Privacy Policy

Service Provider Identification:

Quotalogic Oy (Y-tunnus 3385013-2, VAT-ID/ALV: FI33850132),
Ranta-Tampellan katu 11 A 29, 33180, TAMPERE, Finland.

1. INTRODUCTION

Quotalogic, ("Quotalogic," "Company," "we," "our," or "us") processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - "GDPR") and other applicable EU data protection laws. This Privacy Policy ("Policy") applies to personal data processing through our website https://quotalogic.io and its subdomains (including app.quotalogic.io) and associated services (collectively, the "Service(s)").

This Privacy Policy applies only to the processing of personal data of our website visitors and Service users where QuotaLogic acts as a data controller. When our users process personal data of their own customers through our Service, they act as data controllers, and QuotaLogic acts as a data processor. In such cases, the processing is governed by the Data Processing Agreement https://app.quotalogic.io/legal/dpa between Quotalogic and the respective user.

In this context:

A data controller is the entity (organization or individual) that determines the purposes and means of processing personal data. For example, if you're using our service to process data on behalf of your customers, you are the data controller.
A data processor is the entity that processes personal data on behalf of the data controller. In this case, our service acts as the data processor, following your instructions for data processing while maintaining appropriate security measures.

By using our services, you automatically agree to the terms outlined in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue the use of our Services immediately. Your continued use of our services constitutes your acceptance of any updates or changes to this Privacy Policy.

2. LEGAL BASIS FOR PROCESSING

Our processing of your personal data is primarily based on the necessity for contract performance (Art. 6(1)(b) GDPR), as required to provide you with our services and manage your account. We also process data based on our legitimate interests (Art. 6(1)(f) GDPR), which include:

maintaining, operating, and improving our services and user experience,
ensuring the security and integrity of our systems and preventing fraud or misuse,
developing and promoting our business, including limited direct marketing to existing customers,
handling customer support requests and dispute resolution efficiently.

When relying on legitimate interests, we always perform a balancing test to ensure that our interests are not overridden by your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time, as described in Section 7 of this Policy.

Where required by law (Art. 6(1)(c) GDPR), we process data to comply with our legal obligations, particularly regarding business records and security incidents. For certain optional features and marketing communications, we may rely on your consent (Art. 6(1)(a) GDPR).

For marketing communications, including email newsletters, promotional offers, and product updates, we will only send such communications if you have given your explicit consent in accordance with Article 6(1)(a) GDPR and applicable ePrivacy rules. You can withdraw your consent at any time by following the unsubscribe instructions in our emails or by contacting us directly at [email protected]. For more details, see the Advertising mailings section of this Policy.

3. INFORMATION WE COLLECT

The personal data we collect includes information you provide directly to us and information automatically collected through your use of our Service. When you register an account, we collect your email address and encrypted password, along with optional information such as your name, surname, professional contact details and billing address. For business accounts, we collect the company name, business address, industry sector information and billing address.

Your usage of our Service generates technical data necessary for operation and security, including session identifiers, login timestamps. We also collect information about your browser type and version. Our systems record usage data such as access logs, error reports, and performance metrics to maintain and improve our Service.

4. COOKIES

Our cookie usage complies with Article 5(3) of the ePrivacy Directive (2002/58/EC). We employ only strictly necessary cookies for authentication, security, and session management purposes. Detailed information about our cookie practices can be found at https://app.quotalogic.io/legal/cookie-policy.

5. RETENTION PERIODS

Our data retention practices align with Article 5(1)(e) GDPR's storage limitation principle. Account data for active users is maintained throughout the duration of service usage. After 6 months of inactivity, accounts enter our inactive status protocol. Following account deletion, we retain backup data for 30 days to ensure system integrity and fulfill potential legal obligations.

Technical data follows varying retention schedules: session data is kept for 24 hours, login records for 90 days, and security logs for 12 months. Business records retention adheres to legal requirements, with contracts maintained for 3 years after termination. Usage analytics are stored in aggregated form for 14 months, while system logs are retained for 90 days and performance data for 30 days.

