Privacy Policy

V 1.0

V 1.0

V 1.0

April 21st, 2024

We know that providing personal information is an act of trust and we take that seriously.

When you visit our website or use our mobile app, this Privacy Notice should help you work out what we collect your data for and how we protect it for you. If you have any questions or would like to make any requests about your personal information such as opting out of marketing, please email support@qypt.io.

We go into more detail later on this page, but here's the short and sweet version:

It is important that you read this Privacy Notice together with any other Privacy Notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your data. 

It should also be read in conjunction with any Terms and Conditions on our website and will form part of these.

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.

  1. Who we are

Qypt (‘Qypt’, ‘we’, ‘us’, ‘our’), operated by Qypt GmbH a private limited liability company with registered office at Ziegelstr 27 10117 Berlin Germany, registered with the Company Registration Office under company number HRB257443B, is a service committed to the integration of security, privacy, and artificial intelligence. We value our Users’ (‘Users’, ‘you, ’your’) privacy and are committed to protecting your personal information with the highest standards of security. This Privacy Notice outlines our practices for handling your information, ensuring transparency, and safeguarding your trust as you use our service.

Your privacy is of utmost importance to us, and this Privacy Notice will guide you through how we collect, use, and protect your personal information as you interact with Qypt. 

Qypt is committed to the protection and privacy of all our clients' personal data, including those from the European Union (EU). We recognize the importance of the General Data Protection Regulation (GDPR) and are dedicated to ensuring our data processing practices comply with its requirements, regardless of where our clients are located.

As part of our commitment to EU GDPR compliance, we have implemented comprehensive policies and procedures designed to respect and protect the rights of our EU clients.

  1. Contact Details

You may contact us by email at support@qypt.io.

  1. Why do you need to read this notice?

We collect your personal data when you use:

  • our website at https://www.qypt.ai/

  • any of the services available to you through Qypt's platform.

We may also collect your personal data from other people or companies. We explain how this can happen in more detail in Section 4 below.

When we say 'personal data', we mean information which:

  • we know about you (for example, we know when you use Qypt)

  • can be used to personally identify you (for example, a combination of your name and email address)

This notice explains what information we collect, how we use it, and your rights over your personal data. 

Specific Qypt products and services you use may have standalone privacy notices. 

These notices:

  • give you more detail about how Qypt collects, uses, and protects your personal data when you use specific Qypt products or services

  • will be provided to you through the Qypt platform when you start using relevant Qypt products or services

  • can be accessed at any time through the Qypt website.

Sometimes, we may also provide you with 'just in time' privacy explanations on our platform. 

When you use a new Qypt product or service for the first time:

  • these explanations will help you to understand what specific personal data Qypt collects, uses, or shares about you for that product or service

  • where relevant, you will be prompted to review your privacy preferences

We may provide privacy notices and explanations in languages other than English. If there are any discrepancies between other language versions and the English language version, the English language version is authoritative.

If you have concerns about how we use your personal data, you can contact security@qypt.io

  1. About your data

4.1 Data we process

In traditional encryption models, both the encryption key and the unencrypted data are stored on the server. However, our approach differs significantly. With Qypt AI, the encryption key is retained solely by the user, and only the encrypted data is stored on our servers. We do not retain either the encryption key or the unencrypted data, ensuring enhanced security and privacy for our users.

When we refer to ‘personal data’, we mean information which:

  • we know about you (for example, we know when you register to the Qypt to platform)

  • can be used to personally identify you (for example, a combination of your name and email address)

The following is a list of the types of personal data we collect/process in regard:

Registration Data: Data provided to us when you register an account on Qypt’s platforms

We will collect the following information:

  • Your Email Address: To facilitate communications and to create your account.

  • Your Display Name: Assigned to you upon joining, which you can use for ease of use and personalization across our platform.

  • Your Registration Information: Information provided during the sign-up process to create and secure your account, including your email address and display name.

Account History

All Data relating to your Qypt account activity and patterns.

