Privacy Policy

QPAD operates qpad.com and the related product pages on which this notice appears. We collect a limited amount of information from visitors to run, secure, and improve the site. We do not sell or rent your personal data, and we do not share it for third-party advertising.

When you visit the site, our hosting provider and analytics tools automatically receive standard request data, including:

• IP address (in truncated or hashed form where possible)
• Browser type, operating system, and device class
• Pages visited, time spent, and referring page
• Approximate location derived from IP (country and region)
• Date and time of the request

If you contact us by email, we also process the information you choose to send (your name, email address, and message contents).

• Traffic analytics: understand how visitors find and use the site so we can improve it.
• Security and integrity: detect and prevent abuse, fraud, and technical attacks.
• Site reliability: diagnose errors and performance issues.
• Respond to enquiries: only if you have written to us.

Under the EU and UK GDPR, our legal basis is legitimate interest for the basic analytics and security processing listed above, and consent for any non-essential cookies (see below).

We use a small number of cookies and similar technologies. They fall into two groups:

• Strictly necessary: required for the site to load and function safely (e.g. load-balancing, CSRF protection). These do not need consent.
• Analytics: anonymous or pseudonymous counters that tell us which pages are visited and how often. Where required by law, these are only set after you give consent through the cookie banner.

You can withdraw consent at any time by clearing your browser cookies for this site or by using the controls in the cookie banner if shown.

We only share data with service providers that help us run the site, and only to the extent necessary for that purpose. Current processors include:

• Vercel Inc.: hosting and deployment infrastructure.
• Analytics provider: aggregated traffic measurement. [TBC: name once decided.]

These providers are contractually bound to handle your data only on our instructions and to apply appropriate security measures. Some of them may process data outside the European Economic Area (EEA); where they do, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.

We do not sell your personal data, and we do not share it with ad networks or data brokers.

• Server logs: up to 30 days, then deleted or aggregated.
• Aggregated analytics: up to 24 months in anonymised form.
• Email correspondence: as long as needed to handle your enquiry and any reasonable follow-up, then deleted.

If you are in the EU, EEA, or UK, the GDPR gives you the following rights regarding your personal data:

• Access: request a copy of what we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: ask us to delete data we hold about you.
• Restriction or objection: ask us to pause or stop certain processing.
• Portability: receive your data in a structured, machine-readable format.
• Withdraw consent: at any time, for processing based on consent.
• Lodge a complaint with your local supervisory authority. In Denmark this is Datatilsynet.

To exercise any of these rights, contact us at the address below. We will reply within 30 days.

The site is not directed at children under 13. We do not knowingly collect personal data from anyone in that age group. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, post a notice on the site.

Questions or requests related to this policy can be sent to contact@qpad.com.

Data controller: Qpad ApS. [TBC: registered address, company number, and DPO/contact person for data protection matters.]