AIEight AI features that think for you
PlatformSee the full QC suite
IndustriesBuilt for food manufacturing
PricingTransparent, modular plans
10×faster traceability
100%audit-ready compliance
60%less paperwork
<30sdeviation alerts

Replace spreadsheets and paper logs with
one connected quality platform.

Get Early AccessSign In

No credit card required · Setup in under a week

Privacy Policy

Last updated: April 29, 2026

1. Introduction

TheJar.Company Limited, a company incorporated in Hong Kong, operating as "QuaBook" ("Company," "we," "us," or "our"), is committed to protecting the privacy of individuals and organizations that use our platform. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you use our cloud-based food manufacturing quality control and production operations platform (the "Service").

This Policy applies to all users of the Service, including organization administrators, supervisors, QC managers, planners, operators, and any other individuals who access the platform. It also applies to personal data of employees entered into the Service by Subscribers on behalf of their workforce.

For purposes of applicable data protection laws, the Subscriber (your organization) is the data controller with respect to personal data entered into the Service. The Company acts as a data processor on behalf of the Subscriber. Please refer to our Data Processing Agreement for further details.

2. Information We Collect

Account and Organization Information

When you register, we collect your full name, email address, organization name, company legal name, address, country, industry type, and role. We may also collect company size, facility location, and timezone to configure the Service for your operations.

Employee Personal Data

Subscribers enter information about their workforce into the Service. This may include:

  • Employee names, employee codes, roles, and department assignments
  • 4-digit PINs used for kiosk/floor station authentication
  • Attendance records, shift schedules, and check-in/check-out timestamps
  • Profile photographs (if uploaded by the Subscriber)
  • Performance data generated through the Service (QC entries, work order assignments)

Important: The Subscriber, as the data controller, is responsible for obtaining all necessary consents and legal bases for processing its employees' personal data through the Service.

Production and Quality Control Data

The core of the Service involves managing manufacturing data, including:

  • Work orders, batch records, and production schedules
  • QC inspection entries, test results, pass/fail determinations, and deviations
  • Product specifications, recipes, BOM/formulations, and manufacturing parameters
  • Supplier information, certifications, raw material lot records, and performance data
  • Machine records, maintenance logs, and environmental monitoring data
  • Non-conformance reports, CAPA records, complaints, and corrective action documentation
  • Documents uploaded to the document management system

Usage and Technical Data

We automatically collect technical information about your interactions with the Service:

  • Login timestamps, session duration, and access patterns
  • Features used, pages visited, and search queries
  • Device information (operating system, browser type, device model)
  • IP addresses and approximate geographic location
  • Audit trail events (who changed what, when)

AI Interaction Data

When you use QuaBook's AI-powered features, we process:

  • Queries and prompts submitted to AI features
  • Context data (QC results, production metrics) used to generate insights
  • AI-generated reports, anomaly alerts, and recommendations
  • Feedback on AI outputs to improve model accuracy

Cookies and Tracking Technologies

We use essential cookies for authentication and session management, preference cookies to remember your settings, and analytics cookies to understand usage patterns. We do not use advertising or tracking cookies. See Section 8 for full details.

3. How We Use Your Information

Service Delivery

We process your information to provide the Service: operating the platform, processing QC entries, managing work orders, generating reports, maintaining audit trails, and enabling kiosk/floor station functionality.

AI-Powered Features

We process production and QC data through our AI models to identify trends, detect anomalies, predict potential issues, and generate recommendations. AI outputs are informational only and do not constitute food safety or regulatory advice.

Service Improvement

We analyze aggregated and anonymized usage patterns to improve platform features, performance, and user experience. Individual Subscriber Data is not used for this purpose without anonymization.

Communications

We use your email address for account notifications, service announcements, security alerts, and billing information. Marketing communications are only sent with your opt-in consent.

Legal Compliance and Security

We may process information to comply with legal obligations, respond to lawful requests, enforce our Terms of Service, investigate fraud or security threats, and protect the rights and safety of our users.

4. Legal Bases for Processing

We process personal data on the following legal bases under applicable data protection laws:

  • Contract Performance: Processing necessary to perform our obligations under the subscription agreement
  • Legitimate Interests: Processing necessary for our legitimate interests in improving the Service, preventing fraud, and ensuring security, where such interests are not overridden by your rights
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations
  • Consent: Where required by law, we obtain your consent before processing (e.g., for marketing communications)

5. Data Sharing and Disclosure

We Do Not Sell Your Data

The Company does not sell, trade, or rent personal information or Subscriber Data to third parties. Your production records, QC data, employee information, and operational data are not monetized.

