Privacy Policy

This policy covers personal data processed by QEHS across the marketing website, the product application, our mobile apps, and any support, sales, or community channels operated by QEHS.

It does not cover personal data that customers process inside their tenants — for that, customers act as data controller and QEHS as data processor under the Data Processing Addendum.

Account identifiers (name, work email, employer), authentication data, product telemetry, support correspondence, and billing metadata.

Marketing visitors: cookie and device metadata subject to consent, IP-derived country, and any information voluntarily submitted via forms.

Contract: to deliver the product to account holders and respond to support requests.

Legitimate interest: to secure the service, detect fraud, and improve the product.

Consent: for marketing emails, non-essential cookies, and any optional telemetry.

Legal obligation: tax, accounting, and regulatory retention.

Access, rectification, erasure, portability, restriction, objection, and the right to lodge a complaint with a supervisory authority. Contact anil@heftyinnovations.com to exercise any right — we respond within 30 days.

Data stays within the region chosen at tenant creation. Cross-border transfers (for support, engineering access, or sub-processors) use Standard Contractual Clauses, UK IDTA, or equivalent mechanisms.

Tenant data: retained for the life of the subscription plus 30 days, then purged unless legal hold applies.

Marketing leads: retained for up to 24 months from last interaction.

Support correspondence: 3 years.