Summary: quelris collects only the data needed to deliver our intelligence platform. We do not sell, share, or rent your personal data. We do not run advertising. We do not track you across other apps or websites. You can request access, correction, or deletion of your data at any time by emailing privacy@quelris.com.
This Privacy Policy applies globally to all users of the quelris mobile application and website (quelris.com), regardless of your location. Where specific laws provide you with additional rights, those are detailed in the regional sections below.
Quelris Ltd ("quelris", "we", "us", "our") is the data controller (or equivalent under your local law) responsible for your personal data.
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email address, display name, hashed password | Account creation, authentication |
| Subscription data | Plan type, subscription status, trial dates, purchase history | Service delivery, billing management |
| Preference data | Selected intelligence domains, theme, notification settings | Personalising your experience |
| Usage data | Features used, screens viewed, session duration | Improving the service (anonymised) |
| Device data | Device type, OS version, app version | Compatibility, technical support |
| Push tokens | Expo push notification token, device platform | Delivering alerts you opted into |
We do not sell your personal data. We do not share your data for cross-context behavioural advertising. We do not disclose your data to data brokers.
We process your personal data based on the following legal grounds (referenced under UK GDPR / EU GDPR Article 6):
| Activity | Lawful Basis |
|---|---|
| Account creation and service delivery | Performance of contract (Art. 6(1)(b)) |
| Subscription management and billing | Performance of contract (Art. 6(1)(b)) |
| Push notifications | Consent (Art. 6(1)(a)) — you opt in via device permissions |
| Anonymised product analytics | Legitimate interest (Art. 6(1)(f)) — improving service quality |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) — protecting users and infrastructure |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest, we have conducted a balancing test. You may contact us for details of these assessments.
We share data with the following processors. Each is contractually bound to protect your data to the same or higher standard, and may only process it on our instructions:
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| RevenueCat | Subscription management | Anonymous app user ID, subscription events | United States |
| PostHog | Anonymised product analytics | Anonymised usage events (no PII) | United States |
| Expo (EAS) | App distribution, push notification delivery | Push tokens, device platform | United States |
| Apple Inc. | iOS distribution, billing, push delivery | Per Apple's privacy policy | United States |
| Google LLC | Android distribution, billing, push delivery | Per Google's privacy policy | United States |
| Hetzner Online GmbH | API server hosting | Encrypted data at rest and in transit | European Union (Germany) |
We do not share data with: advertisers, ad networks, data brokers, marketing platforms, social media companies, or any entity for the purpose of advertising, profiling, or behavioural targeting.
Our primary API infrastructure is hosted in the European Union (Hetzner, Germany). Some third-party processors are based in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion request |
| Subscription / financial records | Duration of subscription + 7 years (UK/EU tax and accounting law) |
| Anonymised analytics | 12 months (rolling) |
| Push notification tokens | Until you disable notifications or delete your account |
| Support correspondence | 24 months from last communication |
| Server access logs | 90 days |
When data is no longer needed, it is securely deleted or irreversibly anonymised.
Regardless of your location, quelris grants all users the following rights:
To exercise any right, email privacy@quelris.com. We will verify your identity and respond within 30 days (or sooner where required by local law). We do not charge a fee for reasonable requests.
You may request complete account deletion by emailing privacy@quelris.com with subject "Account Deletion Request". We will delete your account and associated personal data within 30 days and confirm completion. Some data may be retained where required by law (e.g. financial records for tax compliance).
Report security vulnerabilities to security@quelris.com.
In the event of a personal data breach:
Website (quelris.com): We use only strictly necessary cookies required for the website to function. No advertising, analytics, or tracking cookies are used on our website.
Mobile application: The quelris app does not use cookies, advertising identifiers, device fingerprinting, or cross-app tracking. Anonymised analytics are collected via PostHog using privacy-respecting methods with no PII transmitted.
We comply with the UK PECR, EU ePrivacy Directive, and the DUAA 2025 amendments (effective 5 February 2026).
quelris is not intended for use by individuals under the age of 18 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children or minors. If we become aware that we have collected data from a person below the applicable age threshold, we will delete it promptly. Contact privacy@quelris.com if you believe we hold a minor's data.
In addition to the global rights above, the following sections provide supplementary information required by specific jurisdictions. If your jurisdiction is not listed, the global provisions in Sections 1–12 apply.
Your data is processed under the UK General Data Protection Regulation and the Data Protection Act 2018. In addition to the rights listed in Section 8, you have the right not to be subject to decisions based solely on automated processing (Article 22 UK GDPR).
Supervisory authority: Information Commissioner's Office (ICO)
If you are located in the EEA, your data is processed under the EU General Data Protection Regulation (Regulation 2016/679). You have all the rights listed in Section 8 plus the right to lodge a complaint with your national Data Protection Authority (DPA).
International transfers from the EEA are protected by EU Standard Contractual Clauses (SCCs) and supplementary measures as required by the CJEU Schrems II decision.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Categories of PI collected in the last 12 months: Identifiers (email, display name); Internet/electronic activity (usage data); Commercial information (subscription history). We have not sold or shared personal information in the last 12 months.
To exercise your rights, email privacy@quelris.com. We will verify your identity before processing requests. We respond within 45 days.
If you reside in a US state with comprehensive privacy legislation (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Kentucky, Rhode Island, or other states with active consumer privacy laws), you generally have rights to access, delete, correct, and opt out of certain processing. quelris honours these rights for all US residents. Contact privacy@quelris.com to exercise them.
If you are in Brazil, your data is protected under the Lei Geral de Protecao de Dados (LGPD). You have the right to confirmation of processing, access, correction, anonymisation/blocking/deletion, data portability, information about shared data, information about consent denial consequences, and consent revocation. Contact privacy@quelris.com or file a complaint with the ANPD (Autoridade Nacional de Protecao de Dados).
If you are in Canada, your data is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial legislation. You have the right to access your personal information and challenge its accuracy. We obtain meaningful consent before collecting, using, or disclosing your personal information. Contact privacy@quelris.com or file a complaint with the Office of the Privacy Commissioner of Canada (OPC).
If you are in Australia, your data is protected under the Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to access and correct your personal information. We will respond to access requests within 30 days. Contact privacy@quelris.com or file a complaint with the Office of the Australian Information Commissioner (OAIC).
If you are in India, your data is protected under the Digital Personal Data Protection Act, 2023 (DPDP Act). You have the right to access, correction, erasure, and grievance redressal. We process your data based on consent or legitimate use as defined under the DPDP Act. Contact privacy@quelris.com.
If you are located in a jurisdiction with applicable data protection laws not specifically listed above (including but not limited to Japan (APPI), South Korea (PIPA), Singapore (PDPA), South Africa (POPIA), or any other country with active privacy legislation), we will honour the data protection rights afforded to you by your local law. Contact privacy@quelris.com to exercise your rights.
In accordance with Apple App Store Review Guidelines (Section 5.1.1) and Google Play Developer Policy:
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. For material changes:
Supervisory authorities:
© 2026 QUELRIS LTD · REGISTERED IN ENGLAND AND WALES