Privacy Policy

Welcome to Qpho Services (the Site).We understand that privacy online is important to users of our Site, especially when conducting business.This statement governs our privacy policies with respect to those users of the Site (Visitors) who visit without transacting business and Visitors who register to transact business on the Site and make use of the various services offered by This APP (collectively, Services) (Authorized Customers).

Personally Identifiable Information

refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, including, but not limited to, name, address, phone number, fax number, email address, financial profiles, social security number, and credit card information. Personally Identifiable Information does not include information that is collected anonymously (that is, without identification of the individual user) or demographic information not connected to an identified individual.

What Personally Identifiable Information is collected?

We may collect basic user profile information from all of our Visitors. We collect the following additional information from our Authorized Customers: the names, addresses, phone numbers and email addresses of Authorized Customers, the nature and size of the business, and the nature and size of the advertising inventory that the Authorized Customer intends to purchase or sell.

What organizations are collecting the information?

In addition to our direct collection of information, our third party service vendors (such as credit card companies, clearinghouses and banks) who may provide such services as credit, insurance, and escrow services may collect this information from our Visitors and Authorized Customers. We do not control how these third parties use such information, but we do ask them to disclose how they use personal information provided to them from Visitors and Authorized Customers. Some of these third parties may be intermediaries that act solely as links in the distribution chain, and do not store, retain, or use the information given to them.

How does the Site use Personally Identifiable Information?

We use Personally Identifiable Information to customize the Site, to make appropriate service offerings, and to fulfill buying and selling requests on the Site. We may email Visitors and Authorized Customers about research or purchase and selling opportunities on the Site or information related to the subject matter of the Site. We may also use Personally Identifiable Information to contact Visitors and Authorized Customers in response to specific inquiries, or to provide requested information.

With whom may the information may be shared?

Personally Identifiable Information about Authorized Customers may be shared with other Authorized Customers who wish to evaluate potential transactions with other Authorized Customers. We may share aggregated information about our Visitors, including the demographics of our Visitors and Authorized Customers, with our affiliated agencies and third party vendors. We also offer the opportunity to 'opt out' of receiving information or being contacted by us or by any agency acting on our behalf.

How is Personally Identifiable Information stored?

Personally Identifiable Information collected by This APP is securely stored and is not accessible to third parties or employees of This APP except for use as indicated above.

What choices are available to Visitors regarding collection, use and distribution of the information?

Visitors and Authorized Customers may opt out of receiving unsolicited information from or being contacted by us and/or our vendors and affiliated agencies by responding to emails as instructed, or by contacting us at

Are Cookies Used on the Site?

Cookies are used for a variety of reasons. We use Cookies to obtain information about the preferences of our Visitors and the services they select. We also use Cookies for security purposes to protect our Authorized Customers. For example, if an Authorized Customer is logged on and the site is unused for more than 10 minutes, we will automatically log the Authorized Customer off.

How does This APP use login information?

This APP uses login information, including, but not limited to, IP addresses, ISPs, and browser types, to analyze trends, administer the Site, track a user’s movement and use, and gather broad demographic information.

What partners or service providers have access to Personally Identifiable Information from Visitors and/or Authorized Customers on the Site?

This APP has entered into and will continue to enter into partnerships and other affiliations with a number of vendors.Such vendors may have access to certain Personally Identifiable Information on a need to know basis for evaluating Authorized Customers for service eligibility. Our privacy policy does not cover their collection or use of this information. Disclosure of Personally Identifiable Information to comply with law. We will disclose Personally Identifiable Information in order to comply with a court order or subpoena or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our Visitors and Authorized Customers.

How does the Site keep Personally Identifiable Information secure?

All of our employees are familiar with our security policy and practices. The Personally Identifiable Information of our Visitors and Authorized Customers is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis. Sensitive information, such as credit card numbers or social security numbers, is protected by encryption protocols, in place to protect information sent over the Internet. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to Visitors or Authorized Customers for any such occurrences.

How can Visitors correct any inaccuracies in Personally Identifiable Information?

Visitors and Authorized Customers may contact us to update Personally Identifiable Information about them or to correct any inaccuracies by emailing us at info@qpho.site

Can a Visitor delete or deactivate Personally Identifiable Information collected by the Site?

We provide Visitors and Authorized Customers with a mechanism to delete/deactivate Personally Identifiable Information from the Site’s database by contacting . However, because of backups and records of deletions, it may be impossible to delete a Visitor’s entry without retaining some residual information. An individual who requests to have Personally Identifiable Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personally Identifiable Information relating to that individual in any way moving forward.

What happens if the Privacy Policy Changes?

We will let our Visitors and Authorized Customers know about changes to our privacy policy by posting such changes on the Site. However, if we are changing our privacy policy in a manner that might cause disclosure of Personally Identifiable Information that a Visitor or Authorized Customer has previously requested not be disclosed, we will contact such Visitor or Authorized Customer to allow such Visitor or Authorized Customer to prevent such disclosure.

Links:

Qpho Services contains links to other web sites. Please note that when you click on one of these links, you are moving to another web site. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.



GDPR

 

What is GDPR?

GDPR stands for General Data Protection Regulation. A new law enforced by EU to protect end user’s personal data. This law enforce several aspect of data security. Here we want to give a guideline how we protect your data, what is our responsibility and what is your responsibility. We strongly suggest you read all our documentation or other article about GDPR and take decision whether you want to use our application or not. We are not responsible for any negligence or fault on data protection on your side or any third party side.  Take your time to read documentation and act wisely, stay safe.

