Privacy Policy

Introduction

Qualtech, Inc. ("Qualtech," "we," or "us") is a Delaware C Corporation based in Texas. We are committed to protecting the privacy of our enterprise customers and their employees. This Privacy Policy outlines how we collect, use, and safeguard information when you use our Software-as-a-Service platform for manufacturing and quality engineering. It also describes your rights regarding your data. By using Qualtech's services, you agree to the data practices described in this Policy. This Policy is governed by the laws of Delaware, USA, and any disputes will be subject to Delaware jurisdiction as described below.

Information We Collect

We collect information necessary to provide and improve our risk management SaaS platform. This includes:

• Company Data: Information that your organization uploads or generates on our platform, such as Process Failure Mode and Effects Analyses (PFMEAs), quality control plans, risk assessments, failure modes, causes, and effects, and other engineering or production data. These may include technical descriptions, project documentation, and any other content entered into the platform. This company information is typically proprietary to your enterprise and can include sensitive manufacturing or product quality data.
• Employee Personal Information: Basic personal details of authorized users from your company. For example, we may collect your name, work email address, job title or role, phone number, and login credentials. This information is usually collected when a user account is created or managed. We use this to identify users, facilitate collaboration, and communicate with you about the service.
• Usage Data: Like many online services, we automatically collect certain technical information when you interact with our platform. This may include log data (e.g. IP addresses, browser type, device identifiers, dates/times of access, and pages or features used), as well as telemetry on how you use the software (such as which suggestions or modules you interact with). We collect this to help troubleshoot issues, monitor performance, and improve user experience.
• Cookies and Tracking Technologies: Our web-based platform may use cookies or similar technologies to remember user sessions and preferences. These are used only to support functionality (such as keeping you logged in or saving interface settings) and for security (such as detecting suspicious logins). We do not use tracking cookies for advertising. You can configure your browser to refuse cookies; however, this may affect certain features of the service.

We do not collect any sensitive personal information beyond what is needed for business use of the platform. For example, we do not seek to collect social security numbers, personal financial information, or health/medical data about individuals through our service. Our platform is intended for business use by manufacturing and quality professionals, and not for personal or household purposes.

Data Security

Qualtech takes data security very seriously. We have implemented a variety of administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• SOC 2 Compliance: We maintain a SOC 2 compliant security program. SOC 2 is an independent auditing standard that ensures SaaS and cloud providers securely manage data to protect the privacy of clients and the company's interests. Our SOC 2 compliance means we adhere to rigorous controls for security, availability, processing integrity, confidentiality, and privacy of customer data. We undergo regular third-party audits to verify these controls are effective.
• Encryption: All data transmitted between your device and our platform is encrypted in transit using industry-standard encryption protocols (such as HTTPS/TLS). Additionally, we encrypt sensitive data at rest in our databases and storage systems (using strong encryption algorithms like AES-256). Encryption helps ensure that even if data were intercepted or accessed improperly, it remains unreadable to unauthorized parties.
• Access Controls: We limit access to customer data strictly to those personnel who need it to perform their job duties (for example, for customer support or system maintenance). Our employees and contractors are bound by confidentiality obligations. We follow the principle of least privilege and use measures like role-based access controls, strong authentication, and audit logging to prevent unauthorized access to data.
• Monitoring and Testing: Our security team monitors systems for suspicious activity and has incident response plans in place. We conduct regular vulnerability assessments, penetration testing, and risk assessments to identify and address potential security weaknesses. Security patches and updates are applied to our software and infrastructure in a timely manner.
• Secure Development Practices: We follow secure coding guidelines and best practices in our software development lifecycle. Changes to our code base are reviewed and tested for security impacts. We also maintain backups and redundancies to protect data against loss or accidental deletion, and we test our backup restoration procedures periodically.
• Organizational Policies: Qualtech has comprehensive internal policies around data protection, including employee training on data security and privacy. All team members are trained to handle data in compliance with our security and privacy policies, and employees undergo background checks as permitted by law.