Marketing Subscription Data: Information that you provide to us for the purpose of subscribing to our email notifications and / or newsletters

Name and surname, email address, IP address

Communications Data: Data provided to us when you send us an email to request information or when you complete a ‘Contact Us’ form

Name and surname, email address, IP address, and other information you may enter into the email or form.

Tracking Data: Data about your use of the website

IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, and information about the timing, frequency, and pattern of your use

User Activity Information relating to platform usage and user experience and analytics

Minimal user activity on the Qypt services. 

4.2 What is Qypt’s legal basis for using your personal data?

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

  1. Performance of a Contract: We need certain personal data to provide our services and cannot provide them without this personal data. This includes information required to manage your Qypt account.

  2. Legal Obligations: In some cases, we have a legal responsibility to collect and store your personal data.

  3. Legitimate Interests: We sometimes collect and use your personal data because we have a legitimate reason to use it, and this is reasonable when balanced against your rights and freedoms. This could include enhancing our services, fraud prevention, and ensuring the security of our IT systems.

  4. Substantial Public Interest: Where we process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance, such as our obligation to prevent fraud.

  5. Consent: Where you've agreed to us collecting your personal data for example, when you tick a box to indicate you’re happy for us to use your personal data in a certain way.

4.2 What is Qypt’s legal basis for using your personal data?

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

  1. Performance of a Contract: We need certain personal data to provide our services and cannot provide them without this personal data. This includes information required to manage your Qypt account.

  2. Legal Obligations: In some cases, we have a legal responsibility to collect and store your personal data.

  3. Legitimate Interests: We sometimes collect and use your personal data because we have a legitimate reason to use it, and this is reasonable when balanced against your rights and freedoms. This could include enhancing our services, fraud prevention, and ensuring the security of our IT systems.

  4. Substantial Public Interest: Where we process your personal data, or your sensitive personal data (sometimes known as special category personal data), to adhere to government regulations or guidance, such as our obligation to prevent fraud.

  5. Consent: Where you've agreed to us collecting your personal data for example, when you tick a box to indicate you’re happy for us to use your personal data in a certain way.

4.3 How does Qypt use your personal data?

Providing Our Services

Whenever you apply for or use a Qypt product or service, we’ll use your personal data to:

  • Customer Support Services: We may record and monitor communications between you and us, including email threads, to maintain accurate records, verify your instructions, and for the purposes of analysis, service improvement, and training.

Keeping to contracts and agreements between you and us

  • Legitimate interests

  • Legal obligations

Marketing and Offering Products and Services of Interest

At Qypt, we leverage your personal data to enhance your experience and provide you with information about products and services that might interest you, always in compliance with applicable laws. Here’s how we use your information for these purposes:

  • Personalization: We tailor your experience and our marketing communications to make them more relevant and engaging for you. This involves analysing your use of our products, services, and transaction history to understand your preferences and interests.

  • Exclusive Offers: With your consent, we may send you information about promotions or offers from our partners that we believe could be of interest to you.

  • Partner Promotions: Again, with your permission, we allow our partners and other organizations to share information with you about their products or services that might be appealing.

  • Feedback: We value your opinion on our products and services and may reach out to gather your feedback to improve our offerings.

Remember, you have complete control over whether you receive marketing communications from us. You can opt-out at any time by adjusting your marketing preferences. The "How do you use my personal data for marketing?" section below provides detailed instructions on how to manage your marketing choices and ensure that you only receive information that is genuinely of interest to you.

Legitimate interests

  • Consent

To Keep Our Services Up and Running

We use your personal data to manage and maintain the Qypt platform, ensuring its smooth operation. This includes activities such as troubleshooting, data analysis, testing, research, statistical, and survey purposes. Our goal is to present content in the most effective manner for you and your device. Additionally, we may use your personal data to:

  • Authenticate Users: Confirm your identity as an authorized user of our services when necessary, such as when you contact our customer support or engage with our social media teams.

  • Interactive Features: Enable your participation in interactive aspects of our services, enhancing your user experience.

