Privacy policy

Download

Effective Date: June 2, 2026 · Version 2.0

1. About this Policy

This Privacy Policy (this “Policy”) explains how Qevlar AI collects, uses, shares, and protects personal information (or “personal data” ) when you interact with us through our website at qevlar.com (the “Website”), our AI - powered cybersecurity software -as-a-service (the “Services”), our sales and support communications, and our events, webinars, and marketing programs (collectively, the “Channels”).

We are a business -to-business company. We collect personal information primarily about (a) representatives of our prospective and existing business customers and partners, (b) visitors to the Website, and (c) end users whose information is processed through the Services on behalf of our customers (each, a “Service End User”). Different parts of this Policy apply to different categories of individuals — please review the headings to identify the parts that apply to you. Where you provide personal information to us in connection with our Services, the customer that deploys the Services is generally the “controller” (or “business”) of that data, and Qevlar AI acts as a “processor” (or “service provider”) on the customer’s behalf. Our processing in that role is governed by our customer agreements and our Data Processing Agreement, not this Policy. This Policy applies to data we collect as a controller in our own right (for example, when you visit the Website, fill in a contact form, register for an eve nt, or otherwise interact with Qevlar AI directly).

2. Who is the controller of your data

Depending on where you are located, the controller (business) of personal information collected under this Policy is:

If you are located in... The controller is... Contact
The European Economic Area (EEA), the United Kingdom, or Switzerland Qevlar AI (a French société par actions simplifiée, RCS Nanterre 952 849 115), 15 rue Auguste Gervais, 92130 Issy-les-Moulineaux, France support@qevlar.com
The United States, Canada, or the rest of the world Qevlar AI Inc. (a Delaware corporation), 8 The Green, Suite A, Dover, DE 19901, United States support@qevlar.com

Qevlar AI and Qevlar AI Inc. are referred to in this Policy collectively as “Qevlar,” “we,” “us,” or “our.” Where both entities are involved in determining the purposes and means of processing the same personal information, they act as joint controllers under European data-protection laws.

3. Personal information we collect

We collect personal information directly from you, automatically through our Channels, and from third -party sources. The categories of personal information we may collect about you, in our own right as a controller, include:

  • Identification and contact information — name, business email address, business phone number, employer name, job title, country, and (where you choose to provide them) social-media handles.
  • Communication content — the content of messages you send us, including sales enquiries, support tickets, RFP and security-questionnaire responses, email correspondence, and notes from sales or support calls.
  • Marketing-engagement information — information about your interactions with our marketing emails, events, webinars, and content (such as opens, clicks, attendance, and content downloads ), and your marketing preferences.
  • Account and login information — credentials used to access the Services or the Website (such as username, hashed passwords, authentication factors, session tokens), and security -related metadata (such as login timestamps, IP address, and device identifiers).
  • Device, browser, and usage information — IP address, device identifiers, browser type and version, operating system, language settings, referrer URL, pages visited, links clicked, session duration, and similar information collected automatically through cookies, log files, and similar technologies.
  • Recruitment information — if you apply for a role with us, the information in your CV / résumé, cover letter, work-eligibility evidence, and any other information you provide during the recruitment process. (A separate candidate-privacy notice applies to recruitment.)
  • Information from third -party sources — business-contact information enriched through third-party providers (for example, LinkedIn, ZoomInfo, Apollo), referrals from existing customers or partners, and information from public sources such as company websites.

We do not knowingly collect sensitive personal information (such as government identifiers, biometric data, racial or ethnic origin, religious beliefs, health information, or precise geolocation) in our role as a controlle r. If we receive sensitive personal information inadvertently — for example, in a free -form support message — we will delete it or treat it consistently with the protections this Policy and applicable law require. We do not knowingly collect personal infor mation from children under 16. The Website and the Services are intended for business professionals and are not directed to children.

