Privacy Policy

Last updated: April 20, 2026

1. Introduction

Q-Root ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our exception management platform and marketing website.

2. Information We Collect

Account Information

When you register for Q-Root, we collect:

  • Name and email address
  • Organisation name and details
  • Password (stored encrypted, never in plaintext)

Usage Data

We automatically collect information about how you interact with Q-Root, including pages visited, features used, and session duration.

Customer Database Credentials

When you connect your customer database, we store your database connection credentials encrypted at rest. These are used solely to establish a secure connection to your infrastructure for reading exception and error data.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Q-Root services
  • Process your subscription and billing
  • Send you service-related notifications (SLA alerts, assignment notices)
  • Respond to your enquiries and support requests
  • Ensure security and prevent fraud

4. Data Architecture

Q-Root uses a hybrid architecture designed to protect your data:

  • Your Database: Raw exception logs, error logs, and activity logs are stored on your own infrastructure. This data never leaves your systems.
  • Q-Root Platform: Account information, organisation structure, workflow configuration, assignments, and comments are stored on our secured platform infrastructure.

5. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of database credentials at rest
  • TLS encryption for all data in transit
  • Role-based access control with customer-scoped permissions
  • Regular security assessments

6. Third-Party Services

We use the following third-party services:

  • Stripe: For payment processing. Stripe's privacy policy applies to payment data.
  • MailerSend: For transactional email delivery.

7. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your configuration data is retained for 90 days before deletion. Your customer database data remains entirely on your infrastructure at all times.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your configuration data
  • Withdraw consent for optional communications

9. Contact

For privacy-related enquiries, contact us at privacy@qroot.io or via the contact form.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.