qderoqdero

Legal

Privacy Policy

Last updated: 30 May 2026

1. Who We Are

Qdero Inc. ("Qdero", "we", "us") is the data controller for personal data processed through qdero.com and the Qdero finance platform. Contact: privacy@qdero.com.

2. Data We Collect

(a) Account data: name, email, password hash, organisation, role. (b) Financial data you import or enter: invoices, transactions, bank connections, payroll. (c) Usage data: pages visited, features used, device and browser metadata. (d) Communications: support tickets, chat messages.

3. How We Use Your Data

To provide the Service, run AI features on your behalf, secure your account, send transactional emails, comply with legal obligations, and (with consent) send marketing updates.

4. Legal Bases (GDPR)

We rely on contract (to provide the Service), legitimate interests (security, product improvement), consent (marketing, optional cookies), and legal obligation (tax, anti-fraud).

5. AI Processing

Customer Data may be processed by our AI models to deliver features such as categorisation and forecasting. We do not use your data to train third-party foundation models. All AI processing is performed under signed data processing agreements with our model providers.

6. Sharing

We share data with sub-processors (cloud hosting, payment processing, email delivery, analytics) under strict contractual safeguards. We never sell personal data. A current list of sub-processors is available on request.

7. International Transfers

We host data in EU and US regions. Cross-border transfers are protected by Standard Contractual Clauses (SCCs) and equivalent safeguards.

8. Retention

We retain Customer Data for the life of your account plus 90 days. Tax-relevant records may be retained longer where required by law. You can request deletion at any time.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data. Exercise these rights by emailing privacy@qdero.com. GDPR (EU/UK), POPIA (South Africa), CCPA (California), and LGPD (Brazil) are all supported.

10. Security

AES-256 encryption at rest, TLS 1.3 in transit, hardware-backed key management, role-based access control, continuous vulnerability scanning, and 24/7 monitoring. SOC 2 Type II audit in progress.

11. Cookies

See our Cookie Policy for details on the cookies we use and how to manage them.

12. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from children.

13. Changes

We will notify you of material changes by email or in-app banner at least 30 days before they take effect.

14. Contact

Data protection officer: dpo@qdero.com. Supervisory authority complaints: you may also lodge a complaint with your local data protection authority.