4. How we use your information

We use the personal information we collect, in our role as a controller, for the following purposes:

  • Operating and securing the Website and our Channels — including authenticating users, monitoring for fraud and abuse, troubleshooting, and maintaining performance and availability.
  • Responding to enquiries and providing customer and prospect support — including handling sales enquiries, scheduling demos, responding to support tickets, and following up on RFPs and security questionnaires.
  • Marketing and business development — including sending marketing emails and newsletters, organizing and managing e vents and webinars, measuring the effectiveness of campaigns, profiling marketing preferences, and otherwise promoting Qevlar (where permitted by applicable law and your preferences).
  • Account management and customer onboarding — including creating and managing customer accounts, provisioning credentials, providing onboarding support, and administering trials, evaluations, proofs of concept, and partner programs.
  • Improving our offerings — including analysing aggregated and de -identified usage of the Website and Services to improve content, design, and functionality, and to research market needs.
  • Recruitment — assessing applications and managing the recruitment process for open positions.
  • Legal compliance, dispute management, and protection of rights — including complying with legal and regulatory obligations, responding to lawful requests from public authorities, enforcing our terms, defending or pursuing legal claims, and protecting the rights, property, or safety of Qevlar, our customers, or others.
  • Corporate transactions — including evaluating, negotiating, completing, or integrating a merger, financing, acquisition, divestiture, or similar corporate transaction.

When personal information is processed through the Services on behalf of our customers , we use i t only as instructed by the relevant customer in our customer agreement and Data Processing Agreement, and as permitted by applicable law. We do not use such customer -controlled personal information for our own marketing or business-development purposes, and we do not use it to train third -party AI or machine-learning models for the benefit of any third party.

5. Legal bases for processing (EEA / UK / Switzerland)

If the GDPR, the UK GDPR, or the Swiss Federal Act on Data Protection applies to our processing of your personal information, we rely on the following legal bases:

Purpose Legal basis
Operating and securing the Website; responding to enquiries; account management; protecting our legal rights; processing recruitment applications Legitimate interests (Article 6(1)(f) GDPR) — our interest in operating, securing, supporting, defending, and developing our business — balanced against your rights and interests.
Sending marketing emails to existing customers about similar products (so-called "soft opt-in"), and processing strictly necessary cookies and similar technologies Legitimate interests (Article 6(1)(f) GDPR), or, where required by applicable national law, your consent (Article 6(1)(a) GDPR).
Sending marketing emails and other commercial communications to prospects, dropping non-essential cookies, profiling, and similar marketing operations where consent is required Your consent (Article 6(1)(a) GDPR), which you may withdraw at any time.
Performing customer agreements (account onboarding, billing, support) Performance of a contract (Article 6(1)(b) GDPR) or, where you are not personally a party, our legitimate interest in performing the customer agreement.
Complying with legal obligations (tax, accounting, regulatory, law-enforcement requests) Compliance with a legal obligation (Article 6(1)(c) GDPR).
Corporate transactions and group reorganizations Legitimate interests (Article 6(1)(f) GDPR) in evaluating and completing the transaction.

Where we rely on legitimate interests, you have the right to object as described in Section 11. We do not knowingly process special categories of personal data (Article 9 GDPR) in our role as a controller.

6. How we share personal information

We do not sell your personal information for money. We share personal information only in the following circumstances:

  • Service providers and sub -processors — we share personal information with vendors that perform services on our behalf, including cloud-hosting providers (currently Google Cloud Platform, Amazon Web Services, and Microsoft Azure), email and CRM platforms, analytics providers, customer -support tools, security tools, professional advisors, and payment processors. We bind these vendors by written contracts that include data -protection commitments at least as prot ective as those set forth in this Policy and applicable law. A current list of sub -processors for our Services is available at qevlar.com/legal/sub - processors and is updated from time to time.
  • Affiliates and group companies — we share personal information between Qevlar AI and Qevlar AI Inc. (and any future affiliates) for the purposes described in this Policy, including for joint marketing, sales, support, security, finance, and corporate -administration purposes. Intra -group transfers are subject to appropriate safeguards (see Section 8).
  • Business customers and partners — where you interact with us through a business customer, partner, or referral source, we may share information about that interaction with the relevant customer, partner, or referrer for relationship-management purposes.
  • Legal, regulatory, and safety — we may disclose personal information where we believe in good faith that disclosure is required by law, court order, or governmental request, or is necessary to (i) enforce our terms, (ii) protect the rights, property, or safety of Qevlar, our customers, or others, or (iii) detect, prevent, or otherwise address fraud, security, or technical issues.
  • Corporate transactions — we may disclose personal information to potential acquirers, investors, advisers, or successors in connection with a merger, financing, acquisition, divestiture, restructuring, insolvency, or similar corporate transaction.
  • With your consent or at your direction — we may share personal information for any other purpose with your consent or at your direction.

Marketing analytics on the Website. We use analytics providers (such as Google Analytics) and advertising-cookie providers that may use cookies, pixels, or similar technologies to help us understand how visitors use the Website and to deliver and measure ads. Where applicable law treats this activity as a “sale” or “sharing” of personal information (for example, under the California Consumer Privacy Act, as amended by the CPRA), you may exercise the rights described in Section 12 or use the “Your Privacy Choices” link in the Website footer.