Despite our diligent efforts, no system can be 100% secure. However, we strive to use industry best practices and continually improve our safeguards to minimize risks. In the unlikely event of a data breach that affects your company or personal information, we will promptly notify you in accordance with applicable laws and will take necessary steps to mitigate the impact and prevent future occurrences.

How We Use Your Information

Qualtech uses the collected data solely for legitimate business purposes in connection with providing our SaaS platform. The ways we use your information include:

• Providing and Improving the Service: Company Data and employee information are used to operate the software's functionality – for example, to store your PFMEA and quality plan documents, generate LLM-based risk suggestions, and facilitate teamwork among users. We also use Usage Data to understand system performance and user interaction patterns, which helps us optimize features, fix bugs, and continuously improve our algorithms and suggestions.
• Customer Support and Communications: We may use your contact information (like work email or phone) to send service-related communications. This can include onboarding information, usage tips, technical alerts (for example, notices of maintenance or security updates), and responses to support requests. We will also send administrative emails to designated contacts about account management, such as billing notices or important updates to terms or policies.
• Security and Abuse Prevention: Information (especially Usage Data and logs) is used to maintain the security of our platform. This includes monitoring for unauthorized access or unusual activities, debugging errors, and preventing misuse. For instance, we may analyze logs to detect accounts that might be compromised or to investigate a violation of our Terms of Service.
• Compliance with Law and Regulations: We may process data as required to comply with applicable legal obligations related to data retention, safety, and regulatory requirements in the medical device or manufacturing industries. For example, we might review stored data if needed to demonstrate compliance with quality system regulations or to cooperate with a lawful government request.
• Aggregated Analytics: We may aggregate and anonymize data across our user base to generate statistical insights. For example, we might compile metrics such as the average number of PFMEAs managed or common categories of failure modes (without revealing any company-specific information). These insights are used internally to understand usage trends or may be shared in an anonymized form (e.g. in marketing materials or research) that does not identify any individual or company.

We will not use your data for any purpose other than the above without your consent. In particular, we do not use your company's data or your employees' personal information for marketing or advertising purposes (unless such use is explicitly agreed to in a separate contract or you opt in). Any new purpose for data processing beyond what is described here will be communicated to you and, if required, we will obtain your permission.

Data Sharing and Disclosure

Protecting your data is a core principle at Qualtech. We treat the information you entrust to us as confidential. As a general rule, we do not share your company data or personal information with third parties without authorization. However, there are a few circumstances where we may disclose data, consistent with this Privacy Policy and applicable law:

• Service Providers: We use reputable third-party providers to support our operations (for example, cloud hosting services, data backup providers, or email delivery services). These providers may process or store limited data on our behalf as necessary for them to provide their services to us. For instance, your data may be stored on secure cloud servers or your email address may be used by an email service to send a notification. In all cases, we contractually require these vendors to handle data with strict confidentiality and security, and to use it only for the purposes of providing services to Qualtech. They are not permitted to use your data for their own purposes or to further disclose it.
• Legal Compliance: We may disclose your information if required to do so by law or legal process, or if we have a good faith belief that such action is necessary to (i) comply with an applicable law, regulation, subpoena, or court order; (ii) protect and defend the rights, property, or safety of Qualtech, our customers, or others; or (iii) investigate fraud or security issues. If a government or regulatory body requests access to data, we will strive to redirect them to obtain the data from the customer directly unless legally prohibited, and we will only provide the minimum necessary information. Where permitted, we will notify you of such requests.
• Corporate Transactions: In the event of a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred to a successor or affiliate as part of that transaction. In such cases, we will require the new owner to continue honoring the privacy commitments we have made in this Policy with respect to your data, or we will notify you and obtain consent if required by law.
• Subsidiaries and Affiliates: Qualtech, Inc. may share data with our wholly-owned subsidiaries or corporate affiliates (if we have any in the future) for purposes consistent with this Policy. Any such entity will be under common ownership or control and will likewise be bound to protect your information under the terms of this Policy.
• With Your Consent: In any situation other than the ones listed above, we will only share your information with third parties if you direct us to or explicitly consent to such sharing. For example, if you request an integration that requires us to send data to another software tool, or if you choose to share a report with a supplier or customer via our platform, we will do so only with your authorization.

