Privacy Policy

This Privacy Policy explains how Qourby collects, uses, stores, shares, and protects personal information when you visit our website, join our newsletter or access list, create or use an account, run scans, use integrations, contact us, or otherwise interact with the service.

Qourby is a security scanning workspace. Because the service processes domains, scan configurations, findings, evidence, reports, logs, and account activity, some information may be sensitive to your organization even when it is not personal information.

Account and contact information may include your name, email address, company or team name, role, authentication provider identifier, communication preferences, and support requests.

Service content may include domains, URLs, site metadata, ownership labels, scan configurations, scan schedules, scan results, findings, evidence, notes, remediation status, reports, exports, custom rules, webhook destinations, integration settings, and team activity.

Usage and technical information may include IP address, device and browser information, pages viewed, session identifiers, authentication events, API activity, log records, feature usage, timestamps, error events, and security or abuse signals.

Payment and commercial information may include plan selection, billing contact details, invoices, transaction identifiers, tax information, and subscription status. Payment card details, if collected, are normally handled by a payment processor rather than stored directly by Qourby.

We may receive information from identity providers, hosting platforms, communication tools, issue trackers, payment processors, analytics providers, security tools, and other services you connect to Qourby.

If you enable an integration, we may receive account identifiers, workspace names, repository or project metadata, webhook delivery information, issue or ticket metadata, and other information needed to operate the integration.

We use information to provide, operate, secure, maintain, and improve Qourby. This includes authenticating users, verifying site ownership, running scans, processing findings, generating reports, delivering notifications, supporting integrations, enforcing plan limits, and responding to support requests.

We also use information to monitor reliability, detect abuse, prevent unauthorized scanning, investigate security events, debug errors, maintain audit logs, comply with legal obligations, enforce terms, manage billing, and communicate product, access, security, or administrative updates.

For newsletter or access-list submissions, we use your email address to send development updates, access information, release notes, and related Qourby communications. You may opt out of non-essential marketing emails where required by law.

Where laws such as the GDPR require a legal basis for processing, we process personal information as needed to perform a contract with you, take steps at your request before entering a contract, comply with legal obligations, protect legitimate interests, protect vital security interests, or based on consent where consent is required.

Legitimate interests may include operating and securing the service, preventing abuse, improving product reliability, communicating with users, supporting customers, and understanding service usage, provided those interests are not overridden by applicable privacy rights.

We use cookies, local storage, session storage, and similar technologies to keep you signed in, maintain security state, remember preferences, support application functionality, measure usage, debug errors, and protect against fraud or abuse.

You can control cookies through your browser settings. Blocking cookies may prevent authentication, session management, or other service features from working correctly.

We do not sell personal information. We may share information with service providers and subprocessors that help us host infrastructure, authenticate users, process payments, deliver email, monitor reliability, provide support tooling, analyze usage, detect abuse, or operate integrations.

We may share information with third-party services you choose to connect, such as identity providers, messaging tools, issue trackers, repositories, webhook endpoints, and reporting destinations.

We may disclose information if required by law, legal process, or government request; to protect rights, safety, and security; to investigate abuse; to enforce our terms; or as part of a merger, acquisition, financing, reorganization, or sale of assets.

We use administrative, technical, and organizational safeguards designed to protect information, including access controls, authentication controls, logging, network protections, encryption in transit, and operational security practices.

No service can guarantee absolute security. You are responsible for using strong account security, protecting credentials and API keys, configuring integrations carefully, limiting team access, and ensuring that data you submit to Qourby is appropriate for processing by the service.

We retain information for as long as needed to provide the service, maintain account records, preserve scan history according to plan limits, comply with legal obligations, resolve disputes, enforce agreements, secure the service, and maintain business records.

Retention periods may vary by data type, plan, configuration, and legal requirement. Scan history, reports, logs, audit records, support records, and billing records may be retained for different periods. We may delete, aggregate, or de-identify information when it is no longer needed.

Qourby and its service providers may process information in countries other than where you live or where your organization is located. Those countries may have privacy laws that differ from your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, subprocessors with appropriate transfer mechanisms, and other measures required by applicable law.

Depending on your location and the type of information involved, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. You may also have rights to withdraw consent or lodge a complaint with a privacy regulator.

You can request help with privacy rights by contacting privacy@qourby.com. We may need to verify your identity or authority before acting on a request. Some information may be retained where required for security, legal, billing, dispute, or operational reasons.

If Australian privacy law applies, this policy is intended to describe how we manage personal information, the types of personal information we collect, how it is used and disclosed, how you may access or correct it, and how to contact us with privacy questions or complaints.

If EEA or UK data protection law applies, you may have additional rights under GDPR-style laws, including rights related to access, correction, erasure, restriction, portability, objection, withdrawal of consent, and complaints to a supervisory authority.

If California privacy law applies, you may have rights to know, access, correct, delete, and limit certain uses of personal information, and to be free from discrimination for exercising privacy rights. We do not sell personal information.

Qourby is intended for business and professional use and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child provided personal information to Qourby, contact privacy@qourby.com.

If we become aware of a security incident involving personal information, we will investigate and take steps required by applicable law. Where notification is legally required, we will notify affected users, customers, regulators, or other parties as required.

Because Qourby is used for security testing, alerts and findings generated by scans are not themselves necessarily privacy or security incidents involving Qourby systems.

We may update this Privacy Policy as Qourby changes, as laws change, or as our data practices evolve. If changes are material, we will provide notice through the website, application, email, or another reasonable channel.

The effective date at the top of this page shows when this policy was last updated. Continued use of Qourby after an updated policy becomes effective means the updated policy applies to your use of the service.

For privacy questions, rights requests, or complaints, contact privacy@qourby.com. For security reports, contact security@qourby.com. For account or product support, contact support@qourby.com.