Privacy Policy

1. Who we are

The Quiet Archives is the data controller for personal data processed in connection with QAnalyst. Contact: office@thequietarchives.com

2. What data we collect

Account and billing data

• Name, company name, and email address — provided when you order a report or subscribe
• Payment reference (PayPal transaction ID) — we do not store card numbers
• Subscription tier and billing status

KPI and analysis data

• CSV files you upload containing your business metrics (sessions, revenue, conversion rate, etc.)
• Analysis results generated from your data
• Outcome feedback you submit voluntarily through the dashboard

Technical data

• Report access events logged for security and audit purposes
• Language preference stored in your browser's localStorage (no server storage)

3. What we do NOT collect

We do not collect end-customer data, names, addresses, or any personal information of your customers. The analysis engine processes only aggregated KPI metrics. Our local LLM (Ollama) receives no personally identifiable information.

4. Lawful basis for processing

• Contract (Art. 6(1)(b) GDPR) — processing your KPI data and delivering your report
• Legal obligation (Art. 6(1)(c) GDPR) — audit logs retained for legal compliance
• Legitimate interest (Art. 6(1)(f) GDPR) — service security and fraud prevention

5. Data retention

• Uploaded CSV files — deleted immediately after analysis is complete
• Analysis results — retained for 12 months or the duration of your subscription, whichever is longer
• Account data — retained for the duration of your contract plus 6 months
• Audit logs — retained for 24 months (legal obligation)
• Report links — expire after 30 days (one-shot) or per subscription terms

6. Anonymised learning data

After each analysis, we store a fully anonymised learning record. This record contains:

• Industry category (e.g. "ecommerce")
• Company size bucket (xs / s / m / l / xl) based on revenue impact ranges — not exact figures
• Quarter (e.g. "2026Q2") — not the exact date
• Problem type (e.g. "conversion_drop")
• Impact percentages (external/internal split)
• Recommended action category

What is NOT stored:

• Company name or identifier
• Exact revenue figures
• Exact dates
• Any personally identifiable information

This data cannot be linked back to any individual company or person. It is used solely to improve analysis accuracy for future reports.

7. Data sharing

We do not sell your data. We do not share your data with third parties except:

• PayPal — we share the data necessary to complete your payment (name, email, order amount). Subject to PayPal's privacy policy
• Legal authorities if required by applicable law

8. Data security

All data is processed on hardware we control. KPI analysis runs on a local machine with no data leaving our infrastructure. Report links use opaque tokens. Access is logged for all data operations involving personal information.

9. Your rights

Under GDPR you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent

To exercise any of these rights, email us at office@thequietarchives.com. We will respond within 30 days.

10. Cookies and local storage

We do not use tracking cookies. The dashboard stores your language preference in browser localStorage only — this data never leaves your device. No analytics or advertising scripts are loaded.

11. Changes to this policy

We may update this policy when our practices change. Material changes will be communicated by email to active subscribers. The current version is always available at this URL.