Privacy Policy for Questic Inc

1. Introduction

Questic Inc. ("Questic," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at https://www.questic.io/ and any associated subdomains (including but not limited to go.questic.io and app.questic.io) and use our CRM platform and task management software services (collectively, the "Services"). By using our Services, you consent to the collection and use of your personal information as described in this Privacy Policy.

2. Scope and Application

This Privacy Policy applies to all personal information collected by Questic through our website, Services, and related applications. This Policy does not apply to information collected by third parties or to websites, applications, or services that we do not own or control, even if they are linked to from our Services.

When you use our Services to manage your own customers' data, you act as a data controller and we act as a data processor. In such cases, you are responsible for ensuring compliance with applicable privacy laws regarding your customers' data, including obtaining necessary consents and providing appropriate privacy notices.

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Information: Name, email address, phone number, company name, and password when you create an account
• Payment Information: Billing address, payment method details (processed securely through Stripe), and transaction history
• Profile Information: Additional details you choose to add to your user profile
• Communications: Information you provide when you contact us for support, feedback, or inquiries
• Content: Data, files, and information you upload, store, or process through our Services

3.2 Customer Data

Through your use of our Services, we may collect and process data about your customers or end users that you choose to store or manage through our platform. This may include contact information, interaction history, tasks, and other business-related data. You are responsible for ensuring you have the legal right to collect and process this data and to share it with us for processing through our Services.

3.3 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

• Technical Information: IP address, browser type and version, operating system, device identifiers, and connection information
• Usage Information: Pages visited, time spent on pages, click-through rates, features used, and other usage statistics
• Location Information: General location information based on your IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

Your Opt-Out Rights: You have the right to opt out of certain automatic data collection before it begins. You can manage your cookie preferences through your browser settings or our cookie consent tool when you first visit our website. For more information about your opt-out rights, please see Section 9 (Your Rights and Choices) and Section 11 (Cookies and Tracking Technologies).

3.4 Information from Third Parties

We may receive information about you from third parties, including:

• Payment Processors: Transaction information from Stripe and other payment providers
• Analytics Providers: Usage and performance data from analytics services
• Security Providers: Fraud prevention and security monitoring information
• Integration Partners: Data from third-party services you connect to our platform

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Platform Functionality

• Provide, operate, and maintain our CRM platform and task management services
• Process and fulfill your subscription and service requests
• Enable platform features and functionality
• Facilitate data storage, processing, and retrieval



4.2 Account Management

• Create and manage your user account
• Authenticate your identity and secure your account
• Provide access to your account dashboard and settings
• Manage your subscription and billing

4.3 Payment Processing

• Process subscription payments and manage billing
• Detect and prevent fraudulent transactions
• Generate invoices and payment records
• Manage refunds and billing disputes

4.4 Customer Support

• Respond to your questions, requests, and support inquiries
• Troubleshoot technical issues and provide assistance
• Provide training and onboarding support
• Follow up on support interactions

4.5 Platform Improvements and Development

• Analyze usage patterns and user behavior to improve our Services
• Develop new features and functionality
• Conduct research and analytics
• Test and optimize platform performance

4.6 Communications

• Send transactional messages related to your account and Services
• Provide important updates about our Services
• Send marketing communications (with your consent where required)
• Notify you of security updates or policy changes

4.7 Security and Fraud Prevention

• Monitor for and prevent fraudulent or unauthorized activity
• Protect the security and integrity of our Services
• Investigate security incidents and violations
• Implement access controls and authentication measures

4.8 Legal Compliance and Protection

• Comply with applicable laws, regulations, and legal processes
• Protect our rights, property, and legal interests
• Enforce our Terms of Service and other agreements
• Respond to legal requests and government inquiries

5. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: To provide our Services and fulfill our contractual obligations to you
• Legitimate Interest: To improve our Services, ensure security, and operate our business
• Consent: Where you have provided specific consent for processing (e.g., marketing communications)
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect the safety and security of our users and Services

6. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who help us operate our business and provide our Services, including:

• Payment Processing: Stripe and other payment processors to handle transactions
• Cloud Hosting: Hosting and infrastructure providers to store and process data
• Analytics: Analytics providers to understand usage and improve our Services
• Customer Support: Support tools and platforms to provide customer assistance
• Security: Security and fraud prevention services

6.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes, including:

• Compliance with legal obligations
• Response to subpoenas, court orders, or government requests
• Protection of our rights, property, or safety
• Investigation of potential violations of our Terms of Service

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption: SSL/TLS encryption for data in transit and encryption for sensitive data at rest
• Access Controls: Role-based access controls and authentication requirements for our systems
• Infrastructure Security: Secure hosting environments with regular security updates and monitoring
• Regular Assessments: Periodic security assessments and vulnerability testing
• Employee Training: Security awareness training for our team members
• Incident Response: Procedures for detecting, responding to, and reporting security incidents

While we strive to protect your information using industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your information.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Information: Retained while your account is active and for a reasonable period after account closure
• Transaction Data: Retained for legal and accounting purposes as required by law
• Usage Data: Typically retained for up to 2 years for analytics and improvement purposes
• Communications: Support communications retained for up to 3 years
• Customer Data: Retained according to your instructions and applicable legal requirements

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention procedures.

