Privacy Policy

This Privacy Policy explains how Quiresoft Technologies Inc. (“Quiresoft,” “we,” “us”), a corporation registered in British Columbia, Canada, collects, uses, discloses, and safeguards personal information through QuickLinq (the “Service”), a product owned and operated by Quiresoft.

We comply with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), and other applicable provincial privacy laws. We provide additional rights where required by the EU and UK GDPR, the California Consumer Privacy Act (CCPA, as amended by the CPRA), and other applicable laws.

1. Who We Are

Quiresoft Technologies Inc. is the controller (or equivalent under applicable law) of personal information processed about our Customers (account holders) in connection with their use of the Service. For information that our Customers submit about their own End Clients, jobs, quotes, and invoices, Quiresoft acts as a processor (or service provider) on the Customer’s behalf, and that processing is governed by the Data Processing Addendum in Part C.

2. Scope of This Policy

This policy applies to personal information we collect through the QuickLinq website, web application, mobile applications, and related services. It does not apply to third-party websites or services that we do not operate, including Stripe’s payment processing services, which are governed by Stripe’s own privacy notice.

3. Information We Collect

3.1 Information you provide

• Account information: name, email, password (hashed), business name, role, phone number, and profile photo.
• Business and operational data: company settings, branding, service catalog, team member information, and configuration.
• End-Client and document data: the names, addresses, contact details, job notes, quotes, invoices, payments, and other information you enter about your End Clients.
• Payment metadata: Stripe Connect account identifiers, payout status, transaction amounts and timestamps, and the last four digits of cards used by End Clients. We do not store full card numbers, CVCs, or full bank account numbers; these are collected and stored by Stripe.
• Communications: support requests, feedback, and emails you send to us.

3.2 Information collected automatically

• Usage and device data: IP address, browser and operating-system type, device identifiers, referring URLs, pages viewed, actions taken, timestamps, and crash diagnostics.
• Cookies and similar technologies: see Section 13.

3.3 Information from third parties

• Stripe: account onboarding status, capability and verification results, payout and transaction metadata.
• Identity providers: if you sign in with a third-party identity provider, basic profile information from that provider.

4. How We Use Information

We use personal information to: provide, operate, secure, and maintain the Service; process subscriptions and platform fees; route payments and payouts through Stripe Connect; send service-related communications, including transactional emails (quotes, invoices, receipts, review requests) on your behalf and to you; provide customer support; improve and develop new features, including by analyzing aggregated or de-identified usage; power AI-assisted features (see Section 6); detect, prevent, and address fraud, security incidents, and abuse; and comply with legal obligations and enforce our Terms.

5. Legal Bases for Processing

Where the GDPR or similar laws apply, we rely on the following legal bases: (a) performance of a contract with you to provide the Service; (b) legitimate interests in operating, securing, and improving the Service, provided those interests are not overridden by your rights; (c) compliance with legal obligations; and (d) your consent, where required (for example, for certain marketing communications). Under PIPEDA and Quebec’s Law 25, we rely on your implied or express consent as appropriate to the sensitivity of the information.

6. Sharing and Sub-Processors

We do not sell personal information, and we do not share it for cross-context behavioural advertising. We share personal information only as described below:

• Service providers (sub-processors) that help us operate the Service under written contracts requiring confidentiality and appropriate security, including: Supabase (database, authentication, storage, edge functions, hosted via Lovable Cloud); Stripe, Inc. and Stripe Payments Canada, Ltd. (payment processing, payouts, Connect onboarding); Resend (transactional email delivery); Google and OpenAI, via the Lovable AI Gateway (AI Features inference); cloud hosting and CDN providers (infrastructure and content delivery); and Apple and Google (push notifications for the mobile app). We maintain a current list of sub-processors and will provide notice of material changes as described in Part C.
• Stripe. When you or your End Clients use the payment features, payment data is collected and processed directly by Stripe under Stripe’s terms and privacy policy.
• Compliance and safety. We may disclose information when required by law, subpoena, or court order, or to protect the rights, property, or safety of Quiresoft, our Customers, or others.
• Business transfers. If Quiresoft is involved in a merger, acquisition, or sale of assets, personal information may be transferred subject to standard confidentiality protections.
• With your consent or at your direction.

7. International Data Transfers

Quiresoft is based in Canada. Personal information may be processed and stored in Canada, the United States, the European Union, and other jurisdictions where our sub-processors operate. Where required, we use lawful transfer mechanisms (such as the European Commission’s Standard Contractual Clauses and the UK Addendum) and, for transfers from Quebec, we conduct the privacy impact assessment required by Law 25 before transferring personal information outside the province.

8. Data Retention

We retain personal information for as long as your Account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. As a general matter, Customer Data is deleted or anonymized within ninety (90) days following termination of your Account, except where a longer period is required by law (for example, financial and tax records) or where data is subject to a legal hold. You may export Customer Data using the Service’s export tools before termination.

9. Security and Breach Notification

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest where supported by our infrastructure, role-based access controls, multi-tenant database row-level security, audit logging, and least-privilege access for personnel. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

If we become aware of a breach of security safeguards that poses a real risk of significant harm to affected individuals, we will report and notify as required by PIPEDA, Quebec’s Law 25, the GDPR, and other applicable laws, and we will notify affected Customers without undue delay so that they can meet their own obligations.

10. Your Rights

Subject to applicable law, you may have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate information; (c) request deletion of your information; (d) request a portable copy of your information; (e) object to or restrict certain processing; (f) withdraw consent where processing is based on consent; and, for California residents, (g) limit the use of sensitive personal information and not be subject to discrimination for exercising your rights. You may exercise these rights by emailing privacy@quicklinq.app, and you may use an authorized agent where the law permits. We will verify your identity before responding and will respond within the timeframes required by applicable law.

Where Quiresoft acts as a processor on behalf of a Customer (for example, regarding an End Client’s information), we will forward your request to the relevant Customer, who is the controller of that information.

Residents of Canadian provinces may contact the Office of the Privacy Commissioner of Canada or their provincial regulator, including, for Quebec residents, the Commission d’accès à l’information du Québec. EU and UK residents have the right to lodge a complaint with their local data-protection authority.

11. Automated Decision-Making

We do not use your personal information to make decisions based solely on automated processing that produce legal or similarly significant effects about you. AI-assisted features in the Service generate suggestions for human review and do not replace human judgment.

12. Children

The Service is intended for businesses and for users who are at least 18 years old. It is not directed to children, and we do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us so we can delete it.

13. Cookies and Similar Technologies

We and our service providers use cookies, local storage, and similar technologies to maintain sessions, remember preferences, secure the Service, and measure usage. You can configure your browser to refuse cookies, but some parts of the Service may not function properly without them. Where required by law (for example, in the European Union and United Kingdom), we obtain consent before placing non-essential cookies.

14. Email Communications and CASL

As a Canadian organization, our commercial electronic messages comply with Canada’s Anti-Spam Legislation (CASL). Each such message identifies us, includes our mailing address, and provides an unsubscribe mechanism. Transactional and service messages necessary to provide the Service are sent on the basis of our relationship with you. When you use the Service to message your own End Clients, you are responsible for holding any consent required by CASL or other applicable law to contact them.

15. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top indicates when it was last revised. If we make material changes, we will provide additional notice (for example, by email or an in-Service banner). Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

16. Contact and Privacy Officer

For privacy questions or to exercise your rights, please contact our Privacy Officer:

Quiresoft Technologies Inc. — Privacy Officer
Email: privacy@quicklinq.app · Legal: legal@quicklinq.app