Privacy Policy

Controller: Ruhil's Consultation Inc. BV · KvK 865867688 · Effective 01/07/2026

This policy explains how we handle personal data when you use qear.ai and its subdomains (the "Service"). Privacy requests: [email protected].

1. Our two roles

We act as controller for your account and billing data, and as processor for the content you submit to be verified ("Input"). If your Input contains personal data, you are the controller of it and we process it on your behalf. Do not submit special-category or high-risk personal data without a lawful basis and a DPA with us.

2. What we collect

3. Legal bases

Providing and securing the Service and managing your account — performance of a contract. Billing and record-keeping — contract and legal obligation. Monitoring, abuse prevention, reliability — legitimate interests. Optional product emails — consent, withdrawable anytime.

4. How we use Input

Input is processed to generate a verdict and citation, and is sent to the sub-processors listed below solely to perform verification. [Confirm retention: state whether Input is stored and for how long, or processed transiently.] We do not sell your data or use your Input to train foundation models.

5. International transfers

Some sub-processors are located outside the EEA (notably the United States). Where we transfer personal data outside the EEA, we rely on appropriate safeguards — Standard Contractual Clauses and/or an applicable adequacy decision.

6. Sub-processors

See our full Sub-processor List. In summary: Cloudflare (hosting), Supabase (database/auth), Groq and Voyage AI (model inference/embeddings), Stripe (payments), Resend (email).

7. Retention

Account data: for the life of your account and a reasonable period after. Billing records: as required by law. Usage/diagnostic logs: [period], then deleted or anonymised. On account deletion we anonymise identity data and delete or anonymise associated records, retaining only what law requires.

8. Your rights (GDPR)

You have the right to access, rectify, erase, restrict, port, and object to processing, and to withdraw consent. We provide self-service data export and account deletion in-app or via [email protected]. Business customers may request a Data Processing Agreement. You may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

9. Security

We use access controls, hashing of API keys, encrypted transport, and least-privilege service credentials. We will notify affected users and authorities of a personal-data breach as required by law.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes and contact

We may update this policy; material changes will be notified. Questions or requests: [email protected].