7. Cookies and similar tracking technologies

We use cookies, pixels, local -storage objects, and similar technologies (collectively, “Cookies”) on the Website. We use:

  • Strictly necessary Cookies — required to deliver the Website (for example, to load pages, secure sessions, and remember consent choices). These Cookies cannot be disabled.
  • Functional Cookies — to remember your preferences (for example, language).
  • Analytics Cookies — to understand how visitors use the Website and to improve content and design.
  • Marketing and advertising Cookies — to deliver content and ads relevant to you and to measure their effectiveness.

We use Cookies that are not strictly necessary only with your consent, where required by applicable law. You can manage your Cookie preferences at any time using the Cookie banner shown on your first visit and the “Cookie Settings” link in the Website footer, or by configuring your browser to refuse or delete Cookies. Disabli ng some Cookies may affect Website functionality. We honor browser-based opt-out signals (including Global Privacy Control (GPC) where required by applicable law.

8. International data transfers

We operate globally. Personal information we collect or process may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other countries that may not provide the same level of data-protection rights as your home jurisdiction. Where we transfer personal information from the EEA, the United Kingdom, or Switzerland to a country that has not been recognized by the European Commission, the UK Information Commissioner, or the Swiss Federal Data Protection and Information Commissioner (as applicable) as providing an adequate level of protection, we use the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, or another lawful transfer mechanism, together with supplementary safeguards where required. You may request a copy of the relevant transfer mechanism by emailing support@qevlar.com.

9. How long we keep your information

We keep personal information only for as long as needed for the purposes described in this Policy and to comply with applicable l egal, accounting, and regulatory requirements. We apply the following indicative retention periods:

Category Retention period
Website log files (IP address, browser data, page views) Up to 12 months from collection.
Cookie data Per the Cookie banner and the Cookies' individual lifetimes (typically 24 hours to 24 months); strictly necessary Cookies are deleted on session end.
Marketing-contact information (prospects) Up to 36 months from your last engagement with us, unless you withdraw consent earlier.
CRM and sales-account information (active customers and partners) For the duration of the relationship, plus the period required for legal-claim defense (generally up to 5 years after the end of the relationship).
Support tickets and related communications Up to 24 months from resolution, unless retention for a longer period is required to defend or pursue legal claims.
Account credentials and security logs Generally up to 12 months from collection; security-incident-related logs may be retained longer to support investigations.
Recruitment data (unsuccessful candidates) Up to 24 months from the end of the application process, unless you consent to a longer retention.
Personal data processed on behalf of customers (in the Services) Per the terms of the relevant customer agreement and Data Processing Agreement; generally deleted within 60 days following expiry or termination of the customer agreement, subject to legal-retention requirements.
Records required by law (e.g., tax, accounting) For the period required by applicable law (typically up to 10 years).

10. How we protect your information

We maintain a written information -security program based on the SOC 2 (Type II) framework and aligned with industry best practices. Our technical and organizational measures include:

  • Encryption of personal data in transit (TLS 1.2 or higher) and at rest (AES-256);
  • Role-based access control with least -privilege principles, multi -factor authentication for all access to production and administrative systems, regular access reviews, and joiner-mover-leaver procedures;
  • Network segmentation, web-application firewalls, vulnerability scanning, continuous security monitoring, and a documented secure-development lifecycle (including peer review and pre-production validation);
  • Independent third-party penetration testing on at least an annual basis, with remediation tracked against severity-based SLOs;
  • Documented incident-response, business-continuity, and disaster-recovery plans, tested at least annually;
  • Mandatory security and privacy training for all personnel, background screening (where lawful), and contractual confidentiality obligations.

No security controls are infallible. We invite you to report suspected vulnerabilities or incidents to security@qevlar.com.

11. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Right of access — to be informed of, and request a copy of, the personal information we hold about you;
  • Right of rectification — to ask us to correct inaccurate or incomplete personal information;
  • Right of erasure (the “right to be f orgotten”) — to ask us to delete your personal information in certain circumstances;
  • Right to restrict processing — to ask us to restrict the processing of your personal information in certain circumstances;
  • Right to data portability — to receive a structu red, commonly used, machine -readable copy of certain personal information you have provided to us, and to transmit it to another controller;
  • Right to object — to object to processing based on our legitimate interests, including direct marketing (you can opt out of marketing emails at any time using the unsubscribe link in the email or by contacting support@qevlar.com);
  • Right to withdraw consent — where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing performed before withdrawal;
  • Right not to be subject to a decision based solely on automated processing , including profiling, that produces legal or similarly significant effects on you (we do not currently make such decisions about you in our role as a controller);
  • Right to lodge a complaint with your supervisory authority (see Section 14).

