Privacy Policy

Qoviro ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under applicable law, including the General Data Protection Regulation (GDPR).

1. Who We Are

Qoviro is operated as a service for freelancers and their clients. For questions about this policy or your data, contact our data controller at contact@qoviro.com.

2. Information We Collect

We collect information you provide directly to us:

• Account data — name, email address, and password when you register.
• Profile information — any additional details you add to your account settings.
• Billing data — payment method and billing address, processed securely by our payment provider (Stripe). We never store raw card numbers.
• Content — files, comments, messages, and other content you upload or create while using the Service.

We also collect information automatically:

• Usage data — pages visited, features used, actions taken, and session duration.
• Device and log data — IP address, browser type, operating system, and referral URLs.
• Cookies and similar technologies — see Section 7 below.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and send related billing communications.
• Send transactional emails (account confirmations, password resets, file notifications).
• Improve and develop new features based on usage patterns.
• Respond to support requests and communicate with you about the Service.
• Detect and prevent fraud, abuse, or security incidents.
• Comply with legal obligations.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area, our legal bases for processing your personal data are:

• Contract performance — processing necessary to provide the Service you signed up for.
• Legitimate interests — improving the Service, preventing abuse, and ensuring security.
• Legal obligation — compliance with applicable law.
• Consent — where you have given explicit consent (e.g., marketing emails), which you may withdraw at any time.

5. Sharing Your Information

We do not sell your personal data. We may share it with:

• Service providers — third-party vendors who help us operate the Service (cloud hosting, analytics, email delivery, payment processing). These providers are bound by data processing agreements and may only use data for the services they provide to us.
• Your clients — content you share within a project is visible to the clients you explicitly invite.
• Legal requirements — if required by law, court order, or government authority.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before such a transfer.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Cookies

We use strictly necessary cookies to keep you logged in and remember your preferences (such as your chosen color theme). We also use analytics cookies (PostHog) to understand how the Service is used. You can disable non-essential cookies in your browser settings at any time.

8. Your Rights

Depending on your location, you may have the right to:

• Access and receive a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to certain types of processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at contact@qoviro.com. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is perfectly secure; if you become aware of a security issue, please report it to contact@qoviro.com immediately.

10. International Transfers

Your data may be processed in countries outside the EEA. Where this occurs, we rely on appropriate safeguards (such as EU Standard Contractual Clauses) to ensure your data is protected in accordance with GDPR requirements.

11. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you by email or via a notice in the Service.

13. Contact

For any questions, requests, or concerns regarding this Privacy Policy, please reach out at contact@qoviro.com.