Welcome to Qwibik One. We are committed to protecting your privacy and ensuring you have a positive experience on our website and when using our cloud-based organization operating system, CRM, commerce systems, and other tools (collectively, the 'Services').
This Privacy Policy explains how Qwibik Technologies, Inc. ('Qwibik', 'we', 'us', or 'our') collects, uses, discloses, and safeguards your Personal Information when you visit our website at https://one.qwibik.com, create or join a workspace, or interact with any other touchpoint of Qwibik.
Important Note on Controllership
Under global privacy laws (including the EU GDPR, UK GDPR, and Brazil's LGPD), Qwibik operates in two distinct capacities. For account registration, billing, marketing, and web analytics, Qwibik acts as the Data Controller. For all data created, stored, or processed within an active customer organization workspace (including CRM contacts, tasks, reports, and team collaboration records), the customer organization is the Data Controller, and Qwibik acts strictly as the Data Processor acting on instructions. Please contact your organization administrator to exercise rights regarding workspace data.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services or request access to Qwibik workspaces.
We collect several categories of information depending on how you interact with Qwibik, whether as a visitor, a registered workspace member, or an organization owner.
Account Registration Details: When you sign up, we collect identifiers such as your full name, business email address, credentials (e.g. via security tokens or authentication services), company name, job title, and profile photograph.
Workspace & Tenant Configuration: Details about how you structure your organization workspace, including workspace names, team hierarchies, assigned member roles, custom permissions, and system settings.
Workspace Operational Data: Information inputted during the operational use of the modules: relationship records (contacts, emails, phone numbers in CRM), commercial configurations (quotes, invoice numbers, service pricing), operations notes (tasks, priorities, and workflow logs), and custom modules.
Billing & Financial Information: For paid workspaces, we collect billing addresses, tax identifiers, and payment card details. Note that actual card processing is done securely via PCI-DSS compliant third-party gateways (e.g., Stripe); we do not store full credit card numbers directly on our databases.
Third-Party Integration Tokens: Access tokens, configurations, webhook setups, and client keys provided to connect external tools (e.g., email accounts, external storage buckets, calendar clients) through the Qwibik Marketplace.
We also collect certain technical and usage information automatically during your visit:
Device & Connectivity Metadata: IP addresses, browser specifications (browser name, language settings, user agent), operating system names, screen density, device categories, and network service providers.
Usage Activity Records: Log details recording your interactions with the Qwibik One app (buttons clicked, pages viewed, time spent on dashboard layers, system load metrics, feature triggers, and search logs).
Cookies & Tracking Technologies: Unique identifiers stored via first-party cookies and third-party scripts (e.g. Google Analytics, Vercel logs) to identify session details, remember preferences, and verify authorization states.
We process your Personal Information for specific, transparent purposes aligned with our core business operations:
Workspace Provisioning & Authentication: To create your unique tenant spaces, verify your email and login security, manage user profiles, and enforce access controls across organization layers.
Core Service Delivery: To run the modular systems of Qwibik One, including synchronizing CRM contacts, tracking operations workflows, rendering reports, routing integrations, and generating metrics.
Customer Billing & Management: To collect fees, issue invoices, track pricing packages, manage workspace subscription states, and coordinate contract renewals.
Operational Communications: To send system notifications, security alerts, service updates, critical maintenance alerts, and administrative messages.
Security & Fraud Prevention: To monitor workspace activity, detect malicious behaviors, audit API access, investigate unauthorized entry, and safeguard overall platform infrastructure.
Performance Optimization & Analysis: To diagnose platform bottlenecks, resolve software crashes (via Sentry logging), monitor page loads (via Vercel), and aggregate feature usage data (via Google Analytics).
If you reside in the European Economic Area (EEA) or the United Kingdom (UK), we only process your Personal Information under valid legal bases set out in Article 6 of the General Data Protection Regulation (GDPR):
Processing Purpose
Data Category
GDPR Legal Basis (Article 6(1))
Platform registration, sign-in, and workspace creation
Account details, identifiers, secure tokens
Contractual Necessity - Art. 6(1)(b)
Workspace OS services, CRM sync, commerce module processing
We do not sell, rent, or trade your Personal Information. We only share data under the following limited circumstances:
With Workspace Administrators: Because Qwibik is workspace-first, workspace owners and administrators have full visibility into your name, email, workspace roles, active logs, and data entries within that tenant environment.
With Trusted Subprocessors & Service Providers: We employ third-party service providers to handle specialized infrastructure, analytics, authentication, and communication tasks. These parties process data under strict data processing agreements conforming to privacy laws.
For Regulatory or Legal Compliance: We may disclose information if required to comply with subpoenas, court orders, or applicable local and international laws, or when we believe disclosure is necessary to protect the security of our platform, our customers, or the public.
Business Transactions: In connection with any merger, acquisition, restructuring, sale of assets, or bankruptcy, user data may be transferred to the acquiring business, subject to continued compliance with this Privacy Policy.
To deliver the high-performance Services of Qwibik One, we utilize the following third-party subprocessors:
Subprocessor Entity
Service Provided
Location / Region
Vercel Inc.
Frontend hosting, Edge routing, Web analytics
United States (Global edge nodes)
Cloudflare Inc.
