Legal
Privacy Policy
Last updated 2026-06-08
This page summarizes published terms for self-serve accounts. Enterprise customers use executed MSA/DPA documents. Counsel review recommended before relying on this text for regulated obligations.
1. Scope
This policy covers data processed when you use Qtangl web properties, API, dashboard, and self-serve Monitor tier.
2. Data we collect
Account email, billing identifiers (via Stripe), scan targets and inventory metadata, API usage logs, and optional benchmark opt-in aggregates (k-anonymized readiness scores only — no raw host lists in cohort data).
3. How we use data
To deliver scans, signed reports, transparency log inclusion, scheduled monitoring, onboarding emails, and — when opted in — anonymized industry benchmarks.
4. Readiness Index consent
Benchmark participation requires explicit opt-in in dashboard settings. You may withdraw consent at any time; historical aggregates may retain k-anonymized statistics that cannot identify your tenant.
5. Subprocessors
Infrastructure providers (hosting, email, payments) are listed on the Trust Center at /trust/subprocessors. Enterprise DPAs cover additional subprocessors on request.
6. Retention
Scan artifacts and signed reports are retained per your tier and evidence retention settings. Audit logs follow the SOC2 program retention schedule.
7. Security
Reports are cryptographically signed. Tenant isolation, encryption in transit, and optional KMS envelope key custody are described at /trust.
8. Your rights
Contact charley@qtangl.com (subject [PRIVACY]) for access, correction, or deletion requests. EU/UK requests processed within applicable statutory timelines.
9. Contact
charley@qtangl.com · Qtangl, Inc.