Legal · Privacy

Privacy Policy

Last updated1 June 2026
Effective date1 June 2026
Version2.1
Applies towww.quabook.com & the QuaBook platform

This Privacy Policy explains how QuaBook ("we", "us", or "the Company") collects, uses, discloses, and protects personal data in connection with the QuaBook quality-management platform and related websites (the "Service").

1. Introduction

QuaBook provides a quality-management platform for food manufacturers. This Policy applies to personal data we process as a business in our own right (for example, when you visit our website or contact our team) and describes our practices as a service provider to our subscribers. Where we process personal data on behalf of a subscriber as a data processor, that processing is governed by our Data Processing Agreement and the subscriber's instructions.

By accessing the Service you acknowledge the practices described here. If you do not agree with this Policy, please do not use the Service.

2. Information We Collect

We collect the following categories of personal data:

  • Account & contact data — name, work email, telephone number, company, and role, provided when you register, request a demo, or contact us.
  • Subscriber data — records entered into the platform by a subscriber's authorized users, which may include employee identifiers, QC records, and operational data. This data is processed under the subscriber's control.
  • Usage & device data — log data, IP address, browser type, pages viewed, and timestamps, collected automatically to operate and secure the Service.
  • Billing data — limited information necessary to administer subscriptions; payment-card details are handled by our payment processor and are not stored by us.

3. How We Use Your Information

We use personal data to provide, maintain, and secure the Service; to authenticate users and manage accounts; to administer subscriptions and invoicing; to provide customer support; to communicate service and security notices; to improve and develop our products; and to comply with our legal obligations. We do not sell personal data, and we do not use subscriber data to train models for the benefit of other customers.

4. Legal Bases for Processing

Where the GDPR or a comparable framework applies, we rely on the following legal bases: performance of a contract (to deliver the Service and administer your subscription); legitimate interests (to secure, improve, and promote the Service, balanced against your rights); legal obligation (to comply with applicable law); and consent (for optional communications, which you may withdraw at any time).

5. Data Sharing and Disclosure

We share personal data only as necessary to operate the Service: with vetted sub-processors (such as hosting, email, and payment providers) bound by written data-protection terms; with professional advisers under confidentiality; and where required by law, regulation, or valid legal process. We do not sell or rent personal data to third parties for their own marketing.

6. Data Storage and Security

Data is encrypted in transit (TLS) and at rest. We apply role-based access controls, the principle of least privilege, network segmentation, audit logging, and regular backups. Access to production systems is restricted to authorized personnel and monitored. While no system is perfectly secure, we maintain administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.

7. Data Retention

We retain subscriber data for the duration of the active subscription, including historical records and audit trails required for regulatory compliance. Following termination, subscriber data is retained for thirty (30) days to allow export, after which it is permanently deleted within ninety (90) days, except where retention is required by law. Account and contact data are retained only as long as necessary for the purposes described in this Policy.

8. Cookies and Tracking Technologies

We use strictly necessary cookies to operate the Service (for example, to maintain your session and security state) and a limited set of analytics cookies to understand and improve site performance. We do not use third-party advertising or cross-site tracking cookies. You can control non-essential cookies through your browser settings.

9. Your Privacy Rights

Subject to applicable law, you may have the right to access, correct, delete, or restrict the processing of your personal data; to object to certain processing; to data portability; and to withdraw consent. To exercise these rights, contact us using the details in Section 13. Where we act as a processor on behalf of a subscriber, we will refer your request to the relevant subscriber (the controller). You may also lodge a complaint with your supervisory authority.

10. International Data Transfers

We may transfer personal data to countries other than your own. Where we do, we implement appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, and offer regional data-residency options (including EU and GCC) to eligible subscribers. Transfers are made only to recipients that provide an adequate level of protection.

11. Children's Privacy

The Service is intended for use by businesses and is not directed to children. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

12. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. Material changes will be notified through the Service or by email before they take effect. The "Last updated" date above indicates when this Policy was most recently revised. Continued use of the Service after an update constitutes acceptance of the revised Policy.

13. Contact Us

For privacy enquiries or to exercise your rights, contact our data-protection team at solutions@quabook.com. You may also write to us at QuaBook, Riyadh · Dubai. We aim to respond to all legitimate requests within thirty (30) days.