Privacy Policy

1. Who we are

Quemsi GmbH ("Quemsi", "we", "us" or "our") operates the Quemsi platform and landing site. You can reach our privacy team at info@quemsi.com.

2. Data we collect

We collect the minimum personal data needed to operate Quemsi. We do not collect, transmit, or store the contents of your databases, backups, or other structured data managed by your agents.

a. Account & workspace information

• Registration details such as name, email address, and password (hashed and salted).
• Workspace metadata, including drive names, storage descriptors, and agent identifiers that you define.

b. Operational metadata

• Flow configuration metadata, tags, schedules, and execution status reported by your agents.
• Audit trails like who triggered a flow, when a restore completed, or when credentials were rotated.
• Health signals from agents (heartbeats, version information, anonymised error codes).

c. Support interactions

• Information you share over email or support channels, including logs or screenshots you voluntarily provide.

d. Website analytics

• We use Google Analytics to understand aggregated traffic patterns on quemsi.com. Analytics data is pseudonymised and used only to improve the site. You can opt out by installing the Google Analytics opt-out browser add-on or by disabling analytics cookies in your browser.

3. How we use personal data

• Provide and maintain the Quemsi service, including authenticating users, provisioning agents, and executing flows.
• Send operational communications such as onboarding emails, security notices, or product updates you opted into.
• Offer customer support, diagnose issues, and improve our roadmap based on aggregated usage insights.
• Secure the platform by auditing activity, preventing abuse, and enforcing access controls.
• Comply with legal obligations, including responding to lawful requests from authorities.

We do not sell personal data or use it for unrelated advertising.

4. Sharing & processors

We share personal data only when necessary to run Quemsi or when required by law:

• Service providers such as cloud hosting, email delivery, billing, and analytics tools act as processors under written agreements. They may only process data to perform services for us.
• Professional advisors (legal or accounting) when needed to comply with regulations or defend legal claims.
• Compliance and safety if we believe disclosure is necessary to meet legal obligations, protect users, or prevent fraud.

If we are involved in a corporate transaction (merger, acquisition, or sale of assets), we will provide prior notice before personal data is transferred or becomes subject to a different privacy policy.

5. Cookies & similar technologies

Quemsi uses minimal cookies:

• Essential cookies keep you signed in, enforce security settings, and remember your preferences. They cannot be disabled because the site will not function without them.
• Analytics cookies (Google Analytics) measure traffic and help us improve the site. You can opt out by adjusting your browser settings or using the Google opt-out tool linked above.

We do not use advertising cookies or share cookie data with third-party advertisers.

6. Data retention

• Account and workspace data are retained while you maintain an active subscription. On request or after deactivation, we delete or anonymise data within 60 days unless a longer retention period is required by law.
• Operational metadata (run history, audit logs) is retained for the duration of your retention configuration or, if unspecified, up to 18 months to support compliance and troubleshooting.
• Support communications are stored for up to 24 months to help with follow-up requests.
• Analytics data is retained in aggregate form for up to 14 months.

7. International data transfers

Quemsi primarily hosts metadata and application services within the European Union. If personal data is transferred outside the EU/EEA, we rely on approved mechanisms such as Standard Contractual Clauses to ensure an equivalent level of protection.

8. Security

We apply layered security controls:

• All traffic between agents, the web console, and our APIs is encrypted in transit (TLS 1.2+).
• Metadata stores are encrypted at rest using industry-standard ciphers.
• Access to production systems is restricted to authorised personnel using multi-factor authentication and audited access.
• We conduct routine vulnerability scans and maintain a responsible disclosure program. Report issues to info@quemsi.com.

No system is perfectly secure. If we detect a breach affecting your data, we will notify you without undue delay and provide relevant details.

9. Your rights

Depending on where you live, you may have the following rights over your personal data:

• Access a copy of the personal data we hold about you.
• Request corrections to inaccurate or incomplete data.
• Request deletion of personal data, subject to legal or contractual obligations.
• Object to or restrict certain processing activities.
• Receive data in a portable format or ask us to transmit it to another controller.
• Withdraw consent when processing is based on consent (for example, marketing preferences).

To exercise these rights, email us at info@quemsi.com. We may need to verify your identity before fulfilling the request.

10. Changes to this policy

We may update this policy to reflect new features, legal requirements, or operational changes. When we make material updates, we will notify you by email or through the web console and update the "Last updated" date above.