Book a call EN FR

Privacy Policy

Last updated:

1. Introduction

Qartivus ("we", "our", or "us") respects your privacy. This policy explains how we collect, use, and protect your personal data when you use qartivus.com or contact us about projects.

2. Legal basis for processing

We process your personal data on the following legal bases:

  • Consent: When you submit the contact form, you must tick a box confirming you agree to our Privacy Policy and consent to processing. This consent is required before we can process your inquiry.
  • Legitimate interest: Cookie consent preference is stored to remember your choice and avoid showing the banner repeatedly. Storing a local draft of contact service selections (before you submit the form) supports a smooth inquiry experience and stays on your device only.
  • Contract (if applicable): If you become a client, we may process data necessary to perform our services.

3. What data we collect

We collect only what is necessary:

  • Contact form: Name, email, company (optional), service interest, and message. Submitted when you use our contact form.
  • Consent preference: Whether you accepted or refused optional cookies. Stored in your browser (localStorage) so we remember your choice.
  • Contact form draft (browser only): Service selections you add from pricing cards or “add to contact” actions are stored in localStorage under qartivus-contact-basket only on your device, so the contact form can be prefilled if you navigate away or return later. This is not sent to our servers until you submit the form. It is cleared automatically after a successful submission; you can also remove it by clearing site data for qartivus.com.
  • Usage data (optional): If you accept analytics cookies, we may collect pages visited and basic usage metrics. We do not use third-party analytics by default.

4. How your data flows

When you submit the contact form:

  • Your message is sent to our Django backend (hosted on Railway), which stores it in our database and may send it to our inbox via Google Apps Script.
  • We use this data solely to respond to your inquiry and discuss your project. We do not add you to mailing lists unless you explicitly opt in.
  • Data rights (export / deletion): If you request a copy or deletion of your contact data from the Contact page, our systems send email messages so you can confirm the request came from you. After you confirm, we fulfill the request without undue delay: for access and portability we email your contact submissions as a JSON attachment; for erasure we delete those submissions from our database and email you a JSON record of what was removed. We also send a private link to our data request status page. Do not share it. If we hold no contact data for your address, we tell you on the site and do not send unnecessary mail.

Blog content is loaded from our API; we do not track which posts you read.

5. Cookies and local storage

We use a minimal set of cookies and local storage for essential functionality, to remember your cookie consent choice, and to hold a draft of contact service selections until you send the form. See our Cookies Policy for keys, purposes, and how to clear them.

6. Data sharing

We do not sell your personal data. We may share data with:

  • Hosting: Railway (frontend and backend) and our database provider.
  • Email: Google Workspace / Google Apps Script for contact form delivery.

These providers process data under their own privacy policies and our instructions.

7. International transfers

Our hosting (Railway) and email (Google Workspace / Google Apps Script) providers may process data in the United States or other countries outside the EU/EEA. Where required, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of data protection.

8. Data retention

We retain contact form submissions as long as needed to respond and for legitimate business purposes (e.g. project follow-up). You may request deletion at any time via the contact page. After you confirm the deletion request from our email, we remove matching contact submissions without undue delay.

9. Your rights

Under GDPR and similar laws (e.g. CDPA), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format where technically feasible.
  • Object: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Complain: Lodge a complaint with a supervisory authority (e.g. your local data protection authority in the EU).

To exercise access (export), portability, or erasure (deletion), use the Contact page: the "Your data rights" section lets you request an export or deletion of your contact data. To reduce misuse (e.g. exports to someone else’s inbox), we require email confirmation before anything is exported or deleted. After you confirm: we email you a JSON file (export: your messages; deletion: a record of what we removed), and we send a private status link. Do not share it. Very old requests may still show a short delay on the status page; contact us if you are unsure. If we have no contact data stored for your email, the site explains that and we do not send confirmation spam. For any other rights or questions, email contact@qartivus.com. We will respond within a reasonable timeframe (typically within 30 days where applicable).

10. Security

We use HTTPS, secure hosting, and industry-standard practices to protect your data. Contact form submissions are transmitted over encrypted connections.

11. Changes

We may update this policy. The "Last updated" date at the top will reflect any changes.

12. Contact

Questions about your data? Email us at contact@qartivus.com.