Legal · Compliance

Privacy Policy.

How QUIPU AI Private Limited collects, uses, and safeguards your information when you visit or use our website and services at thequipu.com. By accessing or using the Service, you agree to the collection and use of information described below.

Version 2.0
Effective Date 01 July 2025
Last Updated 31 December 2025
Next Review 01 July 2026
Document ID QUIPU/PP/2025-01
01 — Company

Company information.

  • Legal Entity: QUIPU AI Private Limited
  • Operating Regions: United States, Finland, India, EU
  • Website: https://www.thequipu.com/
02 — Collection

Information we collect.

Personal data you provide

We may collect personally identifiable information, including but not limited to:

  • First and last name
  • Email address
  • Phone number
  • Business or mailing address
  • Account credentials
  • Communications sent to us

Automatically collected information

When you use the Service, we may automatically collect:

  • IP address
  • Browser type and version
  • Device identifiers
  • Operating system
  • Pages visited and time spent
  • Referring URLs
  • Diagnostic and usage data
03 — Cookies

Cookies & tracking technologies.

We use cookies and similar technologies to operate and improve the Service.

  • Essential cookies — required for website functionality
  • Preference cookies — remember user settings
  • Analytics cookies — measure performance and usage, where permitted

You may control cookies through your browser settings. Disabling cookies may affect certain features of the Service.

04 — Legal Basis

Legal basis for processing (GDPR).

For users located in the European Economic Area (EEA), we process Personal Data under the following legal bases:

  • Your consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests, such as security, analytics, and service improvement
05 — Use

How we use your information.

We use Personal Data to:

  • Provide, operate, and maintain the Service
  • Create and manage user accounts
  • Communicate with users regarding updates, security notices, and support
  • Respond to inquiries and requests
  • Improve functionality and user experience
  • Monitor and analyze usage trends
  • Comply with legal and regulatory requirements
  • Support corporate transactions such as mergers or acquisitions
06 — Sharing

Sharing of information.

We may share your information with:

  • Legal authorities when required by law
We do not sell Personal Data.
07 — Retention

Data retention.

We retain Personal Data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

08 — Transfers

Cross-border data transfers.

Personal Data will not be transferred across regions or jurisdictions without explicit prior approval by all involved parties, unless required by applicable law.

09 — Your Rights

Your privacy rights.

GDPR rights (EEA / UK users)

You have the right to:

  • Access your Personal Data
  • Correct inaccurate information
  • Request deletion of your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

U.S. privacy rights (California residents)

Under applicable California laws (CCPA / CPRA), you may:

  • Request disclosure of collected data categories
  • Request deletion of Personal Data
  • Opt out of future data selling or sharing, if applicable
  • Exercise rights without discrimination

Requests can be made using the contact details in Section 14.

10 — Security

Data security & privacy.

  • Security & privacy by design — high data security and privacy controls are built into our architecture and deployment workflows by default.
  • Continuous delivery with guardrails — our DevOps practices incorporate continuous development with security checks embedded into build and release processes to reduce risk to Personal Data.
  • Annual privacy impact review — we review security operations at least annually to assess whether any controls, incidents, or operational changes could impact Personal Data or privacy rights.
  • Event-driven reassessment — additional reviews are performed after material security incidents or significant system or deployment changes affecting data processing.

We have established a cross-functional Privacy Committee — including representatives from Security, DevOps, and Engineering — that meets at least annually, and additionally as needed following material changes or incidents affecting Personal Data.

11 — Third Parties

Third-party links.

The Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites and encourage users to review their policies.

12 — Disposal

Secure disposal of personal information.

We maintain procedures for the secure disposal of Personal Data once it is no longer required for the purposes described in this Privacy Policy or to meet legal and regulatory obligations.

Such procedures include, as applicable:

  • Secure deletion or overwriting of electronic records
  • Encryption-aware destruction of storage media
  • Physical shredding or disposal of paper records
  • Access-controlled and audited disposal processes for sensitive systems

These procedures are periodically reviewed and enforced to ensure Personal Data is irreversibly destroyed and cannot be reconstructed or accessed by unauthorized parties.

13 — Changes

Changes to this policy.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes may be communicated via the Service or email.

14 — Contact

Contact us.

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email privacy@thequipu.com
Website https://www.thequipu.com/
Entity QUIPU AI Private Limited
15 — Revisions

Revision history.

Version Date Summary of changes
2.0 01 Jul 2025 Policy updated and aligned with ISO 27001:2022
1.0 01 Jan 2025 Initial privacy policy creation