 

Definition of Personal Data:

Any data owned by an individual is his or her personal data. It could be someone’s name, image, email address, physical address, social media post, location, computer IP address etc. The ownership of user’s personal data is absolute. That means wherever and however the data is saved it belongs to the user solely. The data collector or data user (facebook, youtube) cannot show, save, share or perform any other activity with user’s personal data without user’s explicit or implicit permission. If an user gives permission to use his or her data on specific type of action (data storing, data viewing etc) then it can be used by the admin of the application. To visualize this consider a hypothetical situation. You post a status on social media. Here you have given the implicit permission to show the post to your public or private contacts. Application admin is not responsible for any abusive comment to your post made by your contacts. This means that if you made your data public then it is your responsibility. But application admin do hold responsible for any data sharing with third party. If any data is shared it must be said explicitly in advance. So we see the how data uploading and showing depends on both app admin and user. Further details you will get upon reading the full documentation.

 

Responsibility of Developer:

The safeguard of user personal data on application back end is the responsibility of developer. Developer is responsible for how the user data (name, telephone no. email etc ) and other info ( like logs of user interaction with application ) is stored on database and server. We will describe in detail how the data you submit directly (name, email etc.) and indirectly (browser name, computer IP etc.) are saved on database and server.  Once any data uploaded to server the security of data depends on security of server and sometimes the admin of application. User will be notified about all the temporary (cookie and session) and permanent (data saved to database) data saving. User will get the option of all his or her personal data erasing permanently upon account deletion or service cancellation. We assure you that we do not keep logs of user activity and any other backdoor to extract user data. Sometime cpanel access and other credential of app admin is needed by the developer to support and maintaining of the application for short time before the application goes full online. We strongly recommend to app admin to change these credential after the job get done. Developer cannot be held responsible for any credential leak on this ground. Developer also cannot be held responsible for any unwilling security glitch on the application. After all, data shared online always has the risk of getting leaked. So we strongly suggest not to share any data that can compromise you any other individual.

 

Responsibility of Application Admin:

Application Admin has unrestricted access the user personal data. Admin can access to database, server logs and any other info on admin’s reach. Application admin can see and copy the data saved on database and server. App admin can share user’s personal data to third parties. How the user’s data is used must be announced by the app admin explicitly before user registration. The admin should not allow anyone to extract data openly or under disguise of survey, fill the form or any other means. The app admin enjoys most privilege on application. So admin has the highest responsibility of safekeeping of user’s personal data.

 

User’s Responsibility:

It’s all depends on user. If user do not submit data then there will be no data breach. But this is not an option. The top most priority of user is to read all the documentation from both app developer and app admin then submit the data. Safe keeping of user’s own credential is sole responsibility of user. Password and username may be encrypted on database but a dictionary word or too predictable password for a specific user can give easily access to user’s account to hacker. Change your credential on any suspicious activity by unauthorized person or in case of you share your credential to other for some inevitable reason. Always think before submit.  

 

Our Action on GDPR:

  • Collect as less data as possible. Tell the user necessity or collecting specific data.
  • Enforce https
  • Destroy all session and cookies after logout.
  • Do not track user activity for commercial purpose.
  • Tell users of any logs that saves computer ip and location.
  • Clear terms and condition.
  • Inform user about any data sharing with third parties.
  • Create clear policies about data breaches.
  • Delete data on cancelling subscription or account deletion.
  • Patch web vulnerabilities.

 

 

Supported GDPR Features:

Adios, Application: Once you cancel your subscription or delete account we give you option to delete all your data existing or related to your account. Note that, this action is irreversible. The moment you say yes to delete all your data will be erased from the database and server forever. You can back up data before delete in case of re subscribe or re-register.

 

Secrecy is my right: We encrypt most of your personal data on database. If any bad things occur (data breach) then the hacker will get encrypted hash not your personal on plain text. So your secrecy will intact even in case of data breach. Note that, some data cannot be encrypted because we need to show it upon login to account (like username). We will hide all your personal data as much as possible.

 

No cookie and session saving: We will give option to save or do not save cookie and session. Even if you save cookie and session these will be destroyed after logout. We strongly suggest you not save your credential in browser. Please memorize your credential or use tools like lastpass to manage your credential.

 

Destroy footprints: We do not save or track any of your activity for any commercial purpose. We may store your login time or IP for security purpose only. When you delete your account every single piece of your data will be deleted from server.

 

Social engineering is bad: We do not record any of your personal activity on the application. Recording user’s personal activity, analyzing it and try to sell a product or motivating user to pursue a certain thought upon analyzed data is becoming a malpractice. We do not do such things.

 

Notify me: Get notified about all your activity relating to your account (account creation, password change) by email. We suggest you to change your credential if any unusual things occur.

 

Policy Update notification: You will get notified on any privacy policy or disclaimer updates. Read your email regarding to this matter and decide your action. Feel free to consult on this matter.

 

Connect without worry: We enforced HTTPS everywhere. Data sniffing is not possible on this case. Even possible, the sniffer will get encrypted hash. So feel safe to use our application.

 

No data collecting: We do not collect any data of user.  No backdoor, No hidden option to collect data. Once the application is uploaded to server even we cannot enter to application without app admin password. So do not worry about any hidden data leak.

 

Data breach policy: We implement all the security to store your data carefully on database (data encryption, MySQLi, SQL injection prevention, input checking etc.). But we do not take any responsibility of data breaches from server. Because it is total responsibility of app admin and server admin to secure your data from breaching. Any weak or too predictable password of app admin or server admin could compromise database. Any inherent fault on database config can give away the database (MongoDB security fault). Any security flaw on server can lead to data leaking. Please contact your app admin on this regard.