Sub-Processors

We use trusted third-party sub-processors to operate the Service. These include:

  • Cloud hosting and infrastructure providers (data storage and compute)
  • Authentication and identity services
  • Email delivery services
  • Payment processing (Stripe — we do not store credit card numbers)
  • Analytics and error monitoring tools

All sub-processors are bound by Data Processing Agreements that require them to protect data confidentiality and security. A current list of sub-processors is available upon request.

Legal Requirements

We may disclose information when required by law, court order, subpoena, or government request. We will make reasonable efforts to notify the Subscriber of such requests unless legally prohibited.

Business Transfers

In the event of a merger, acquisition, or sale of assets, Subscriber Data may be transferred as part of the transaction. We will notify affected Subscribers before any such transfer and provide an opportunity to export data.

6. Data Storage and Security

Infrastructure

Data is hosted on secure, redundant cloud infrastructure with automatic backups. The primary data centers are located in Singapore. If your organization requires data residency in a specific region, please contact us to discuss available options.

Security Measures

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Bcrypt hashing for PINs and passwords (no plaintext storage)
  • Role-based access controls and tenant isolation
  • Audit logging of all data access and modifications
  • Regular security assessments and vulnerability scanning
  • Rate limiting and brute-force protection on authentication endpoints

Tenant Isolation

Each Subscriber's data is logically isolated within our multi-tenant architecture. Data from one organization is never accessible to another organization. All database queries are scoped to the authenticated organization.

Access Controls

Access to Subscriber Data by Company employees is strictly limited to authorized personnel who require it for support and service operations. All employees are bound by confidentiality obligations. Access is logged and monitored.

7. Data Retention

Active Subscriptions

We retain all Subscriber Data for the duration of the active subscription. This includes historical records, audit trails, and archived data to support regulatory compliance requirements.

Post-Termination

Upon subscription termination:

  • Subscriber has thirty (30) days to request a data export in standard machine-readable formats
  • After the 30-day export window, all Subscriber Data is permanently deleted within ninety (90) days
  • Backup copies may persist for up to ninety (90) days as part of standard infrastructure retention, after which they are securely destroyed
  • Anonymized, aggregated data that cannot identify the Subscriber may be retained indefinitely

Legal Holds

We may retain specific data beyond the standard retention periods if required by applicable law, regulation, or a valid legal process (e.g., litigation hold).

8. Cookies and Tracking Technologies

Essential Cookies

Required for the Service to function: authentication tokens, session management, and CSRF protection. Cannot be disabled.

Preference Cookies

Remember your settings, language, display preferences, and saved filters.

Analytics Cookies

Used to understand usage patterns and improve the Service. You can opt out of analytics tracking without affecting core functionality. We do not use advertising or cross-site tracking cookies.

Managing Cookies

You can control non-essential cookies through your browser settings. Blocking essential cookies may prevent the Service from functioning properly.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Data Portability: Request your data in a standard machine-readable format
  • Restriction: Request that we limit the processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time
  • Non-Discrimination: We will not discriminate against you for exercising your rights

For Subscriber Employees

If you are an employee whose data has been entered into QuaBook by your employer, you should direct privacy requests to your employer (the Subscriber), who is the data controller. We will cooperate with the Subscriber to fulfill such requests in accordance with applicable law.

GDPR (EU/EEA Users)

Users in the European Union and European Economic Area have rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority. To exercise your GDPR rights, contact us at privacy@quabook.com.

PDPO (Hong Kong Users)

Users in Hong Kong have rights under the Personal Data (Privacy) Ordinance (PDPO), including the right to access and correct personal data. Requests may be directed to privacy@quabook.com.

We respond to verified privacy requests within thirty (30) days. We may request identity verification before processing your request.

10. International Data Transfers

The Company is incorporated in Hong Kong and operates cloud infrastructure primarily in Singapore. Your data may be transferred to and processed in countries other than your country of residence, which may have different data protection laws.

Where required by applicable law, we implement appropriate safeguards for international data transfers, including standard contractual clauses approved by relevant data protection authorities and any other mechanisms required by applicable law. By using the Service, you acknowledge and consent to the transfer of your information as described in this section.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided personal data, we will take steps to delete such data. If you believe we have collected data from a minor, please contact us at privacy@quabook.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' notice via email or a prominent notice within the Service. The "Last updated" date at the top indicates the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related questions, data subject requests, or complaints:

TheJar.Company Limited

Operating as: QuaBook

Privacy inquiries: privacy@quabook.com

General inquiries: solutions@quabook.com

This Privacy Policy was last updated on April 29, 2026. TheJar.Company Limited reserves all rights not expressly granted herein.