Privacy Policy
Last Updated: August 14, 2024
Effective Date: August 14, 2024
Domain: https://quorso.xyz
1. Introduction
Quorso Tech ("we," "us," or "our") develops custom web/mobile applications, ML/AI APIs, subscription-based products, and business automation tools. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website (https://quorso.xyz), open-source projects, paid products, or services (collectively, "Services"). By accessing our Services, you consent to this policy.
Age Requirement: Our Services are designed for users 18 years and older. We do not knowingly collect data from individuals under 18.
2. Information We Collect
Personal Information:
Account Data: Name, email, contact details, organization information (for paid subscriptions).
Payment Data: Billing address, transaction history (processed securely via third-party gateways like Paddle/PayPal).
Communications: Messages, support queries, feedback
Identity Verification: For enterprise clients using specialized tools (school management systems, transcript generators), we collect and verify organizational credentials and authorization documents
Non-Personal/Automated Information:
Usage Data: IP address, browser type, device identifiers, pages visited, session duration.
Cookies/Tracking: Analytics cookies (e.g., Google Analytics).
Open-Source Contributions: GitHub username, public activity (if you engage with our open-source projects).
ML/AI Products:
API Input Data: Data you submit to our ML/AI models for processing (e.g., text, images, documents)
Technical Logs: Error reports, performance metrics
Business Process Data: Information processed through our automation tools (stored temporarily for processing only)
3. How We Use Your Information
Purpose | Legal Basis | Explanation |
|---|---|---|
Service Delivery & Paid Products | Contractual obligation | To provide the services you have subscribed to and fulfill our commitments under your service agreement. |
Payment Processing | Contractual obligation, Legal compliance | To process your payments and maintain financial records as required by law. |
Support & Inquiries | Legitimate interest | To respond to your queries, resolve issues, and improve our customer support experience. |
Marketing Communications | Consent | We will only send you marketing communications with your explicit opt-in consent. |
Service Improvement (Aggregated Data) | Legitimate interest | To understand how our services are used and improve their performance based on anonymized, non-personal data. |
ML Model Training (Client-Specific) | Contractual obligation | To build and refine machine learning models specific to your business as per your service agreement. |
Analytics Cookies | Consent | Based on your explicit choices in our cookie banner. |
Identity Verification | Legal compliance | To verify the identity of enterprise clients as part of our legal and security obligations. |
Business Process Automation | Contractual obligation | To fulfill the services of our automation tools as agreed upon in our contract with your organization. |
Human Oversight and AI Decisions
While we use AI and machine learning to assist in our decision-making processes (e.g., fraud scoring), we have implemented strict human oversight protocols. No automated decisions are made without human review and approval. This ensures that all final decisions are fair, accurate, and do not rely solely on automated processing.
4. Data Processing and Storage
Service Providers:
Cloud Storage: Google Cloud Platform, Amazon Web Services (AWS)
Image Storage: Cloudinary
Meeting Scheduling: Zcal
Payment Processing: Paddle, PayPal
Analytics: Google Analytics
Data Location:
Your data may be processed and stored on servers located globally through our cloud providers (Google Cloud, AWS). All data transfers are protected by appropriate safeguards including Standard Contractual Clauses and encryption.
5. Data Retention
Account Data: Retained until account deletion or upon user request.
Payment Records: Retained for 7 years for legal compliance.
API Processing Data: Deleted immediately after processing unless explicitly requested to be stored for a specific purpose (e.g., for model training under a specific contract).
Support Communications: Retained for 2 years for service improvement.
Marketing Data: Retained until consent is withdrawn.
Enterprise Verification Records: Retained for the duration of service agreement plus 1 year.
Deletion Timeline: Upon request or account deletion, personal data is permanently deleted within 30 days. Encrypted backups may retain data for up to 90 days for technical recovery purposes only.
6. Sharing of Information
We never sell your data. Limited sharing occurs only with:
Payment Processors: To complete transactions (e.g., Paddle, PayPal)
Cloud Providers: Hosting and storage services (Google Cloud, AWS, Cloudinary)
Service Providers: Meeting scheduling (Zcal), analytics (Google Analytics)
Legal Compliance: If required by law (e.g., subpoenas, court orders)
Business Transfers: Mergers/acquisitions (with confidentiality safeguards)
Client Confidentiality: Client identities and project details are kept strictly confidential. We may display client names and organization roles in testimonials only with explicit written consent.
7. Data Security
We implement:
Encryption: TLS/SSL for data in transit; AES-256 for data at rest
Access Controls: Role-based permissions; staff training
Regular Audits: Vulnerability assessments and security reviews
Incident Response: 72-hour breach notification (where legally required)
Secure Processing: All ML/AI processing occurs on encrypted, access-controlled servers
8. Your Rights
You may:
Access, correct, or delete personal data
Withdraw consent (e.g., unsubscribe from emails)
Object to processing (e.g., opt out of analytics cookies)
Request data portability (provided in JSON format for paid services)
Request information about data processing activities
California Residents (CCPA): You have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to non-discrimination for exercising these rights.
EU/UK Residents (GDPR): You have the right to lodge a complaint with your local data protection authority.
To exercise rights, contact support@quorso.xyz. We respond within 30 days (or 45 days for complex requests).
9. Cookies & Tracking
Essential Cookies
These cookies are necessary for the core functionality of our Services, such as enabling login sessions and processing payments. They do not require your consent and cannot be opted out of.
Analytics and Functionality Cookies
We use these cookies to understand how you interact with our website, which pages you visit, and how long you stay. This helps us improve our Services. These cookies are not strictly necessary and are only placed on your device with your explicit consent via our cookie banner.
10. International Data Transfers
Data may be transferred globally but protected via:
Standard Contractual Clauses (EU/UK)
Adequate protection measures as required by applicable law
Encryption and access controls
11. Children's Privacy
Our Services are designed for users 18 years and older. We do not knowingly collect data from individuals under 18. If we discover we have collected such data, we will delete it immediately.
12. Open-Source Projects
Contributions to GitHub projects are publicly visible. Review GitHub's privacy policy for more information. We may showcase open-source contributions in our portfolio with contributor consent.
13. Business Automation Tools
For enterprise clients using specialized tools (school management systems, transcript generators):
Identity verification is mandatory and conducted manually
Access is restricted to authorized personnel only
All usage is logged and monitored
Data is processed only for the intended business purpose
14. Policy Updates
We notify users of material changes via email or website banners. Continued use implies acceptance of updated terms.
15. Legal Compliance
This policy is governed by the laws of Bangladesh. For any disputes, we encourage contacting us directly first. If resolution cannot be reached, disputes may be subject to the jurisdiction of courts in Bangladesh.
16. Contact Us
For questions, data requests, or complaints:
Email: privacy@quorso.xyz
Address: 309 Lalbag Road, Dhaka, Bangladesh
Phone: +880 1711 350631
Response Time: Within 30 days for standard requests
This privacy policy is designed to comply with GDPR, CCPA, and other applicable privacy laws. However, laws vary by jurisdiction, and we recommend consulting with legal counsel for specific compliance requirements.