  • Service Updates: Inform you of any changes or updates to our services, ensuring you're always in the loop.

  • Security: Help maintain the safety and security of our website, protecting both your information and our platform from potential threats.

Our commitment to keeping Qypt operational and secure is paramount, and your personal data plays a crucial role in achieving this objective.

Contractual obligations

  • Legitimate interests

  • Consent

Improving our Products and Services

At Qypt, we are committed to continuously enhancing and developing our current products and services to better serve our customers. Your personal data plays a valuable role in this process. For instance, we may use your personal data to:

  • Focus Groups: You may be invited to participate in focus groups or testing sessions to provide feedback on new products or improvements to existing ones. Your input is instrumental in helping us create offerings that align with your preferences and needs.

Legitimate interests

Meeting Our Legal Obligations, Enforcing Our Rights, Protecting Our Business, and Other Legal Uses

At Qypt, we take our legal responsibilities seriously, and there are various scenarios in which we may use your personal data to meet these obligations, enforce our rights, protect our business, and fulfil other legal requirements. These situations may include:

  • Legal and Regulatory Compliance: To adhere to our legal or regulatory obligations, we may need to process your personal data.

  • Protection of Qypt: We use your personal data to protect our rights, property, personnel, and products. This includes efforts to prevent and combat harmful or unlawful behaviour and spam communications in line with Qypt's Community Standards.

  • Legal Claims: In connection with legal claims, your personal data may be utilized.

Legitimate interests

  • Substantial public interest

  • Legal obligations

4.4 Automated decision making

At Qypt, we may employ automated decision-making processes, depending on the specific Qypt products or services you use. This involves using technology to evaluate various factors, including your personal circumstances, to predict risks or outcomes. This process is commonly referred to as "profiling." The objective behind automated decision-making is to ensure the efficient operation of our services and to guarantee that decisions are fair, consistent, and based on accurate information.

When automated decisions are made about you, you have the right to request a manual review by a person. This is outlined in more detail in the "What are my rights?" section below. 

The legal basis for these automated decision-making processes may be one or more of the following:

  • Adhering to contracts and agreements between you and Qypt.

  • Fulfilling legal obligations.

  • Pursuing legitimate interests, particularly in developing and enhancing our capabilities to combat financial crime and fulfill our legal responsibilities.

We are committed to ensuring that automated decision-making is carried out responsibly and transparently, with your rights and interests in mind. If you have questions or concerns about automated decisions made about you, please refer to the "What are my rights?" section for further information.

4.5 Who do we share data with? 

Qypt may share your personal data with the following: 

Qypt Group Companies

We share your personal data within the Qypt group of companies for various purposes including providing you with the best service, protecting you and our systems from fraud or harmful behaviour, facilitating quick sign-up for other Qypt products or services, improving existing or developing new products or services, and sending you information about Qypt products and services that we believe you'll be interested in.

Suppliers

We share your personal data with suppliers who provide us with IT, payment, and delivery services, banking and financial services partners, payments networks, analytics providers, customer service providers, and/or communication services providers. This sharing is for various purposes including improving our website and managing and recovering debts.

Partners Who Help Provide Our Services

We may share your personal data with partners to provide certain services you've requested.

For Legal Reasons

We may share your personal data with other financial institutions, financial services companies, insurance providers, government authorities, law enforcement authorities, tax authorities, companies, and fraud prevention agencies as required by law or regulation.

Social Media and Advertising Companies

For marketing purposes, limited personal data (such as your name, email address) may be shared with social media platforms. You have the option to manage your marketing preferences directly with the social media provider.

Where You Ask Us to Share Your Personal Data:

Our legal basis for sharing your personal data with others is primarily based on legitimate interests or legal requirements. You can contact us if you don't want us to share your personal data for advertising purposes, and you can also manage your marketing preferences directly with social media providers.

Where you ask us to share your personal data with a third party, we may do so, provided we have proof of valid authorization.

Qypt also uses third party integration apps (also known as ‘processors’). 

