Privacy Policy

Last Updated: November 21, 2025

At OnlineQDA, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our qualitative data analysis platform. Please read this policy carefully.

1. Information We Collect

1.1 Personal Information

When you register for OnlineQDA, we collect:

• Email Address: Used for account creation, login, and communication
• Google Profile Information: If you sign in with Google OAuth (name, email, profile picture)
• Payment Information: Processed securely by our payment provider (Paddle/Stripe) - we never store your credit card details
• Subscription Plan: Your current plan (Free, Pro, Academic) and subscription end date

1.2 Research Data and Content

OnlineQDA stores your research content, including:

• Project names and descriptions
• Documents uploaded (text files, PDFs, notes)
• Codes and categories you create
• Visualizations and analysis results
• File metadata (upload date, file size, file type)

Important: This is YOUR data. We do not access, read, or use your research content for any purpose other than providing you the service.

1.3 Usage Data

We automatically collect certain information when you use OnlineQDA:

• Log Data: IP address, browser type, operating system, pages visited
• Activity Data: Actions taken (project created, document uploaded, code created)
• Session Data: Login times, logout times, session duration
• Device Information: Device type, screen resolution, language preference

1.4 Cookies and Tracking Technologies

We use essential cookies for:

• Authentication: Session cookies to keep you logged in
• Preferences: Remembering your settings and interface preferences
• Security: Preventing fraudulent activity and protecting your account

We do NOT use:

• Third-party advertising cookies
• Social media tracking pixels
• Cross-site tracking technologies

2. How We Use Your Information

2.1 To Provide the Service

• Create and manage your account
• Store and process your research data
• Enable features like visualization and collaboration
• Process payments and manage subscriptions
• Provide customer support

2.2 To Improve the Service

• Analyze usage patterns (anonymized) to improve features
• Fix bugs and optimize performance
• Develop new features based on user needs
• Monitor service uptime and reliability

2.3 To Communicate with You

• Send account-related notifications (password reset, subscription expiry)
• Respond to your support requests
• Send important service updates (with option to opt-out of non-essential emails)
• Request feedback on your experience (optional)

2.4 For Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations and law enforcement requests
• Protect the rights and safety of our users and platform

3. How We Share Your Information

3.1 With Service Providers

We share limited information with trusted third-party service providers who help us operate OnlineQDA:

Service Provider	Purpose	Data Shared
Google OAuth	Authentication	Email, name, profile picture
Paddle/Stripe	Payment processing	Email, payment details
Cloud Hosting Provider	Data storage and hosting	All account and research data (encrypted)
Email Service	Transactional emails	Email address, name

All service providers are bound by strict confidentiality agreements and only process data on our behalf.

3.2 With Academic Institutions

For Academic plan users, we may share account information with your institution's administrators for:

• Billing and payment management
• User access management
• Usage reporting and analytics

We never share your research content with your institution unless you explicitly choose to collaborate.

3.3 For Legal Compliance

We may disclose your information if required by law or in response to:

• Valid legal requests (subpoenas, court orders)
• Law enforcement investigations
• Protection of our legal rights
• Prevention of fraud or illegal activity

3.4 Business Transfers

If OnlineQDA is acquired or merged with another company, your information may be transferred to the new owner. You will be notified of any such change.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmission uses SSL/TLS encryption (HTTPS)
• Encryption at Rest: Database and file storage are encrypted
• Access Controls: Role-based access and principle of least privilege
• Authentication: Secure password hashing (bcrypt) and OAuth 2.0
• Regular Backups: Daily automated backups with encryption
• Security Monitoring: Continuous monitoring for suspicious activity
• Firewall Protection: Network-level security and intrusion detection

4.2 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify you within 72 hours of discovery
• Explain what data was compromised
• Describe steps we're taking to address the breach
• Provide recommendations to protect your account

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active and as necessary to provide you service.

5.2 Account Deletion

When you delete your account:

• Immediate: Your account is deactivated and inaccessible
• Within 30 days: All personal data and research content are permanently deleted
• Backups: Data may persist in backups for up to 90 days (encrypted and inaccessible)
• Legal Retention: Some data may be retained if required by law (e.g., payment records for tax purposes)

5.3 Inactive Accounts

If your account is inactive for 2 years, we may:

• Send you a notification email
• Delete your account and data after 30 days if no response

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Export: Download your research data in standard formats
• Portability: Transfer your data to another service

Contact us at onlineqda@gmail.com to request your data.

6.2 Correction and Update

You can update your account information at any time through your account settings. For assistance, contact us.

6.3 Deletion

You have the right to delete your account and all associated data. This action is permanent and cannot be undone.

6.4 Opt-Out of Communications

You can opt out of non-essential emails by:

• Clicking "unsubscribe" in any email
• Updating your email preferences in account settings

Note: You cannot opt out of essential account-related emails (e.g., password reset, security alerts).

6.5 Object to Processing

You can object to certain types of data processing. Contact us to discuss your specific concerns.

7. International Data Transfers

OnlineQDA is hosted on servers located in [Your Server Location]. If you access our service from outside this region, your data will be transferred internationally.

We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Privacy Shield certification (where applicable)
• Encryption in transit and at rest

8. Children's Privacy

OnlineQDA is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

If we discover that a child under 13 has provided us with personal information, we will:

• Delete the account immediately
• Permanently erase all associated data
• Notify the parent or guardian (if contact information is available)

If you believe a child under 13 has created an account, please contact us immediately.

9. Third-Party Links

OnlineQDA may contain links to external websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any personal information.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your data based on:

• Contract: To provide the service you signed up for
• Legitimate Interest: To improve our service and prevent fraud
• Consent: For optional communications and features
• Legal Obligation: To comply with applicable laws

10.2 GDPR Rights

Under GDPR, you have the right to:

• Be informed about data processing (this policy)
• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Lodge a complaint with your local data protection authority

10.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: onlineqda@gmail.com

11. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

11.1 Your CCPA Rights

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (note: we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

11.2 Categories of Data Collected

• Identifiers (email, name)
• Internet activity (usage data, logs)
• Professional information (for Academic users)
• Payment information (processed by third parties)

11.3 How to Exercise Your Rights

California residents can exercise their rights by:

• Emailing us at onlineqda@gmail.com
• Using the "Delete Account" feature in account settings

We will respond to your request within 45 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal or regulatory requirements
• New features or services

When we make material changes:

• We will update the "Last Updated" date
• We will notify you via email
• We may display a prominent notice in the application

Continued use of OnlineQDA after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us