Privacy Policy
Effective Date: January 2026
Privacy at a Glance
- We collect only what we need to provide our service
- We never sell your personal data to third parties
- We use industry-standard security measures
- You can request your data or deletion at any time
- We use cookies for essential functionality and analytics
1. Introduction
The Q Factor ("we", "us", or "our") operates the website theqfactor.io (the "Service").
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this policy.
This policy should be read in conjunction with our Terms and Conditions.
2. Definitions
| Term | Definition |
|---|---|
| Personal Data | Information that can identify you as an individual, such as your name, email address, or payment information. |
| Usage Data | Data collected automatically about how you use our Service, including pages visited, time spent, and actions taken. |
| Cookies | Small text files stored on your device that help us recognise you and remember your preferences. |
| Data Controller | The entity that determines how personal data is processed. For this Service, we are the Data Controller. |
| Service Providers | Third-party companies or individuals that process data on our behalf to help provide the Service. |
3. Information We Collect
3.1 Personal Data You Provide
When you register for an account or use our Service, we may collect:
- Email address — Required for account authentication and providing access to research reports
- Name — First and last name for personalisation
- Password — Stored in encrypted form; we cannot see your password
- Payment information — Processed by Stripe; we do not store card details
- Communications — Messages you send to our support team
3.2 Usage Data (Collected Automatically)
When you use the Service, we automatically collect:
- IP address and approximate location (country/region)
- Browser type and version
- Device type and operating system
- Pages visited and time spent on the Service
- Referral source (how you found us)
- Reports viewed and features used
- Access times and dates
4. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the Service | Contract performance |
| Process payments and subscriptions | Contract performance |
| Send verification emails and password resets | Contract performance |
| Send service-related communications | Legitimate interest |
| Improve and optimise the Service | Legitimate interest |
| Respond to support requests | Contract performance |
| Detect and prevent fraud or abuse | Legitimate interest |
| Comply with legal obligations | Legal requirement |
| Send marketing communications (with consent) | Consent |
5. Information Sharing and Disclosure
We may share your information with:
5.1 Service Providers
Third parties that help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment details |
| Resend | Email delivery | Email address, name |
| Google Analytics | Website analytics | Usage data (anonymised) |
| Cloudflare | Security and CDN | IP address, request data |
These providers only access data necessary to perform their functions and are obligated to maintain confidentiality.
5.2 Legal Requirements
We may disclose your information if required to:
- Comply with a legal obligation or court order
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the personal safety of users or the public
- Protect against legal liability
5.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
6. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account data: Retained while your account is active, plus 12 months after deletion request
- Usage data: Retained for up to 26 months for analytics purposes
- Payment records: Retained for 7 years as required by tax and accounting laws
- Email communications: Retained for up to 3 years
- Support tickets: Retained for up to 3 years
You may request earlier deletion of your data (see Section 9).
7. Cookies and Tracking Technologies
7.1 Types of Cookies We Use
| Type | Purpose | Duration |
|---|---|---|
| Essential | Required for the website to function (login, security, session management) | Session / 30 days |
| Preferences | Remember your settings (theme, display preferences) | 1 year |
| Analytics | Understand how visitors use our site (Google Analytics) | 2 years |
7.2 Managing Cookies
You can control cookies through your browser settings:
- Block all cookies: May prevent parts of our Service from working correctly
- Delete cookies: You'll need to log in again and preferences will be reset
- Private/Incognito mode: Cookies deleted when you close the browser
To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on.
8. Data Security
We implement appropriate security measures to protect your data:
- Encryption in transit: All data transmitted via HTTPS/TLS
- Password hashing: Passwords are protected using industry-standard salt-and-hash encryption
- Access controls: Limited access to personal data on a need-to-know basis
- Secure infrastructure: Hosted on secure servers with regular security updates
- Payment security: PCI-DSS compliant payment processing via Stripe
- Regular monitoring: Systems monitored for suspicious activity
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
If we discover a data breach that affects your personal information, we will notify you as required by law.
9. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a common, machine-readable format
- Objection: Object to processing of your data for certain purposes
- Restriction: Request restriction of processing in certain circumstances
- Withdrawal: Withdraw consent for marketing communications at any time
To exercise these rights, contact us at [email protected]. We will respond to your request within 10 working days.
You can also update your information directly in your account settings.
10. Children's Privacy
Our Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we discover that we have collected personal data from a child, we will delete it promptly.
11. International Data Transfers
Your information may be transferred to and processed in countries other than New Zealand, including:
- United States: Where our service providers are located (Stripe, Cloudflare)
We ensure appropriate safeguards are in place for international transfers, including contractual protections with our service providers.
Your consent to this Privacy Policy followed by your submission of information represents your agreement to such transfers.
12. Third-Party Links
Our Service may contain links to third-party websites (such as company websites, stock exchanges, or news sources). We are not responsible for the privacy practices of those sites.
We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
13. Do Not Track Signals
Some browsers have a "Do Not Track" (DNT) feature. Our Service does not currently respond to DNT signals.
However, you can manage cookies and opt out of analytics as described in Section 7.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We will post the updated policy on this page
- We will update the "Effective Date" at the top
- For significant changes, we will notify you by email
Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
We encourage you to review this Privacy Policy periodically.
15. New Zealand Privacy Act 2020
We comply with the New Zealand Privacy Act 2020 and the Information Privacy Principles. This includes:
- Collecting information only for lawful purposes directly related to our functions
- Collecting information directly from you where possible
- Taking reasonable steps to ensure information is accurate and up-to-date
- Storing information securely and protecting against unauthorised access
- Giving you access to your information on request
- Correcting information when requested
- Not using information for purposes other than those for which it was collected
If you are not satisfied with how we handle a privacy matter, you may contact the Office of the Privacy Commissioner.
16. Feedback and Complaints
If you have any complaints about our dealings with your personal information, including any breaches of the New Zealand Privacy Act 2020, you can submit that complaint by contacting us using the details below.
Any complaints received will be referred to our team for prompt investigation and a written response will be provided as soon as possible.
Should you not be satisfied with the resolution of any complaints, you may seek further redress through the Office of the Privacy Commissioner.
17. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Website: theqfactor.io
We aim to respond to all privacy inquiries within 10 working days.