Skip to main content

Privacy Policy

Last updated: May 2026

1. Who we are

QualIntel OS is operated by QualIntel OS Limited, based in New Zealand. Contact: hello@qualintel.io.

Our primary data processing infrastructure is hosted on servers located in the United States. We serve users globally, including in New Zealand, Australia, Asia, and the United States.

2. What data we collect

  • Account data: name, email address, and authentication credentials managed by Clerk.
  • Research data: documents, transcripts, interview notes, and codebooks you upload to the platform.
  • Usage data: actions within the platform (coding decisions, AI suggestions accepted/rejected) for audit trail and methodological transparency purposes.
  • Payment data: billing information processed and stored by Stripe. We do not store card details.

3. How we use your data

  • To provide the QualIntel OS analysis platform and maintain your projects.
  • To generate AI-assisted coding suggestions using your uploaded research data.
  • To maintain your audit trail for methodological transparency and academic submission purposes.
  • To process subscription payments via Stripe.
  • To send essential service communications (account, billing, security).

We do not sell your data. We do not use your research data to train AI models.

4. Data storage and international transfers

Your data is stored on servers located in the United States (Railway infrastructure and Qdrant vector database). If you are located outside the United States, your data is transferred to and processed there.

New Zealand holds an EU adequacy decision under GDPR Article 45. QualIntel OS is operated from New Zealand and applies New Zealand Privacy Act 2020 standards to all users globally as a baseline.

By creating an account and using QualIntel OS, you consent to this cross-border transfer. If you withdraw consent, you may request deletion of your account at any time.

5. Third-party processors

  • Clerk — authentication and user identity management.
  • Stripe — payment processing (PCI DSS compliant).
  • Railway — API and database hosting (United States).
  • Qdrant Cloud — vector search database (United States).
  • Voyage AI — text embedding for semantic search.
  • Anthropic — AI language model processing for coding assistance. Anthropic does not train on API inputs.
  • Vercel — web application hosting.

Each processor is bound by data processing agreements and their own privacy and security commitments.

6. Data retention

  • Account and research data is retained for as long as your account is active.
  • On account deletion, personal data is anonymised immediately. Research documents are cleared within the same operation.
  • Billing records are retained for 7 years as required by applicable law.
  • Audit trail records (coding decisions, AI suggestions) are retained in anonymised form for system integrity.

7. Your rights

Depending on your jurisdiction, you have the following rights. We honour these for all users regardless of location:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion (right to erasure): delete your account and personal data directly from your account settings, or by contacting us. Deletion is processed immediately.
  • Portability: export your research data, codebook, and audit trail at any time from within the platform.
  • Restriction / objection: object to or restrict certain processing by contacting us.
  • Withdraw consent: for cross-border data transfers at any time (note: this will prevent continued use of the platform).

These rights apply under the NZ Privacy Act 2020, Australian Privacy Act 1988 (APPs), Singapore Personal Data Protection Act (PDPA), and GDPR where applicable.

Institutional and organisational customers should refer to our Data Processing Agreement (DPA) which sets out additional obligations, breach notification timelines, and sub-processor details.

To exercise any right, contact hello@qualintel.io. We will respond within 20 working days.

8. Research data confidentiality

Your uploaded research documents (transcripts, field notes, interview recordings) are treated as strictly confidential. They are accessible only to you and users you explicitly share your project with. QualIntel staff do not access research data except for technical troubleshooting, and only with your explicit permission.

Documents are processed by Anthropic's API solely to generate coding suggestions. Anthropic does not retain or train on this content.

9. Security

QualIntel OS applies the following security controls:

  • All data in transit encrypted via TLS 1.2+.
  • Authentication via Clerk with RS256 JWT tokens.
  • Role-based access control at project level.
  • Rate limiting on all AI endpoints to prevent abuse.
  • Structured security audit logging on all API requests.
  • OWASP security headers on all responses.
  • API documentation disabled in production.

10. Cookies

We use essential cookies only — for authentication session management via Clerk. We do not set advertising, analytics, or third-party tracking cookies.

11. Changes to this policy

We will notify active users by email of material changes to this policy at least 14 days before they take effect. The date at the top of this page reflects the most recent revision.

12. Contact and complaints

Privacy questions or complaints: hello@qualintel.io

If you are located in New Zealand and are not satisfied with our response, you may contact the Office of the Privacy Commissioner. If you are located in Australia, you may contact the Office of the Australian Information Commissioner (OAIC).