Privacy Policy

Effective Date: February 1, 2026 · Last Updated: February 19, 2026

QOnsApp ("we," "us," or "our") operates the QOnsApp platform (the "Service"), a multi-tenant SaaS workforce and concierge management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. By accessing or using QOnsApp, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, phone number, job title, and password when you register or are invited to the platform.
  • Company information: company name, business address, industry, and size when registering an organization.
  • Employment data: role, building assignments, hourly rate, skills, certifications, languages, hire date, and emergency contact details.
  • Time and attendance: clock-in/out times, break durations, shift schedules, and time-off requests.
  • Communications: messages, support requests, and feedback you send through the platform.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, and timestamps.
  • Device information: browser type, operating system, IP address, and device identifiers.
  • Log data: server logs, error reports, and performance metrics.

1.3 Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: required for authentication, session management, and security (e.g., CSRF tokens, session tokens). These cannot be disabled.
  • Analytics cookies: help us understand how you use the Service to improve performance and features. These are optional and can be disabled.

We do not use marketing or advertising cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and enforce role-based access control.
  • Process time tracking, shift management, and payroll calculations.
  • Generate reports, analytics, and demand forecasts for your organization.
  • Send transactional communications (shift assignments, password resets, notifications).
  • Monitor for security incidents and prevent unauthorized access.
  • Comply with legal obligations and respond to lawful requests.

3. How We Share Your Information

We do not sell your personal information. We may share data with:

  • Your employer/organization: your company administrators and managers can access your work-related data within the platform as part of normal business operations.
  • Service providers: third-party vendors who help us operate the Service (e.g., cloud hosting via Supabase/Vercel, email delivery via SendGrid, error monitoring via Sentry). These providers are contractually bound to protect your data.
  • Legal compliance: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

4. Multi-Tenancy and Data Isolation

QOnsApp is a multi-tenant platform. Each organization's data is logically isolated using company-level access controls and database-level row security policies. Your organization's data is never accessible to other organizations on the platform.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Retention periods vary by subscription tier:

  • Starter: 1 year of historical data.
  • Professional: 2 years of historical data.
  • Enterprise: 5 years of historical data.

After account deletion or contract termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records, audit logs).

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS enforced via HSTS).
  • Encryption at rest for all database storage.
  • Password hashing using bcrypt with appropriate salt rounds.
  • CSRF protection with cryptographically signed single-use tokens.
  • Rate limiting to prevent brute-force attacks.
  • Role-based access control with 20+ distinct permission levels.
  • Audit logging for sensitive operations.
  • Regular security reviews and monitoring.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request that we limit the processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.

To exercise these rights, use the data export and account deletion features in your account settings, or contact us at privacy@qonsapp.com. We will respond within 30 days.

Legal basis for processing: we process personal data on the basis of (a) contractual necessity to provide the Service, (b) legitimate business interests, and (c) your consent where applicable.

8. Your Rights Under CCPA

If you are a California resident, you have the right to:

  • Know: request information about the categories and specific pieces of personal information we have collected.
  • Delete: request deletion of your personal information.
  • Opt-out of sale: we do not sell personal information, so this right is automatically satisfied.
  • Non-discrimination: we will not discriminate against you for exercising any of these rights.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, where required.

10. Children's Privacy

QOnsApp is a B2B workforce management platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also send an email notification.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

QOnsApp Data Protection

Email: privacy@qonsapp.com

Phone: 1-800-QONSAPP

See also our Terms of Service and Data Processing Agreement.