriate safeguards to protect your data during international transfers, such as those involving Firebase Analytics which may process data outside the EEA.

10. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
Notify the relevant supervisory authority within 72 hours, as required by GDPR.
Inform affected users promptly with details of the breach and steps taken to mitigate it.

11. Cookies Policy
Qlarr uses cookies to:
Analyze usage patterns and optimize platform performance.
Remember user preferences for a personalized experience.
Track anonymous data for troubleshooting and analytics.
Cookie Consent Banner: Upon visiting our platform, you will see a cookie consent banner that allows you to:
Accept all cookies.
Manage specific cookie preferences.
Withdraw consent at any time through your browser settings or our cookie management tool.

12. Updates to this Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted here, and the “Effective Date” will be revised.

13. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy, please contact us at:
Email: contact@qlarr.com
Address: Unit 3D North Point House, North Point Business Park, New Mallow Road Cork, Co. Cork, Cork, Ireland