Data we collect on the website
We don’t use trackers or cookies. We count the number of visitors, anonymised IP addresses, operating system, browser, time and what pages people visit. We only store and process anonymised statistics on website users. None of this data is stored or shared with anyone else, we use it to make sure our website is working well, and analyse the number of users of certain pages.
If you download Quirkos, we ask for an e-mail address which is only used to send one e-mail with links to training and support materials, to ask for feedback and send an quarterly update when new features of Quirkos are available. This e-mail address is securely stored, but not connected to any other data except the date and time you entered it. If you want to be removed from this, just contact email@example.com.
If you use any content linked to from third party sites on our website (eg Youtube, Twitter) they may track you or store data. This is outside our control!
Data we collect if you buy or install Quirkos
Quirkos does not collect any information from you about how you use Quirkos, or data from your projects. In offline mode, a connection is only needed to check the activation code, but no other data is sent at any time. On startup, Quirkos checks for a new version on the server, but no user metrics, project information or anything else is shared at any time.
If you purchase a licence for Quirkos through the website, or via credit/debit card, we also need your name, address and credit/debit card information. We do not store or process any credit/debit card data, but our payment provider ‘Stripe’ may use this to verify your card details and check for fraud. More detail is here: https://stripe.com/gb/privacy
We store your name and address securely, and use this only for posting physical media you have requested (such as USB sticks or manuals) we never use your name or address for marketing or share with anyone else. If you request a student discount, we require you to send us proof of current student status such as a scan of a student ID card, or screenshot of your enrollment status. We will check this is valid, and delete once approved.
If you use the Quirkos Cloud service, your email address, password and project data will be stored on our secure servers. Your IP address is temporarily stored for the length of your session while logged into Quirkos Cloud as a security measure, and some usage logs for diagnostic purposes. This system is hosted with a ISO/IEC 2700:2013, EU-U.S. and Swiss-U.S. Privacy Shield, SOC 1 and SOC 2 Type II and PCI-DSS compliant provider. Project data is stored on the server nearest to your location, which might be a different country, and in accordance with local country laws and data regulations. We do not have access to your project data unless you grant us access. We only process this data to provide backups. None of this data is shared with third party organisations.
We will make a prompt public notification if there is a breach detected in any of our systems, and notify affected users directly.
User personal information is kept for a maximum of 5 years after a subscription ends, or indefinitely for offline licences unless otherwise requested. User project data is kept for 2 years after a subscription period ends, restarting a subscription any time in this period will reset the delete date. Deleted data is overwritten, and backups removed after 1 month. Our cloud host providers each have policies for the destruction or secure wiping of hardware containing personal or project information.
Our cloud hosting providers (Digital Ocean and Mythic Beasts) maintain highly secure facilities for server hosting. We store data on these systems with modern, high levels encryption where-ever possible, and data transfer is only between end users, and our network of cloud servers to facilitate global collaboration and system backups. We do not share any of this stored data with third-party providers. Unless otherwise required or directed, we aim to keep data hosted in servers located within users home region. This is automatically detected on account creation based on the country, specific data-protection requirements and distance to servers. However, customers can request their data be hosted in a specific country if different from the above criteria.
Company employees have limited access to project data, and none if projects are password encrypted. A minimum number of staff have access to server systems, with strict password and access policies, and only for purposes of maintenance, monitoring and development. Our system access and design policy is to minimise the necessity and possibility of any data access.
If you use the Quirkos Transcribe service, we will use audio data that you upload to our server to process and create automated generated text. The audio and text is end-to-end encrypted in transmission and at rest, and is not accessible by employees, or shared with any third parties. Audio data is deleted as soon as transcription is completed, and text is deleted as soon as it is collected, or after a week. We do not collect user data on the transcription system, only the number of minutes transcribed which is used to show how many minutes are remaining in your account.
If you register for the newsletter, register for a trial, or purchase a licence or subscription, we will use your email address to send a quarterly newsletter with information about updates, training and learning materials. This is managed by a third-party email provider, Mailjet. You can opt-out of this any time by emailing firstname.lastname@example.org.
If you e-mail us for support or queries, we may ask for information about your computer to help us diagnose and fix the problem. In some cases we may ask for you to send us a project file to diagnose problems. If we do this, we will treat the data in confidence, and delete it when the issue is resolved.
You have the right to access, rectify, erase, restrict processing, port, object and be informed about any way we store or process your data. In any of these cases, just contact us by e-mailing email@example.com, this service will be free.
For the purpose of the Data Protection Act 2018 (the Act) and the GDPR, the data controller is Quirkos Limited, a company registered in Scotland with company number SC458174 and its registered office at 3 John's Place, Edinburgh, EH6 7EL.