6. DATA TRANSFERS

All personal data is processed and stored using infrastructure services provided by Scaleway SAS (BP 438, 75366 Paris CEDEX 08, France; VAT number: FR 35 433 115 904), whose data centers are located within the European Economic Area (EEA). Scaleway ensures GDPR-compliant processing in accordance with Article 28 GDPR, implements appropriate technical and organizational measures for data protection, and adheres to applicable EU data protection frameworks.

In addition, we use Cloudflare, Inc. (global headquarters: 101 Townsend St, San Francisco, CA 94107, USA) for content delivery network (CDN) services, DNS management, DDoS protection, reverse proxy, and related edge services. Cloudflare also operates through its EU-based legal entity, Cloudflare Germany GmbH (Rosental 7, c/o Mindspace, 80331 München, Germany; Amtsgericht München HRB 242623; VAT: DE319501868), which assists in ensuring GDPR-compliant processing within the EEA.

We rely exclusively on service providers that comply with GDPR Article 28 — including Scaleway’s and Cloudflare’s Data Processing Agreements (DPAs), which incorporate the latest EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S., Swiss-U.S., and UK-U.S. Data Privacy Frameworks for international transfers.

Cloudflare maintains industry-leading security and privacy standards, including:

ISO/IEC 27001 (Information Security Management System)
ISO/IEC 27018 (Protection of Personal Data in Public Cloud)
ISO/IEC 27701 (Privacy Information Management, as both controller and processor)
SOC 2 Type II (Trust Services Criteria: Security, Confidentiality, Availability)
PCI DSS Level 1 compliance for applicable services

For further details or to request compliance documentation, see the Cloudflare Trust Hub.

Both Scaleway and Cloudflare apply advanced security measures, including TLS 1.3 encryption for data in transit, AES-256 encryption for data at rest, network segmentation, DDoS mitigation, 24/7 monitoring, incident response protocols, and regular penetration testing.

YouTube Embedded Videos
Our website may include embedded videos hosted on YouTube, a service provided by Google LLC. When you play or interact with an embedded video, YouTube may collect information about your interaction, device, and IP address. This data is processed in accordance with Google’s Privacy Policy (https://policies.google.com/privacy). By using pages that contain embedded videos, you consent to YouTube’s data processing as described therein.

7. YOUR RIGHTS

Under the GDPR, you have comprehensive rights regarding your personal data. These include accessing your data (Article 15), correcting inaccuracies (Article 16), requesting erasure (Article 17), restricting processing (Article 18), data portability (Article 20), and objecting to processing (Article 21). To exercise these rights, contact us at [email protected]. We will respond to your request within 30 days as required by Article 12(3) GDPR.

8. DATA PROTECTION OFFICER AND OVERSIGHT

Our Data Protection Officer oversees our compliance with data protection regulations and can be reached at [email protected]. You have the right to lodge complaints with your local supervisory authority, which can be identified through the European Data Protection Board's website: https://edpb.europa.eu/about-edpb/board/members_en.

9. DATA SECURITY

We implement comprehensive security measures in accordance with Article 32 GDPR. Our systems employ TLS 1.3 encryption for data in transit and AES-256 encryption for stored data. Access controls, regular security audits, staff training, and incident response procedures form part of our security framework.

10. POLICY UPDATES

Material changes to this policy will be communicated to users via email 30 days before implementation, ensuring transparency in our data processing practices.

11. CONTACT INFORMATION

For questions or concerns about your privacy rights or this policy, contact:

Quotalogic Oy (Y-tunnus 3385013-2, VAT-ID/ALV: FI33850132), having its registered address at Ranta-Tampellan katu 11 A 29, 33180, TAMPERE, Finland.

[email protected].
Address: Ranta-Tampellan katu 11 A 29, 33180, TAMPERE, Finland
Phone: +358 45 168 39-59

References:
GDPR: https://eur-lex.europa.eu/eli/reg/2016/679/oje
Privacy Directive: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058

Privacy Policy ​

Service Provider Identification: ​

1. INTRODUCTION ​

2. LEGAL BASIS FOR PROCESSING ​

3. INFORMATION WE COLLECT ​

4. COOKIES ​

5. RETENTION PERIODS ​

6. DATA TRANSFERS ​

7. YOUR RIGHTS ​

8. DATA PROTECTION OFFICER AND OVERSIGHT ​

9. DATA SECURITY ​

10. POLICY UPDATES ​

11. CONTACT INFORMATION ​