We do not sell or rent personal information to third parties for their own marketing purposes. "Personal information" includes any information that identifies an individual (like names or contact info). Your trust is important to us, and we do not monetize your data. Any data sharing that does occur is strictly for the purposes of providing our services or as compelled by law, as outlined above.

Your Rights and Choices

We believe in transparency and giving you control over your personal data. Depending on your jurisdiction and the nature of the data, you may have certain rights regarding information about you. Qualtech will honor all applicable data protection rights to the extent required by law. These rights may include:

• Right to Access: You have the right to request a copy of the personal information we hold about you, and to obtain information about how we process it. For example, employees of our customer companies can contact us to confirm whether we are processing their personal data (such as name and email) and to receive a summary of that data.
• Right to Rectification: If your personal information is incorrect or incomplete, you have the right to request that we correct or update it. You can also update certain information (like your user profile details) directly through the platform. We encourage you to keep your information up-to-date and will honor correction requests in a timely manner.
• Right to Deletion: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. For instance, if an employee leaves the company or you wish to close your account, you may request deletion of your profile information from our systems. We will comply, except where retention is required for our legitimate business purposes or legal obligations (for example, backup archives or logs may be retained for a period of time, but we will isolate and protect your data from any further active use).
• Right to Data Portability: In some cases, you may have the right to obtain your personal data in a structured, commonly used, machine-readable format so you can transfer it to another service. Qualtech will assist with reasonable data export requests—your company data (like PFMEAs and reports) can be exported through our software features or by request, ensuring you can take your information with you.
• Right to Object or Restrict Processing: You may have the right to object to certain processing of your data or request that we limit the processing in some circumstances. For example, you can opt out of any marketing communications as described below, or object if you believe we are processing your data in a way that is not justified. We will evaluate and honor such requests in accordance with applicable law.
• Opt-Out of Communications: If we send you marketing or promotional emails (for example, a newsletter or an invite to a webinar), you have the choice to opt out. You can unsubscribe using the link in any such email or by contacting us. Note that you cannot opt out of essential service or transactional communications, which are not promotional in nature. These include messages like important account notifications, security alerts, or updates to this Policy or our Terms.
• California or Other Jurisdiction-Specific Rights: If you are a resident of California or a region with specific privacy laws (such as the CCPA or GDPR in Europe), you may have additional rights such as the right to know categories of personal information collected, the right to not be discriminated against for exercising privacy rights, etc. We will comply with all such applicable laws. For example, we do not discriminate or retaliate against individuals who exercise their privacy rights, and we do not sell personal data, so there is no need for a "Do Not Sell" opt-out in our case. If you have any questions or requests specific to your jurisdiction, please contact us as described below.

To exercise any of your rights, please contact us using the information in the "Contact Us" section. We may need to verify your identity (and authority, if you are making a request on behalf of someone else such as your employer) before fulfilling the request, for security purposes. We will respond to requests within the timeframe required by law (for example, within 30 days under some regulations) and will let you know if we need additional time. Note that some rights may be limited—for instance, if fulfilling a deletion request would prevent us from complying with legal obligations or effectively providing our service to your organization, we may need to deny that request, but we will explain the reasoning.

International Data Transfers

Qualtech is a U.S.-based company. Our primary data centers and systems are located in the United States. If you are accessing the service from outside the U.S., be aware that your information will be transferred to and stored on servers in the U.S. (or other jurisdictions where our authorized processors are located). We will ensure any such transfers are done in compliance with applicable data protection laws.

For example, if you are using our platform from the European Economic Area (EEA) or the United Kingdom, we will rely on appropriate safeguards for transferring personal data to the U.S., such as Standard Contractual Clauses or an adequacy mechanism (if one is in place). Our commitment to SOC 2 and strong security measures (as described above) extends to all data we host, regardless of origin. By using the service or submitting information to us, you consent to the transfer of your data to the U.S. under these conditions.

We also commit to cooperate with any applicable data protection authorities and to handle international data inquiries or complaints in good faith. If needed, we will enter into additional data processing agreements or EU/UK addenda with our customers to facilitate lawful international data flows.

