Data Compliance & Privacy

**Last Updated:** January 28, 2026 | **Service:** QCVal (qcval.seosiri.com)

This page explains how QCVal handles data, what we collect, why we collect it, where it’s stored, who we share it with (our processors/sub-processors), and what rights you have.

QCVal is a web application that helps users **create, manage, and verify quality control checklists** for international trade and supply chain management. We designed QCVal using privacy-by-default principles: collect the minimum data needed to operate the service, keep it secure, and give you control.

1. Data We Collect (Inventory)

A) Data you provide

  • Account Data: Email address, unique Firebase User ID (UID), and basic profile name (if provided).
  • Project Data: All user-generated content, including Checklist titles, parameters, scores, standards, **Seller UID**, **Buyer UID** or **Buyer Email**, and chat messages.
  • AI Credentials (BYOK): **Your provided OpenAI / Gemini / Anthropic API Keys.** These keys are **NOT stored in our database (Firestore) or server**. They are stored only in your browser's **Local Storage** and sent directly to the AI vendor from your browser.
  • Endorsements: Your UID is stored when you endorse a community standard to track integrity.

B) Data collected automatically

  • Log Data: IP address, device/browser type, pages visited, timestamps, and error logs (collected by Firebase and Vercel for security).
  • Security Telemetry: Data used to prevent abuse, troubleshoot, and monitor reliability.

2. Why We Collect Data (Purposes)

We process data to:

  • Provide and operate all core QCVal features (Checklist creation, sharing, management).
  • Authenticate users, manage accounts, and maintain secure sessions.
  • Enable features like AI-powered suggestions and translation using your provided API keys.
  • Monitor reliability, prevent fraud/abuse, and enforce rate limits.
  • Calculate your in-app performance metrics (Pipeline, Conversion, Health Score).
  • Respond to support requests and meet legal obligations.

3. Legal Bases (GDPR / UK GDPR)

For users in the EEA/UK, we rely on:

  • Contract Necessity: To fulfill the service you sign up for (account management, storing your projects).
  • Legitimate Interests: Security, fraud prevention, reliability monitoring, and service improvement.
  • Consent: For future non-essential cookies or analytics (if implemented).

4. Where Data Is Stored & International Transfers

  • Primary Database (Firestore): Data is stored in the Google Cloud region: **us-central1 (or your configured region)**.
  • Hosting (Vercel): Hosting and edge delivery may process requests globally for speed.
  • If personal data is transferred internationally (e.g., outside the EEA/UK), we rely on appropriate safeguards such as **Standard Contractual Clauses (SCCs)** implemented by our vendors.

5. Our Sub-Processors (Vendors)

We do not sell your data. We share it only with necessary third parties to operate the service:

  • Hosting & Delivery: Vercel (Web hosting, CDN/edge)
  • Database & Auth: Google Firebase / Firestore (Authentication and data storage)
  • AI Services: OpenAI, Google AI, Anthropic (Process user-submitted prompts for suggestions/translation, but **do not store your API Key**).
  • Source Control: GitHub (Code repository, build logs).

6. Security, Retention & Deletion

  • Security: We use industry-standard security: **Encryption in transit** (HTTPS/TLS), **Encryption at rest** (provided by Google Cloud/Firebase), and strict access control.
  • Retention: We retain data as long as your account is active. Logs are retained for a limited period (**60 days**) unless needed for security investigations.
  • Deletion: When you delete content or your account, we delete or de-identify data within a reasonable timeframe (max **30 days**), subject to backups rotating out.

7. Your Rights & Choices

Depending on your location (e.g., California, EEA/UK), you have rights including Access, Correction, Deletion, and Portability. We commit to fulfilling these rights.

8. CCPA/CPRA-Style Notice (California)

We do not sell or share personal information for cross-context behavioral advertising.

9. Contact Us

To exercise your rights, or for privacy, compliance, or security questions, please contact us:

Email: info@seosiri.com

← Back to Home