Object storage (R2), DNS routing, and CDN caching
United States (Global edge nodes)
Firebase (Google LLC)
Real-time database hosting, User authentication, and cloud messaging
United States / EU multi-region
Google Analytics (Google LLC)
Web analytics and visitor interaction reporting
United States
Functional Software Inc. (Sentry)
Real-time error logging, crash analytics, and stack-trace debugging
United States
Any subprocessor we engage is contractually bound to process your Personal Information only for the purposes defined in our agreement, and must maintain security measures that meet or exceed Qwibik's standards.
We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with statutory legal, tax, or regulatory obligations.
Account Profile Details: Retained as long as your user account remains active. If your account remains inactive for a period exceeding 24 months, we will notify you and proceed to archive or delete the account.
Workspace Records: Data entered into active workspaces is retained for the duration of the organization's subscription. Workspace administrators can request deletion of specific workspace databases or files at any time.
Diagnostic Logs: Security logs and crash logs (including Sentry trails) are automatically purged or anonymized after 90 days.
Anonymized/Aggregated Analytics: Usage logs compiled via Google Analytics are stored in aggregated form and do not identify specific individuals after 14 months.
Once the retention period expires or a valid deletion request is processed, we delete or anonymize the data. Backup copies stored on secure, offline storage partitions are naturally overwritten within a maximum window of 30 days.
Qwibik operates globally, and your Personal Information may be transferred to, stored in, or processed by teams in the United States, the European Union, and other global operational hubs.
To ensure your data remains protected when transferred internationally, Qwibik implements the following safeguards:
Standard Contractual Clauses (SCCs): We incorporate the European Commission's approved Standard Contractual Clauses (and the UK International Data Transfer Addendum) into our Standard Data Processing Addendum (DPA) with customers and vendor agreements.
EU-U.S. Data Privacy Framework (EU-U.S. DPF): Qwibik complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the EEA and the UK.
Supplementary Safety Measures: We encrypt all personal data both in transit (using TLS 1.3) and at rest (using AES-256) to prevent unauthorized interception during transit across border segments.
Depending on your geographic location, you possess distinct legal rights regarding your Personal Information. Under GDPR and Brazil's LGPD, these rights include:
Right of Access: You can request copies of the Personal Information we hold about you.
Right to Rectification: You have the right to request correction of inaccurate, outdated, or incomplete data.
Right to Erasure (Right to Be Forgotten): You can request that we delete your personal data under certain conditions.
Right to Restrict Processing: You can request that we limit the scope or methods of processing your data.
Right to Data Portability: You can request that we transfer your collected data to another provider, or directly to you, in a structured, machine-readable format.
Right to Object: You have the right to object to our processing of your personal data, particularly regarding direct marketing and automated profiling.
Right to Lodge a Complaint: You can file a formal complaint with a national Data Protection Authority (e.g. the CNIL in France, the ICO in the UK, or the ANPD in Brazil) if you believe Qwibik has breached data protection laws.
To submit a request or exercise any of your rights, please email our privacy team at privacy@qwibik.com. We will respond to verified inquiries within 30 days.
This section provides disclosures required under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), and other US State laws.
CCPA/CPRA Category
Personal Information Elements Collected
Sources
Commercial Purpose
Category A: Identifiers
Full name, business email, IP address, account username, unique system tokens
Direct registration, server logs
Provide account access, verify identity, monitor security
Category B: Customer Records
Name, billing address, card payment tokens, telephone number
Billing forms, Stripe transactions
Process payments, manage subscriptions, resolve disputes
Category C: Commercial Information
Services purchased, license tier, integration usage count, search history
Tailor organization OS configurations, configure role controls
California 'Do Not Sell or Share My Info' Declaration
Qwibik does not sell your Personal Information for monetary compensation. However, we do 'share' Category A (Identifiers) and Category F (Internet Activity) details with Google Analytics to analyze platform performance. California residents have the right to opt-out of this sharing. To exercise this right, please adjust your cookies settings in our Cookie Consent Banner or contact privacy@qwibik.com.
We do not use or disclose 'Sensitive Personal Information' (as defined by the CPRA) for any purpose other than to perform the Services or as otherwise permitted by California law. California consumers have the right to request access, correction, deletion, and non-discrimination. Verifiable requests can be submitted via email.
We implement robust technical and organizational measures to safeguard your Personal Information against accidental loss, unauthorized access, destruction, and alteration:
Encryption Safeguards: We enforce Transport Layer Security (TLS 1.3) for all browser traffic and API routes. Databases and disk backups are encrypted at rest using AES-256 standard algorithms.
Access Control Protocols: Access to internal data tables is restricted to specific authorized personnel based on the Principle of Least Privilege (PoLP). All internal access undergoes authentication logging.
System Resiliency & Backups: Data is hosted in tier-IV data centers featuring redundant power grids and fire controls. Backups are generated daily and stored in separate encrypted storage regions.
Vulnerability Auditing: We run automated dependency monitors to patch code packages, conduct regular penetration tests, and audit workspace actions via audit logs.
If you have any questions, comments, or concerns regarding this Privacy Policy, our data protection practices, or if you wish to exercise your rights, please reach out to us:
We have designated a Data Protection Officer (DPO) to oversee compliance and address data requests. You can contact them and our privacy team directly:
Qwibik Privacy Office
Qwibik Technologies, Inc. Attn: Data Protection Officer 500 Delaware Ave, Suite 110 Wilmington, DE 19801, USA