Qypt will also use third-party solutions for the purposes of delivering the service, manage payments and subscriptions, and for marketing. Qypt may also use third-party solutions for managing emails and push notifications. Kindly note that your preferences for receiving emails and push notifications may be amended on the Qypt app. 

Firebase & Seald - Manages Customer account information. Contains user’s identifier and email upon sign-up. Logs features accessed, actions, IP address, system details, browser specifics, request headers/body, time zone, country, and access timestamps.
Mailchimp - Email service provider, web developers, affiliates, SEO agents, product suppliers, delivery and logistics, providers of professional advice (accounting and legal services) and providers of software management systems. To provide customer care, send you relevant notifications, improve our technology, etc.
Communications processors - An App Experience Platform that can deliver push notifications in real-time from a centralised platform. Customer care ticketing system. Email / Newsletter service provider. Inbound marketing, sales, and customer service provider. Facilitates sending push notifications to a mobile device. Allows Qypt to manage queries raised by customers through a ticketing system. Allows Qypt to send newsletters to customers. To analyse marketing and sales information.

Where required, we will use your information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Service users is among the assets transferred.

4.6 Marketing

If you sign up for our services and it's permitted by national laws, we will assume that you want to receive marketing communications from us via push notifications, email, and text messages. These communications may include information about Qypt products, services, offers, and promotions. In cases where national laws require us to obtain your consent before sending marketing messages, we will do so in advance.

We use your personal data to personalize marketing messages about our products and services to make them more relevant and interesting to you, where allowed by law. This may involve analysing how you use our services and your transactions.

You have the option to object to profiling for direct marketing purposes and can adjust your preferences or opt out of receiving direct marketing at any time. You can do this through the privacy settings or by using the unsubscribe links in any marketing message we send you.

If you choose not to receive personalized marketing messages and opt out, you will not receive any marketing communications. 

Our legal basis for sending marketing communications is:

  • Consent (where required by law to collect your consent)

  • Legitimate interests (to send you marketing and provide information relevant to your interests)

You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, or by sending us an email at support@qypt.io.

4.7 Personal data transfers outside the EU

As we provide an international service, we may need to transfer your personal data outside of the European Union (EU) to help us provide our services. We might also send your personal data outside of the EU to comply with global legal and regulatory requirements and to provide ongoing support services.

We may transfer your personal data outside of the European Union (EU) for the following purposes:

  • Complying with global legal and regulatory requirements.

  • Providing ongoing support services.

  • Sharing data with fraud prevention agencies or law enforcement authorities.

  • Enabling us to provide you with the products or services you have requested.

If we transfer your personal data to a country that doesn't offer a standard of data protection equivalent to the EU, we will ensure that your personal data is sufficiently protected. For example, we will put in place a contract with strict data protection safeguards before transferring your personal data. In some cases, you may be entitled to ask us for a copy of this contract.

If you would like more information regarding the transfer of your personal data outside the EU, please contact us by sending an email to support@qypt.io

4.8 Retention of Data

We will retain your personal data for as long as necessary to achieve the original purpose for which we collected it, in line with relevant laws. In some cases, we may retain your personal data for extended periods due to potential or ongoing court claims or other legal reasons. Qypt has detailed policies and procedures in place to ensure compliance with these requirements, all while prioritizing data security and privacy. If you have any questions or concerns regarding the retention of your data, please feel free to contact us. 

  1. Care and security of your personal data

Organizational and Technical Measures

At Qypt, safeguarding and managing your personal data is of utmost importance to us. We ensure that any personal data we process is handled with the highest level of care and security. This section outlines some of the security measures we have implemented to protect your data.

We employ a comprehensive set of organizational and technical measures to:

  • Maintain the confidentiality, availability, and integrity of your personal data.

  • Ensure that your personal data is not improperly used or disclosed.

5.1 Information Security Policies

Our organization has detailed information security and data protection policies in place. Our employees are required to adhere to these policies when handling your personal data. Additionally, our employees receive regular data protection and information security training to stay updated on best practices.

