Privacy Policy

Last updated: 27 April 2026

QUALIVA LTD ("Qualiva", "we", "us", "our"), registered in England and Wales, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our platform at qualiva.ai and related services ("Service").

This Policy applies to visitors to our website, trial users, and customers. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

QUALIVA LTD is the data controller for personal data processed through qualiva.ai. For data processed within the platform on behalf of customers (i.e., your employees' data within your QMS), we act as a data processor under your instructions.

Contact our data team at: hello@qualiva.ai

2. What Data We Collect

2.1 Data you provide

  • Account data: name, work email address, job title, company name, country
  • Demo request data: name, email, company, role, country, phone number, areas of interest, and any message you submit via the contact form
  • Payment data: billing information processed by our payment processor (we do not store raw card details)
  • Communications: emails, WhatsApp messages, or other correspondence you send us

2.2 Data generated by your use

  • Usage data: pages visited, features used, session duration, browser type, operating system, IP address
  • Platform activity logs: actions taken within the platform (logins, document edits, form submissions) for audit and security purposes
  • Ask Qualiva queries: text queries submitted to the AI assistant, retained for service quality review only

2.3 Customer Data (processed on your behalf)

When you use the Service, you may upload data about your factory operations, employees, products, and quality records ("Customer Data"). This data belongs to you. We process it only as necessary to provide the Service and in accordance with your instructions. See Section 7 for details.

3. Legal Basis for Processing

Purpose Legal basis
Providing the ServicePerformance of contract
Processing demo requestsLegitimate interests (to respond to enquiries)
Security and fraud preventionLegitimate interests
Service improvement and analyticsLegitimate interests
Sending product updates and marketingConsent (where required) or legitimate interests
Compliance with legal obligationsLegal obligation

4. How We Use Your Data

  • To create and manage your account and provide the Service
  • To respond to demo requests, support queries, and other communications
  • To send transactional emails (account confirmations, invoices, security alerts)
  • To send product updates and relevant communications — you may unsubscribe at any time
  • To monitor and improve the security and performance of the Service
  • To comply with applicable laws and regulations

We do not sell personal data to third parties. We do not use Customer Data to train AI models. Ask Qualiva queries are processed by Anthropic's API under data processing agreements and are not used to train Anthropic's models.

5. Data Storage and Transfers

All Customer Data and platform data is hosted on Hetzner Cloud infrastructure located in Nuremberg, Germany (EU). Data does not leave the European Economic Area in the ordinary course of operations.

Where we use third-party service providers outside the EEA (for example, email delivery services), we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses.

6. Cookies and Analytics

We use strictly necessary cookies to operate the Service (session management, security). We do not use third-party advertising cookies or tracking pixels on our platform.

Our website may use minimal, privacy-respecting analytics. Where we do, data is anonymised and not shared with third parties for advertising purposes. You can disable cookies in your browser settings; this may affect functionality.

7. Customer Data — Data Processor Role

For data you upload to the platform (your employees' training records, quality documents, deviation reports, etc.), you are the data controller and we are your data processor. We process this data:

  • Only on your documented instructions
  • With appropriate technical and organisational security measures
  • Without sub-processing to other parties without your consent, except where necessary for service delivery (e.g., infrastructure providers under confidentiality obligations)
  • With commitment to assist you in responding to data subject requests
  • By deleting or returning all Customer Data upon termination, within 60 days

A Data Processing Agreement (DPA) is available on request: hello@qualiva.ai

8. Data Retention

  • Account and usage data: retained for the duration of the subscription plus 12 months, then deleted
  • Customer Data: deleted within 60 days of contract termination; full export provided on request within 30 days
  • Demo request and marketing data: retained for up to 3 years, or until you unsubscribe
  • Legal and financial records: retained for 7 years as required by UK law
  • Security logs: retained for 12 months

9. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — ask us to delete your personal data (subject to legal retention obligations)
  • Restriction — ask us to restrict processing in certain circumstances
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at hello@qualiva.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls with principle of least privilege
  • Regular security assessments and penetration testing
  • Audit logging of all significant platform actions
  • Incident response procedures meeting UK GDPR 72-hour notification requirements

11. Third-Party Services

We use the following categories of sub-processors to deliver the Service:

  • Infrastructure: Hetzner Cloud (Germany) — hosting and compute
  • AI processing: Anthropic (USA) — Ask Qualiva AI responses, under DPA with no training on customer data
  • Form handling: Netlify (USA) — demo request form submissions
  • Email delivery: transactional email provider, under data processing agreements

A full list of sub-processors is available on request.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-platform notice at least 30 days before the change takes effect. The current version is always available at qualiva.ai/privacy.

13. Contact

QUALIVA LTD
London, United Kingdom
Registered in England and Wales
hello@qualiva.ai

For data protection queries, contact us at the same address with the subject line "Data Protection".

Chat with us on WhatsApp