Note: This document is a draft prepared for review. It should be reviewed by a qualified Irish solicitor before publication and before collecting any personal data from users.
Privacy Policy
Last updated: 10 May 2026
Qlarr Limited ("Qlarr", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our website at qlarr.com and our survey platform (collectively, the "Services").
Qlarr Limited is registered in Ireland under the Companies Act 2014, with its registered office at Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, Co. Cork, Ireland. We are the data controller for personal data processed in connection with the Services.
This policy is governed by the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Irish Data Protection Acts 1988–2018.
1. What Data We Collect
1.1 Account Data
When you register for a Qlarr account, we collect your name, email address, and password (stored as a secure hash). If you subscribe to a paid plan, payment information is processed by our payment provider and we do not store your full card details.
1.2 Survey Data
When you create surveys and collect responses through Qlarr, we process the content of those surveys and the responses submitted by your respondents on your behalf. In this context, you are the data controller for your respondents' data and Qlarr acts as a data processor under Article 28 GDPR. Our Data Processing Agreement governs this relationship.
1.3 Usage Data
We collect information about how you use the Services, including pages visited, features used, session duration, device type, browser, and IP address. This data is used to improve the platform and diagnose technical issues.
1.4 Communications
If you contact us via email or our contact form, we retain the content of those communications to respond to you and improve our support.
2. Legal Basis for Processing
We process your personal data on the following legal bases under Article 6 GDPR:
- Contract performance (Art. 6(1)(b)): processing your account data and subscription information is necessary to provide the Services you have signed up for.
- Legitimate interests (Art. 6(1)(f)): processing usage data to improve and secure the platform, where those interests are not overridden by your rights.
- Legal obligation (Art. 6(1)(c)): retaining certain records as required under Irish law, including tax and company law obligations.
- Consent (Art. 6(1)(a)): for optional communications such as product updates or marketing emails, where you have opted in.
3. How We Use Your Data
We use your personal data to:
- Create and maintain your Qlarr account
- Provide, operate, and improve the Services
- Process subscription payments and send billing communications
- Send transactional emails (account confirmations, password resets, service notices)
- Respond to support requests
- Monitor and analyse platform usage to detect issues and improve features
- Comply with our legal obligations under Irish and EU law
- Send product updates and marketing communications where you have consented
4. Data Sharing
We do not sell your personal data. We share data only in the following circumstances:
Service providers: We use third-party providers to operate the Services, including cloud hosting, payment processing, error monitoring, and analytics. These providers are contractually bound to process data only on our instructions and in accordance with GDPR.
Open-source self-hosting: If you self-host Qlarr on your own infrastructure, we do not receive your data or your respondents' data.
Legal requirements: We may disclose data where required by law, court order, or to protect the rights, property, or safety of Qlarr, our users, or others.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you in advance of any such transfer.
5. International Data Transfers
Qlarr's cloud infrastructure is hosted in the European Economic Area (EEA). If any service providers process data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, in compliance with Chapter V GDPR.
6. Data Retention
We retain your account data for as long as your account is active. If you close your account, we delete your personal data within 90 days, unless we are required to retain it for longer under Irish law (for example, financial records which we retain for 7 years under the Taxes Consolidation Act 1997).
Survey data and responses are retained in accordance with your instructions as the data controller. You may export or delete this data at any time through the platform.
Usage and analytics data is retained in aggregated or anonymised form after 24 months.
7. Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR:
- Access (Art. 15): request a copy of the personal data we hold about you
- Rectification (Art. 16): request correction of inaccurate or incomplete data
- Erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal retention requirements
- Restriction (Art. 18): request that we restrict processing of your data in certain circumstances
- Portability (Art. 20): receive your data in a structured, machine-readable format
- Objection (Art. 21): object to processing based on legitimate interests, including direct marketing
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@qlarr.com. We will respond within 30 days.
8. Cookies
Our website uses cookies and similar technologies. A cookie is a small text file stored on your device when you visit a website.
We use:
- Strictly necessary cookies: required for the platform to function (session management, authentication). These cannot be disabled.
- Analytics cookies: used to understand how visitors use our website (e.g. Google Analytics). These are only set with your consent.
- Preference cookies: used to remember settings such as language and display preferences.
You can manage cookie preferences via the consent banner displayed on your first visit, or through your browser settings. Withdrawing consent for non-essential cookies does not affect your ability to use the Services.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS), hashed password storage, role-based access controls, and regular security monitoring.
No method of transmission over the internet is 100% secure. If you become aware of a security issue, please report it to security@qlarr.com.
10. Children
The Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by a prominent notice on the platform at least 30 days before the changes take effect. Continued use of the Services after that date constitutes acceptance of the updated policy.
12. Contact and Complaints
For any questions about this policy or to exercise your data rights, contact:
Data Controller: Qlarr Limited Unit 3D North Point House, North Point Business Park New Mallow Road, Cork, Co. Cork, Ireland Email: privacy@qlarr.com
You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC), the supervisory authority for data protection in Ireland:
Data Protection Commission 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland Website: dataprotection.ie