Privacy Policy

Last updated: October 4, 2025 (04/10/2025)

Who we Are: Qiraa (Qiraa, we, us, our)

1. Summary / Quick Read

This Privacy Policy explains what personal data we collect, how we use it, the choices you have, and your rights. It applies to our websites, apps, and services (the "Service"). Capitalised terms used but not defined here have the meanings in our Terms of Service.

  • We collect only what we need to run Qiraa: account details, limited billing metadata from Stripe, in-app items (e.g., saved passages, notes, recents), short audio snippets you choose to record for matching, and basic device/usage data.
  • Payments: handled by Stripe; we do not store full card numbers, CVC, or bank account details.
  • Emails: you'll receive essential transactional emails (e.g., sign-in, 2FA, security, receipts, critical announcements). Newsletters are opt-in and can be unsubscribed at any time.
  • You can access, correct, export, or delete your data, and object to or restrict certain processing.
  • We keep data only as long as needed or required by law, and use security measures to protect it.

2. What we Collect

  • A) Account data (you provide)

    • Email, first name, last name, password (stored as a one-way hash)
    • Profile preferences (e.g., interface settings).

  • B) In-app content

    • Saved items, notes, bookmarks, recent activity, and any other content you store in the app.

  • C) Audio data (optional)

    • Short microphone snippets you record for recognition/matching or other in-app activities. These are processed to PCM and retained only as necessary for the Service (see Retention).

  • D) Billing & donations metadata (via Stripe)

    • Stripe customer ID, donation amounts/currency, timestamps, invoice/charge IDs, outcome codes (refund, chargeback, etc.).
    • We do not collect or store full payment card numbers, CVC, or bank account details. Those are collected and stored by Stripe.
    • You can view Stripe's privacy and terms here.

  • E) Device & usage data (automatic)

    • Log data (e.g., IP address, device type, app version, pages/screens visited, time stamps), crash diagnostics, and basic event telemetry for reliability and security.
    • Generic analytic data such as device types, pages/screens visted do not link back to your account. They are used as indicators to help us improve our services, e.g. allocating more recourses towards certain services.

  • F) Cookies and similar tech

    • Strictly necessary cookies for authentication and security across qiraa.ai subdomains.
    • Optional analytics/marketing cookies only with your consent (if enabled).

  • G) Sources

    • Directly from you; automatically through the Service; from Stripe and other processors we use to operate Qiraa.

3. How we use data (purposes & legal bases)

Purpose Examples Legal basis (UK/EU/EEA)
Provide and operate the Service account creation, session auth, saving items/notes, audio matching Contract (Art. 6(1)(b))
Security & abuse prevention detect fraud/abuse, rate-limit, protect accounts, debug Legitimate interests (Art. 6(1)(f))
Payments & billing process donations, issue receipts, maintain records Contract & Legal obligation (tax/audit)
Essential communications sign-in, 2FA, security alerts, receipts, critical service announcements Contract & Legitimate interests
Product improvement analytics to understand performance and reliability Legitimate interests (minimised, aggregated where possible)
Newsletters/marketing optional product updates and announcements Consent (Art. 6(1)(a))
Compliance & enforcement respond to lawful requests, enforce terms Legal obligation / Legitimate interests

Balancing test (legitimate interests). Where we rely on legitimate interests, we only process data that is necessary, implement safeguards (e.g., pseudonymisation, opt-outs), and balance against your privacy interests.

4. Emails & Communications

  • Transactional/service emails. We send essential emails to operate your account (e.g., sign-in links, two-factor codes, security alerts, receipts, and critical service announcements). These are not marketing and you cannot opt out while keeping an active account.
  • Newsletters/marketing. Sent only if you opt in. Unsubscribe anytime via the link in the email or in settings. We maintain a minimal suppression list to honour opt-outs.
  • In-app notifications may be used for important messages or in-app features, e.g. reminders.

5. Sharing & Processors

We do not sell your personal data. We share it only with:

  • Processors that help us run Qiraa (e.g., hosting, storage, email & notification providers, analytics, error reporting).
  • Stripe for payments. Stripe acts as our payment processor and independent controller for some activities.
  • Legal & compliance recipients (law enforcement or regulatory bodies) when required by law.
  • Business transfers. If we're involved in a merger, acquisition, or sale of assets, we'll continue protecting your data and notify you of any changes to this Policy.

All processors are bound by contracts requiring appropriate security and privacy protections.

6. International Transfers

Your data may be processed in countries other than where you live. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses and the UK IDTA) and assess local laws to ensure an equivalent level of protection.

7. Retention

We keep data only for as long as necessary for the purposes described or as required by law:

  • Account & in-app data: while your account is active. Deleted upon request or after published inactivity periods.
  • Audio snippets: retained only long enough to perform matching and service integrity; thereafter deleted or anonymised.
  • Billing metadata: retained for 6-7 years to comply with tax and audit obligations. Kept indefinately for active account.
  • Logs & diagnostics: short, rolling retention unless needed for security or investigations.
  • Marketing suppression list: kept to honour your opt-out.
  • Analytic Data: Usually kept for 1-3 months but is not tied to user accounts. kept anonymised.

8. Your Rights

Depending on your location (e.g., UK/EU/EEA), you may have the right to:

  • Access a copy of your data.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Restrict or object to certain processing (including where we rely on legitimate interests).
  • Portability of data you provided to us.
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with a supervisory authority (e.g., the UK ICO at ico.org.uk).

9. Cookies

We use strictly necessary cookies for sign-in, sessions, and security. Optional analytics or marketing cookies are used only with your consent. You can control cookies in your browser and in our cookie settings (where available). If you block necessary cookies, the Service may not work properly.

View our Cookie Policy for more details on what cookies we set.

10. Children

The Service is not directed to children under 13. We do not knowingly allow under-13s to create accounts. If you believe we have collected data about a child under 13, contact support@qiraa.ai and we will delete it.

11. Security

We use measures appropriate to the risk, including encryption in transit, hashed passwords, access controls, monitoring, and regular review of suppliers. No system is perfectly secure; if you suspect an incident, email support@qiraa.ai.

12. Changes to this Policy

We may update this Policy from time to time. We will post the new version with an updated effective date. For material changes, we will provide reasonable advance notice (e.g., in-app notice or email). Your continued use of the Service after the changes take effect means you accept the revised Policy.

13. Contact Information

If you have any questions about these Privacy Policies, please contact us at:

Email: contact@qiraa.ai

Address: Qiraa, 61 Bridge Street, Kington. HR5 3DJ

For any requests/complaints/legal/security notices, please contact us at:

Email: support@qiraa.ai

Address: Qiraa, 61 Bridge Street, Kington. HR5 3DJ