Data Retention

Qualtech retains personal and company data for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In practice, this means:

• Account Lifecycle: For active customer accounts, we retain all company data and user information for the duration of the subscription or use of our service. This ensures continuity of service (so you will have historical PFMEAs, records, and audit trails available). If your company terminates its contract or stops using Qualtech, we will follow instructions in our contract regarding data deletion or return. In absence of specific instructions, we will retain data for a reasonable period (e.g., 30-60 days) to allow for data export if needed, then securely delete or anonymize the data.
• Legal Requirements: We may retain certain information to comply with legal and regulatory obligations, or for legitimate business interests such as resolving disputes or enforcing agreements. For example, we might retain log entries or backup archives for a certain time as part of our SOC 2 controls and disaster recovery procedures. Additionally, if required by quality system regulations (e.g., certain design history files or risk documents) we may retain data for the period mandated (which can be several years for medical device records). We align our retention practices with our customers' regulatory needs whenever possible, often by contract.
• Anonymized Data: In some cases, rather than deleting data outright, we may anonymize it so it can no longer be associated with your company or any individual. For instance, aggregate analytical data (devoid of personal or identifying details) may be retained to help us improve our services, but this is not linked to any specific user or organization.
• Deletion Procedure: When data is deleted, we use commercially reasonable measures to irreversibly remove or erase it. For cloud backups or distributed storage, it may take additional time for all copies to be overwritten—however, once we process a deletion, we ensure that the data is not accessible or used for any active purpose and is scheduled for removal from all systems.

If you have any specific questions about our data retention or deletion practices (for example, if you need assurance that certain records are purged), please contact us. We can work with enterprise customers to accommodate special retention requirements through our enterprise agreements (for example, implementing custom data retention schedules).

Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes to the Policy, we will update the "Last Updated" date at the top of this document. For significant changes, we will provide a prominent notice, such as via email notification to account administrators or a pop-up notice within the Qualtech platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Qualtech services after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any changes to the Policy, you should stop using the services and may request that we delete your data as outlined above.

Children's Privacy

Our services are not designed for or directed to children under 13 (and in certain jurisdictions, under age 16). Qualtech does not knowingly collect personal information from children. All users of our platform are business entities or working professionals in their adult capacity. If you are under 13, you are not permitted to use our services, and should not send any information about yourself to us.

If we become aware that we have inadvertently collected personal information from a child under the relevant age without parental consent or outside of a legal exception, we will promptly delete such information. If you believe that we might have any information from or about a minor, please contact us so that we can take appropriate action.

Governing Law and Jurisdiction

As stated in the introduction, this Policy and any disputes related to privacy or data use are governed by the laws of the State of Delaware, U.S.A., without regard to its conflict of law principles. By using our services, you agree that any dispute arising out of or relating to this Privacy Policy that cannot be resolved amicably will be brought exclusively in the courts of Delaware (state or federal, as applicable), subject to the dispute resolution provisions of our Terms of Service if those apply. We and you consent to the exercise of personal jurisdiction by those courts.

Please note that the contractual commitments in our Terms of Service (including arbitration requirements, limitation of liability, etc.) may also apply to disputes related to this Privacy Policy, since they are part of the overall agreement between you (or your company) and Qualtech. We recommend reviewing our Terms of Service for more details on how disputes are handled.

If you are accessing our services from outside the United States, you understand that your information may be subject to U.S. laws and regulations, and that we operate under U.S. law. While we strive to accommodate international privacy concerns as described, we make no representation that this Privacy Policy or our practices comply with the laws of every jurisdiction globally. Users are responsible for ensuring their use of the service is lawful in their own jurisdiction.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us. We are here to help and will respond to inquiries as promptly as possible. You can reach our privacy team at:

Qualtech, Inc.
1606 Headway Cir STE 9152
Austin, TX 78754

Email: contact@qualtech.ai

Please include your name, contact information, and a detailed description of your request or concern. If you are an employee of a customer company, please also include the name of the company you work for. This helps us locate your data and respond effectively.