Privacy Policy

1. Introduction

Qolvix ("Qolvix," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, process, disclose, and safeguard information when you access or use our websites, mobile applications, software-as-a-service tools, APIs, and other services (collectively, "our services").

This Privacy Policy applies to all users of our services regardless of geographic location. By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

This policy is designed to comply with applicable privacy laws including, where relevant, the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the Children's Online Privacy Protection Act (COPPA), and applicable platform-specific privacy requirements including those of Apple, Google, and TikTok.

2. Information We Collect

We collect several types of information in connection with the operation of our services:

Account and Registration Information. When you create an account, we collect information such as your name, email address, username, password (stored in hashed form), and any profile information you choose to provide. If you register through a third-party authentication provider such as Google Sign-In or Apple Sign-In, we receive the information that provider shares with us, typically your name and email address.

OAuth Tokens and Connected Account Data. When you connect a third-party account—such as a TikTok account, Google account, YouTube channel, or other platform—we receive OAuth access tokens and refresh tokens from those platforms. These tokens allow our services to interact with your connected accounts on your behalf. We may also receive profile information, account identifiers, and other data from those platforms as permitted by your authorization and the platform's own policies. The specific data we access depends on the permissions you grant during the OAuth authorization flow.

Usage Data. We automatically collect information about how you interact with our services, including: pages or features accessed, actions taken within the application, time and date of access, frequency and duration of use, feature preferences and settings, and error logs. This data helps us understand how users interact with our services and improves their functionality.

Device and Technical Information. We collect technical information from your device, including: IP address, device type and model, operating system name and version, browser type and version, device identifiers, screen resolution, timezone, and language settings. This information is collected automatically when you access our services.

Content and User-Generated Data. If you create, upload, submit, or publish content through our services, we collect and store that content in connection with providing you the service. This may include text, images, video metadata, and other files depending on the specific service you use.

Communications. If you contact us via email or other channels, we retain those communications and any information you provide in them. This includes support requests, feedback, and correspondence related to your account.

Payment Information. If our services include a paid tier, payment processing is handled by a third-party processor. We do not store full credit card numbers or banking details on our servers; we may retain transaction records, billing addresses, and subscription status information.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate our services. We use your account information and usage data to authenticate you, enable access to features, and deliver the core functionality of our services.
• To interact with connected accounts on your behalf. Where you have authorized us via OAuth, we use access tokens to take actions on connected third-party platforms as directed by you within our services.
• To improve and personalize our services. We analyze usage patterns to understand which features are valuable, identify bugs and performance issues, and guide product development decisions.
• To communicate with you. We use your email address to send transactional messages such as account confirmation, password resets, subscription receipts, and important notices about changes to our services or these policies. We may also send product update communications where permitted by applicable law.
• To ensure security and prevent fraud. We use technical and account information to detect and prevent unauthorized access, abuse, fraud, spam, and other harmful activities.
• To comply with legal obligations. We may process your information as required by applicable law, regulation, court order, or legal process.
• To enforce our Terms of Service. We use account and usage information to investigate and address violations of our Terms.

We do not sell your personal information to third parties for advertising or marketing purposes.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:

Service Providers. We share information with third-party vendors and service providers that perform services on our behalf, such as cloud hosting, database management, authentication, payment processing, email delivery, and analytics. These providers are contractually obligated to use your information only to provide services to us and to protect your information in accordance with applicable law.

Third-Party Platforms You Connect. When you use features that interact with third-party platforms through OAuth or similar authorization, information necessarily flows to and from those platforms to enable the integration. Data shared with third-party platforms is governed by those platforms' own privacy policies.

Legal Requirements and Safety. We may disclose your information if we believe in good faith that disclosure is necessary to: comply with a legal obligation, respond to a valid legal process (such as a subpoena, court order, or government request), enforce our Terms of Service, protect the rights, property, or safety of Qolvix, our users, or others, or prevent fraud or illegal activity.

Business Transfers. If Qolvix is involved in a merger, acquisition, asset sale, financing, reorganization, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website if your information becomes subject to a materially different privacy policy as a result of such a transaction.

With Your Consent. We may share your information for other purposes with your explicit consent.

5. Third-Party Services

Our services rely on a number of third-party providers whose data practices affect how your information is handled. The following is a description of the key third-party services we use and their relevance to your privacy:

TikTok. Our services may offer integrations with TikTok's platform via TikTok's developer API. When you connect your TikTok account, we receive OAuth tokens and may access data you authorize, such as account identifiers, profile information, and content metadata. Data from TikTok is subject to the TikTok Privacy Policy. We access and use TikTok data solely to provide you the features you request within our services. We do not use TikTok data for advertising profiling or share it with additional third parties beyond what is required to operate the integration.

Google. We may use Google services including Google OAuth for authentication, Google APIs for platform integrations, and Google Cloud infrastructure. When you authenticate with Google, we receive the information Google provides in the authorization response, typically your name, email address, and a unique Google account identifier. Use of Google services is governed by Google's Privacy Policy.

Anthropic (Claude API). Our services may use Anthropic's Claude API to power AI-driven features. When AI features are used, prompts, inputs, and context relevant to the operation may be transmitted to Anthropic's servers for processing. We do not knowingly transmit your personally identifiable account credentials or OAuth tokens to Anthropic. However, content you input into AI-powered features may be sent to Anthropic as part of the inference request. Anthropic's handling of API data is governed by Anthropic's Privacy Policy and their API usage policies.

Supabase. We use Supabase for database storage and user authentication services. Your account data, application data, and session information are stored on Supabase-managed infrastructure. Supabase is contractually bound to process data only as directed by us and to maintain appropriate security standards. Supabase's data handling practices are governed by the Supabase Privacy Policy and applicable data processing agreements.

