Privacy Policy
Last updated: 7 July 2025
Thank you for visiting Qalti (the “Service”). Qalti is a product of AIQA Inc., 1111B S Governors Ave, STE 28743, Dover, DE 19904, USA (“AIQA”, “we”, “our”, or “us”). We respect your privacy and are committed to protecting Personal Data in accordance with the EU General Data Protection Regulation (“GDPR”).
1. Who is responsible for your data?
Controller: AIQA Inc.
Contact: privacy@qalti.com
Because we are established in the United States and our activities target individuals in the EEA/UK, we have voluntarily appointed the above e-mail address to act as our contact point for EU/UK data-protection matters (Art. 27 GDPR).
2. What data do we collect & why?
Situation
Categories of Personal Data
Purpose
Legal Basis (Art. 6 GDPR)
Browsing the website
IP address, approximate location (city/region), device & browser info, usage events
Site security, load-balancing, aggregated analytics
Art. 6 (1)(f) legitimate interest (operate & secure the Service)
Analytics (PostHog, Google Analytics/Tag Manager)
Pseudonymous user ID, approximate location, page views, clicks, device info, referrer URL
Understand product usage, improve UX, detect bugs
(f) legitimate interest (business & product insights); we disable ad-personalisation
Wait-list or demo sign-up (Typeform)
Name, e-mail, company, non-precise location, locale, basic device info, any free-text you provide
Respond to your request, schedule demo, send product updates
Art. 6 (1)(b) contract pre-steps; Art. 6 (1)(a) consent (marketing e-mails)
Marketing e-mails
E-mail address, interaction data (opens, clicks)
Send product news & offers
(a) consent (you can withdraw anytime)
Server logs & security events
IP, user-agent, timestamp, request URL, error details
Detect fraud, ensure integrity of systems
(f) legitimate interest (security & fraud prevention)
Usage data
Prompts, usage metadata, upload content (e.g. files, code snippets), feature usage
Improve model performance, personalized recommendations, new feature development
(f) legitimate interest (enhancing service quality)
We do not knowingly process special categories of data, nor do we sell Personal Data.
3. Cookies & similar technologies
We use first-party cookies necessary for site operation and preference storage. Analytics scripts (PostHog, Google Analytics) set cookies to generate aggregated statistics; these operate in cookieless or IP-anonymised mode where supported. Non-essential cookies are only placed after you give consent via our banner.
4. Third-party processors
Service
Role
Data processed
Hosting region
Safeguards
PostHog Inc. (us.i.posthog.com)
Product analytics
Usage events, pseudonymous ID
USA
Standard Contractual Clauses (“SCCs”) & supplementary measures
Google LLC (Analytics & Tag Manager)
Web analytics & tag management
Pseudonymous analytics data
USA
SCCs; IP anonymisation; no ad-personalisation
Typeform S.L. (EU region)
Forms (wait-list & demo)
Form responses incl. contact details
EU
SCCs
Framer B.V.
Site hosting & performance scripts
Technical log data
USA
SCCs
Google Fonts
Web fonts
IP address when fonts load
USA
cached locally whenever possible
5. International transfers
Some of the third-party services listed above store data on servers located in the United States. Transfers are based on the European Commission’s Standard Contractual Clauses under Art. 46 GDPR, supplemented by technical and organisational measures (encryption in transit/at rest, strict access controls).
6. How long do we keep your data?
Web-server logs: 90 days
Analytics events: 24 months, then aggregated or deleted
Wait-list / demo details: Until you withdraw consent or 24 months after last interaction, whichever is sooner
Marketing e-mail lists: Until you unsubscribe
Security-related records: Up to 24 months, unless needed for legal claims
Usage data: Up to 24 months for service tuning, after which data will be aggregated or deleted
We may retain data longer where required by law or to defend legal claims (Art. 6 (1)(c) & (f)).
7. Your rights (EEA/UK)
Under GDPR you can:
Access your Personal Data
Rectify inaccurate or incomplete data
Erase data (“right to be forgotten”)
Restrict processing
Object to processing based on legitimate interests or direct marketing
Port data to another provider (where feasible)
Withdraw consent at any time (marketing e-mails)
To exercise any right, e-mail privacy@qalti.com. You also have the right to lodge a complaint with your local supervisory authority (e.g., your EU Member State’s Data Protection Authority or the UK ICO).
8. Security measures
We apply industry-standard safeguards: TLS 1.2+ encryption, firewalling, least-privilege access, continuous monitoring, regular vulnerability scans, and incident-response procedures. Despite these measures, no Internet transmission is 100 % secure, and you use the Service at your own risk.
9. Children
Qalti is not directed to children under 16. We do not knowingly collect their data. If you believe a child has provided Personal Data, please contact us for deletion.
10. Changes to this Policy
We may update this Policy to reflect legal or operational changes. Material changes will be announced on the website or via e-mail where feasible. The “Last updated” date at the top tells you when the Policy was last revised.
11. Contact
For any privacy question, please write to privacy@qalti.com or by mail to:
AIQA Inc.
Attn: Privacy Team
1111B S Governors Ave, STE 28743
Dover, DE 19904, USA