9. Your Rights and Choices

9.1 General Rights

You have certain rights regarding your personal information, including:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information in certain circumstances
• Opt-Out: Opt out of marketing communications and certain data processing activities

9.2 State-Specific Rights (U.S. Residents)

Residents of certain U.S. states have additional rights under applicable state privacy laws:

9.2.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and share
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell personal information)
• Correct inaccurate personal information
• Non-discrimination for exercising your privacy rights

9.2.2 Texas Residents (TDPSA)

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA), including:

• Know what personal information we collect, use, and share
• Request deletion of your personal information
• Opt out of the sale of personal information and targeted advertising
• Correct inaccurate personal information
• Non-discrimination for exercising your privacy rights
• Right to appeal our denial of a request

Right to Appeal: You have the right to appeal our denial of a request. If we reject your appeal, you may contact the Attorney General at Consumer Protection | Office of the Attorney General.

9.2.3 Virginia, Colorado, Utah, Connecticut, and Other State Residents

Residents of Virginia, Colorado, Utah, Connecticut, and other states with comprehensive privacy laws may have similar rights to those described above, subject to the specific requirements of applicable state law.

9.3 European Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to portability of your data
• Right to object to processing
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

9.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@questic.io or call us at 801-515-3008. We may need to verify your identity before processing your request. We will respond to verified requests within the timeframes required by applicable law. If we deny your request, we will provide you with an explanation and information about your right to appeal, where applicable.

10. Children's Privacy

Our Services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at support@questic.io.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience with our Services. Cookies are small text files stored on your device that help us remember your preferences and improve our Services. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period).

Types of cookies we use include:

• Essential Cookies: Necessary for basic functionality of our Services
• Performance Cookies: Help us understand how users interact with our Services
• Functional Cookies: Enable enhanced features and personalization
• Analytics Cookies: Provide insights into usage patterns and performance

Cookie Consent and Opt-Out: When you first visit our website, you will have the opportunity to accept or decline non-essential cookies through our cookie consent tool. You can control cookie settings through your browser preferences at any time. However, disabling certain cookies may affect the functionality of our Services. We will not collect non-essential cookie data until you have had the opportunity to opt out or provide consent where required by applicable law.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Questic. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services before providing your personal information. We are not responsible for the privacy practices or content of third-party services.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your country. When we transfer your information internationally, we implement appropriate safeguards to protect your information in accordance with applicable law.

14. Payment Processing

We use Stripe as our primary payment processor for handling subscription payments and transactions. When you make a payment, your payment information is transmitted directly to Stripe and processed according to Stripe's privacy policy and security standards. We do not store complete credit card numbers or sensitive payment information on our servers.

Stripe is PCI DSS compliant, which means they meet strict security standards for handling payment card information. For more information about Stripe's privacy practices, please visit https://stripe.com/privacy.

15. Customer Data

When you use our Services to manage your customers' or end users' data, you acknowledge and agree that:

15.1 Your Responsibilities

• You are the data controller for your customers' data and are responsible for compliance with applicable privacy laws
• You must obtain necessary consents from your customers before collecting and processing their data
• You must provide appropriate privacy notices to your customers
• You are responsible for responding to data subject rights requests from your customers
• You must ensure you have the legal right to collect, process, and share customer data through our Services

15.2 Our Role

• We act as a data processor when processing customer data on your behalf
• We process customer data only as instructed by you and as necessary to provide our Services
• We implement appropriate security measures to protect customer data
• We will assist you in responding to data subject requests as reasonably practicable

15.3 Data Processing Agreement

Our processing of customer data is governed by our Data Processing Agreement, which forms part of our Terms of Service and provides additional details about data processing responsibilities and requirements.

16. Do Not Track Signals

Some web browsers incorporate "Do Not Track" features. Currently, no uniform standard exists for how companies should respond to Do Not Track signals. Our Services do not currently respond to Do Not Track browser signals or mechanisms.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website
• Updating the "Effective Date" at the top of this Policy
• Sending email notification to registered users (for significant changes)
• Providing notice through our Services

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.