Each of these third-party services operates under its own privacy policy and terms of service. We encourage you to review those policies to understand how they handle your data. We are not responsible for the privacy practices of any third-party service.

6. Data Retention

We retain your personal information for as long as your account is active, as long as necessary to provide you with our services, and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you delete your account, we will delete or anonymize your personal information within ninety (90) days of account deletion, except where we are required by law to retain certain records for a longer period, or where data has been backed up in automated backup systems that are purged on a regular cycle.

OAuth Tokens. OAuth access tokens and refresh tokens for connected third-party accounts are revoked and deleted promptly upon disconnection of the associated account or upon deletion of your Qolvix account, whichever occurs first. We do not retain OAuth tokens after you have disconnected a platform integration or closed your account.

Usage and analytics data that has been aggregated and anonymized may be retained indefinitely, as it no longer identifies individual users.

If you request deletion of your data, we will process your request in accordance with Section 7 (Your Privacy Rights) and applicable law.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Right to Access. You have the right to request a copy of the personal information we hold about you.
• Right to Correction. You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion. You have the right to request deletion of your personal information. We will honor deletion requests subject to our need to retain certain information to comply with legal obligations, resolve disputes, or enforce agreements.
• Right to Data Portability. You have the right to request that we provide your personal information in a structured, commonly used, machine-readable format, to the extent technically feasible.
• Right to Opt Out of Marketing. You have the right to opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in any marketing email, or by contacting us directly.
• Right to Restrict Processing. In certain circumstances, you may have the right to restrict the processing of your personal information.
• Right to Object. Where we process your data based on legitimate interests, you have the right to object to that processing.

California Residents (CCPA/CPRA). If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect about you, the right to opt out of the sale of your personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise your California privacy rights, contact us at legal@qolvix.com with the subject line "California Privacy Request."

EU/EEA and UK Residents (GDPR). If you are located in the European Union, European Economic Area, or United Kingdom, you have rights under the General Data Protection Regulation, including the rights described above plus the right to lodge a complaint with your local data protection authority. Our legal basis for processing your personal information varies by purpose: we process data necessary to perform the contract we have with you (service provision), on the basis of your consent (for optional data collection and certain communications), to comply with legal obligations, and for our legitimate interests in operating and improving our services (where those interests are not overridden by your rights).

To exercise any of the rights described above, please contact us at legal@qolvix.com. We will respond to verifiable requests within the timeframes required by applicable law (generally within 30 to 45 days). We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our services and collect usage information. Cookies are small text files placed on your device when you visit our website or use certain features of our services.

We use the following categories of cookies:

• Strictly Necessary Cookies. These cookies are essential for our services to function. They enable core features like user authentication, session management, and security. You cannot opt out of these cookies without disabling the services entirely.
• Functional Cookies. These cookies remember your preferences and settings so that you do not need to re-enter them on each visit. They improve the usability of our services but are not essential.
• Analytics Cookies. We may use analytics cookies to understand how users interact with our services—such as which pages are visited most often, how long sessions last, and where errors occur. This information is used in aggregate to improve our services. We use only analytics tools that are contractually prohibited from using your data for their own advertising purposes.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a new cookie is set. Note that disabling certain cookies may affect the functionality of our services.

We do not use cookies to serve third-party advertisements or to track your activity across unrelated websites.

9. Data Security

We implement and maintain technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using industry-standard Transport Layer Security (TLS).
• Encryption of sensitive data at rest in our database systems.
• Access controls that limit access to personal data to employees and contractors who need it to perform their job functions.
• Row-level security policies in our database layer to ensure user data is logically isolated.
• Security monitoring and logging to detect and respond to potential security incidents.
• Regular review of our security practices and policies.

Despite these measures, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your information. In the event of a data breach that affects your personal information and is required to be reported under applicable law, we will notify you in accordance with our legal obligations.

If you believe your account security has been compromised, please contact us immediately at legal@qolvix.com.

10. Children's Privacy

Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13 years of age, you are not permitted to use our services and must not provide any information to us.

If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems. If you believe that we may have any information from or about a child under 13, please contact us immediately at legal@qolvix.com.

If you are between 13 and 17 years of age, your parent or legal guardian must review and consent to these terms and our privacy practices on your behalf. We encourage parents and guardians to monitor their children's internet usage and to help enforce this Privacy Policy by instructing their children never to provide personal information through our services without parental permission.

This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA) and equivalent laws in other jurisdictions.

11. International Data Transfers

Qolvix is operated from the United States. If you access our services from outside the United States, your information will be transferred to, stored in, and processed in the United States, where our servers are located and where data protection laws may differ from those in your jurisdiction.

For users located in the European Union, European Economic Area, or United Kingdom, we rely on appropriate legal mechanisms for international data transfers as required by applicable law, including standard contractual clauses approved by relevant authorities and, where applicable, reliance on adequacy decisions.

By using our services, you acknowledge that your information will be transferred to and processed in the United States and other countries where our service providers operate. We take steps to ensure that international transfers comply with applicable law and that your information receives an adequate level of protection.

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by applicable law or where we determine appropriate, provide you with more prominent notice of the change, such as an email to the address associated with your account or a notification within our services.

Your continued use of our services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with any changes, you should stop using our services and may request deletion of your account and data as described in Section 7.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. The current version will always be accessible at qolvix.com/privacy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Qolvix
Email: legal@qolvix.com

For requests related to your personal data (access, correction, deletion, or portability), please include "Privacy Request" in the subject line of your email and provide sufficient information for us to verify your identity and locate your account.

We will make reasonable efforts to respond to all inquiries within thirty (30) days. For requests from EU/EEA residents, we will respond within the timeframes required by the GDPR.