← Retour a l'accueil

Privacy Policy

Last updated: March 2026

1. Introduction

Qoomply ("we", "our", "us") operates the Qoomply platform at qoomply.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

Qoomply is an AI-powered Quality Management System (QMS) that helps organizations manage documents, audits, KPIs, and compliance processes.

2. Data We Collect

We collect the following categories of data:

  • Account information: Email address, name, profile picture (from Google OAuth or email registration)
  • Workspace data: Organization name, member list, roles
  • Documents: Files you upload to the platform (PDFs, Word documents, spreadsheets)
  • Usage data: Search queries, AI chat conversations, activity logs
  • Technical data: IP address, browser type, device information (for security and analytics)

3. How We Use Your Data

  • Provide the service: Index documents, enable search, power AI chat
  • Authentication: Verify your identity via Firebase Authentication
  • Google Drive integration: When you connect Google Drive, we access your files in read-only mode (drive.readonly scope) solely to import selected documents into your workspace. We do not modify, delete, or share your Drive files.
  • AI processing: Documents are processed by Google Vertex AI (Gemini) to generate embeddings and AI responses. Your data is not used to train AI models.
  • Security: Detect and prevent unauthorized access, abuse, or fraud

4. Google API Services — Limited Use Disclosure

Qoomply's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to the data necessary to provide the service (document import via Google Drive Picker)
  • We use the drive.readonly scope to read files you explicitly select — we never access files you have not selected
  • We do not use Google user data for advertising or sell it to third parties
  • We do not transfer Google user data to third parties except as necessary to provide the service (Google Cloud Platform infrastructure)
  • Human access to Google user data is limited to what is necessary for security, legal compliance, or with your explicit consent

5. Data Storage and Security

All data is stored on Google Cloud Platform, European Union region (Belgium / Frankfurt):

  • Documents: Google Cloud Storage (AES-256 encryption at rest)
  • Metadata: Google Firestore (AES-256 encryption at rest)
  • Search index: Qdrant Cloud, Frankfurt, Germany (AES-256 encryption at rest)
  • Conversations: Google Cloud SQL PostgreSQL (AES-256 encryption at rest)
  • Authentication: Firebase Authentication (managed by Google)

All data in transit is encrypted using TLS 1.3. We enforce HSTS with a max-age of 1 year.

6. AI and Data Processing

  • We use Google Vertex AI (Gemini) for AI chat and document analysis
  • Google contractually guarantees that Vertex AI API data is not used to train models
  • Vertex AI does not retain prompts or responses after processing
  • No third-party AI providers (OpenAI, Anthropic, etc.) are used

7. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

  • Google Cloud Platform: Infrastructure provider (compute, storage, AI) — covered by Google Cloud DPA
  • Qdrant: Vector search database — hosted in EU, GDPR compliant

No other subprocessors are involved.

8. Data Retention and Deletion

  • Your data is retained as long as your account is active
  • You can delete individual documents at any time — they are removed from all systems (storage, search index, metadata)
  • You can delete your entire workspace — all data is permanently purged within 30 days
  • Upon request, we provide a Certificate of Data Destruction

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a standard format
  • Restriction: Limit processing of your data
  • Object: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@qoomply.com.

10. Cookies

Qoomply uses essential cookies and local storage for authentication (Firebase session tokens) and user preferences (theme, workspace selection). We do not use tracking cookies, analytics cookies, or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our platform.

12. Contact

For privacy-related inquiries:

Qoomply SAS — All rights reserved