To exercise any of these rights, please contact us at support@qevlar.com. We may need to verify your identity before responding, including by asking you to provide addit ional information. We will respond within the timeframes required by applicable law (generally within one month for EEA/UK requests, and within 45 days for California requests, in each case subject to permissible extensions). You may also authorize an agen t to make a request on your behalf. If our processing is being carried out on behalf of a customer (for example, because your personal information is in the customer’s tenant within the Services), please contact the relevant customer directly to exercise your rights; we will reasonably assist that customer in responding.

12. Additional rights for U.S. residents (California, and other states)

California. If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, “CCPA”), provides you with rights regarding your personal information, including the rights to:

  • Know / access — request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it;
  • Delete — request that we delete personal information we have collected from you, subject to certain exceptions;
  • Correct — request that we correct inaccurate personal information;
  • Opt out of sale or sharing — request that we not “sell” or “share” your personal information for cross - context behavioral advertising. While we do not sell personal information for money, c ertain Cookie - based advertising activities may qualify as “selling” or “sharing” under the CCPA. You can exercise this right using the “Your Privacy Choices” link in the Website footer or by enabling Global Privacy Control (GPC) in your browser;
  • Limit use of sensitive personal information — we do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA without a right to limit;
  • Non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

We have not sold (for monetary consideration) personal information of California residents in the preceding 12 months, and we do not knowingly sell or share the personal information of consumers under 16. We do not use automated decision -making technology that produces legal or similarly significant effects with respect to California residents.

Other U.S. states. Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, U tah, and Virginia may have similar rights under their state privacy laws (including rights to access, correct, delete, portability, opt out of targeted advertising and sale, and appeal a denial of a request). To exercise any of these rights, please email support@qevlar.com. If you are a California, Colorado, Connecticut, Delaware, Indiana, Iowa, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia resident, you (or your authorized agent) may appeal our denial of a privacy-rights request by emailing support@qevlar.com with the subject line “Privacy Rights Appeal.”

13. AI features and automated processing

Our Services use artificial intelligence and machine -learning models to analyze cybersecurity alerts, generate investigation reports, and sugg est remediation actions for our customers. Personal information we process through the Services on behalf of customers for those purposes is governed by our customer agreements and Data Processing Agreement.

When you interact with us as a controller (for example, when you visit our Website or contact us), we do not make decisions about you based solely on automated processing that produce legal or similarly significant effects on you. We may use limited automated tools — for example, lead-scoring tools applied to prospect data — but those tools do not make significant decisions on their own; human review is involved in any meaningful follow - up. We do not use personal information we collect as a controller to train third-party large language models or other AI models for the benefit of any third party. We may use anonymized or aggregated information for our own model-improvement and product-development purposes.

14. How to contact us; complaints

If you have a question or concern about this Policy or our processing of your personal information, please contact us:

  • Email: support@qevlar.com
  • EEA / UK / Switzerland controller: Qevlar AI, 15 rue Auguste Gervais, 92130 Issy-les-Moulineaux, France
  • U.S. controller: Qevlar AI Inc., 8 The Green, Suite A, Dover, DE 19901, United States

If you are located in the EEA, the United Kingdom, or Switzerland and you believe that our processing of your personal information violates applicable law, you have the right to lodge a c omplaint with your local supervisory authority. In France, the supervisory authority is the Commission nationale de l’informatique et des libertés (CNIL) (https://www.cnil.fr). In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO) (https://ico.org.uk). We would, however, appreciate the opportunity to address your concerns first.

15. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you by posting the updated Policy on the Website with a new “Effective Date” and, where required by applicable law, by other reasonable means (for example, an email notice or a Website banner). We encourage you to review this Policy periodically.

Home
>
Legal agreements
>
Privacy policy
Qevlar AI
ProductIntegrationsSOC & Vulnerability
SolutionsPhishingNetworkIdentityCloud
For MSSPsFor Enterprise
Company
AboutBlogWhitepapersCareersFAQ
Legal
Terms and conditionPrivacy policy
Book a demo call with us
Cross icon