Legal

GDPR & Data Protection

Last updated: July 4, 2026

Qireon is committed to protecting personal data and handling it in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page explains our approach and how to reach us.

1. Our role under GDPR

When you use our website or engage with us directly, Qireon Ltd. acts as a data controller for the personal data we collect about you.

When you use the platform to process personal data belonging to your organization or your customers, Qireon acts as a data processor, handling that data on your instructions under our Data Processing Agreement.

2. Lawful bases for processing

We process personal data on one or more lawful bases: to perform our contract with you, to pursue our legitimate interests in operating and securing the Service, to comply with legal obligations, and — where required — on the basis of your consent.

Where processing relies on consent, you can withdraw it at any time without affecting processing carried out before withdrawal.

3. Your rights

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing.

To exercise any of these rights, email hello@qireon.com. We will respond within one month, as required by the GDPR, and will not charge a fee except where permitted.

4. Data Processing Agreement (DPA)

For customers who process personal data through the platform, we make a Data Processing Agreement available that reflects the requirements of Article 28 of the GDPR, including our obligations, security measures, and sub-processor terms.

Contact us to request or execute a DPA as part of your contract.

5. Sub-processors

We use a limited set of vetted sub-processors to deliver the Service (for example hosting, email, and analytics providers). Each is bound by contract to protect personal data consistent with the GDPR.

A current list of sub-processors is available to customers and prospects under contract or NDA on request.

6. International data transfers

Where we transfer personal data outside the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum.

7. Data retention & security

We retain personal data only as long as necessary for the purposes described in our Privacy Policy or as required by law.

We protect personal data with encryption in transit and at rest, an AES-256-GCM credential vault, role-based access controls, and continuous monitoring.

8. Contact & complaints

For any data-protection question or to exercise your rights, contact us at hello@qireon.com.

You also have the right to lodge a complaint with your local supervisory authority if you believe your data has been handled unlawfully.

Questions about this document? Contact us or email hello@qireon.com.