5.2 Secure Data Storage

Personal data is securely stored on computer systems with access management controls. These controls are designed to limit physical, system, and information access to only authorized employees.

5.3 Strict Data Sharing Policies

Qypt has stringent policies governing the sharing of your personal data with other companies. Before sharing any personal data with another company, we conduct a thorough vetting process and assess the security controls that the company has in place to protect your personal data.

5.4 Data Transmission Security

While we take all reasonable steps to ensure the security of your personal data, please note that we cannot guarantee its security during transmission to our website, or other services. However, we use HTTPS (HTTP Secure) for all our web and payment processing services. This means that the communication protocol is encrypted through Transport Layer Security (TLS), ensuring secure communication over networks.

5.5 Confidentiality of Credentials

If you use a password, PIN, generated authorization code, or any other credential to access the Qypt platform, website, or other services, it is crucial to keep it confidential. Please do not share your credentials with anyone. Qypt will never ask you for these credentials.

5.6 Public Services and Data Sharing

When using our public services, including our social network accounts and the Qypt Community forum, exercise caution and do not share any personal data that you do not want to be seen, collected, or used by other customers. Please be aware that such shared personal data may become publicly available.

5.7 What you can do to help protect your data

We will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Qypt asking you to do so, please ignore it and do not respond. 

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session. In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Qypt’s and more generally:

  • Keep your account passwords private. 

  • Do not use the same password for multiple accounts. If your password becomes known, it may be used to access your other accounts.

  • Never use your account password for an account that contains sensitive data. 

  • When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password.

  1. Your Data Protection Rights

At any point in time during our processing of your data, you have the following rights. All requests in this regard may be made by sending an email to support@qypt.io. We will also forward your request to relevant third parties mentioned above as required.

  • Right of access – You can request a copy of the information that we hold about you.

  • Right of rectification – You can ask us to correct data that we hold about you if it is inaccurate or incomplete.

  • Right to be forgotten – in some situations, you may ask us to delete certain data we hold about you and we will always comply to the extent allowed or required by any applicable law.

  • Right to restriction of processing – in some situations, you may ask us to restrict the processing of your data.

  • Right of portability – You may ask us to transfer certain data we hold about you to another organisation.

  • Right to object – You have the right to object to certain types of processing, such as direct marketing.

  • Right to object to automated processing, including profiling – You also have the right to object to the legal effects of automated processing or profiling.

  • Right to complain about how your Personal Data is being processed by us (or third parties), or about how your complaint has been handled – You can lodge a complaint directly with your jurisdiction’s data protection office and with us  support@qypt.io.

  1. Updates and changes to our privacy notice

We are committed to maintaining the highest level of transparency and trust with our users. This commitment extends to how we handle updates and changes to our Privacy Policy.

7.1 Notification of Changes:

  • Email Notifications: Whenever we make significant changes to our Privacy Notice that could impact your rights or how we use your personal information, we will notify you via email at least 10 days before the changes take effect. This email will outline the key changes and what they mean for you.

  • Platform Notifications: In addition to email, we will post notifications of any significant changes within our website. This will ensure that all users, including those who may not have provided an email address, are informed of any changes.

  • Update Date: The top of our Privacy Notice will always contain the date when it was most recently updated. We encourage you to review the policy periodically to stay informed about how we are protecting your information.

7.2 Reviewing Changes

Upon receiving a notification of changes to our Privacy Notice, you have the option to review the updated policy in full on our website. We will provide a link directly to the policy in any notification messages.

7.3 Your Acceptance

By continuing to use our services after these changes take effect, you agree to be bound by the revised policy. If you do not agree with the changes, you will have the option to close your account before the new policy takes effect.

For significant changes, especially those requiring new consents, we will ensure to obtain your agreement through active measures, such as check-boxes or confirmation buttons, wherever required by law.

7.4 Contact Us:

If you have any questions or concerns about our Privacy Policy or its updates, please do not hesitate to contact us. You can reach us via support@qypt.io. 

You may contact us by email at support@qypt.io.