Queriyo

Privacy Policy

Last updated · 2 May 2026

This policy explains what personal data Queriyo (queriyo.org) collects, why, and your rights under the UK GDPR and EU GDPR.

1. Who we are

The data controller is Queriyo. Contact: queriyo.info@gmail.com.

2. What we collect

  • Account data — email, hashed password, MFA enrolment status.
  • Content — documents and URLs you upload, and the embeddings we derive from them.
  • Visitor questions — questions asked through your widget, the AI answer, timestamp, and a session ID.
  • CRM data — contacts you add or import, payment records, notes, and tags.
  • Connected-account tokens — encrypted at rest when you connect Google Drive, Gmail, LinkedIn, or Meta (Facebook / Instagram).
  • Billing data — handled by Stripe; we store the customer/subscription ID only.
  • Technical data — IP address (for rate limiting), browser type, request logs.

3. Why we use it (lawful bases)

  • To provide the Service (contract).
  • To prevent abuse and secure the Service (legitimate interests).
  • To comply with tax and accounting law (legal obligation).
  • For optional analytics and marketing emails (consent — you can withdraw it).

4. Sub-processors

We share the minimum data needed with the following providers:

  • Supabase — database, authentication, file storage.
  • Anthropic — AI responses (your widget questions and document context).
  • Voyage AI — vector embeddings for your documents and questions.
  • Stripe — payment processing.
  • Google — only if you connect Google Drive (document import) or Gmail (sending email from the CRM).
  • LinkedIn — only if you connect LinkedIn for content publishing.
  • Meta (Facebook & Instagram) — only if you connect a Facebook Page or Instagram Business account for content publishing.
  • Brevo — only if you connect Brevo for transactional or bulk email.
  • Our hosting and email providers.

5. International transfers

Some sub-processors are based outside the UK / EEA. Transfers are protected by Standard Contractual Clauses or equivalent safeguards.

6. Retention

  • Account & content — retained while your account is active. You can delete documents and contacts at any time from the dashboard. On account closure, we delete remaining data within a reasonable period after a request to queriyo.info@gmail.com.
  • Visitor questions — retained until you delete them. There is currently no automatic expiry.
  • Billing records — 7 years (legal requirement).
  • Server logs — typically 30 days, depending on our hosting provider’s defaults.

7. Your rights

You have the right to access, correct, delete, or export your personal data, restrict or object to processing, and lodge a complaint with the Information Commissioner’s Office (UK) or your local data protection authority. Email us at queriyo.info@gmail.com to exercise any of these.

8. Security

We use TLS in transit, AES-256-GCM encryption at rest for sensitive integration tokens, row-level security in the database, and offer multi-factor authentication on accounts.

9. Cookies

See our Cookie Policy for details on cookies and similar technologies.

10. Children

The Service is not directed to children under 16.

11. Changes

We will notify you of material changes by email or in-app notice.

This is a starting template, not legal advice. Have a lawyer review before launch.

Privacy Policy — Queriyo