Privacy Policy

Version 2.0 - Effective July 8, 2026

This Privacy Policy explains how Quissly handles personal data. "Quissly", "we", "us" means Quissly, Inc., a Delaware corporation (USA), together with its affiliates. The controller of your personal data is Quissly, Inc.; where you contract with a Quissly affiliate under an Order Form, that affiliate is the controller of the related account and billing data. Our services include QSearch (AI-based product search) and QChat (AI chat assistant), delivered to business customers who deploy them on their own websites and applications (the "Services").

1. Our Two Roles

We handle personal data in two distinct roles, and your rights and the applicable terms depend on which role applies to you:

(a) Quissly as controller. For visitors to our own website (quissly.com), for prospective customers who contact us, and for our customers' account and Admin Panel users, Quissly determines how and why personal data is processed. This Privacy Policy governs that processing.

(b) Quissly as processor. When you interact with QSearch or QChat on a customer's website or application (for example, searching a store's catalog or chatting with a store's assistant), that customer is the controller of your personal data, and Quissly processes it on the customer's behalf and instructions, under a Data Processing Agreement. If you are an end user of a customer's website, the customer's own privacy policy governs; please direct privacy inquiries to that customer. We describe our processor-side practices in Sections 7 and 8 for transparency, and we assist our customers in responding to your requests.

2. Data We Collect as Controller

Website visitors and prospects: contact details you provide (name, email, phone, company), the content of your inquiries, and technical data collected automatically (IP address, browser type, device information, pages visited, referral source) via cookies and similar technologies.

Customer account and Admin Panel users: name, business email, role and permissions, authentication data, activity logs within the Admin Panel, billing and invoicing details, and communications with our support.

3. How We Use Data as Controller

We use this data to: provide, operate, secure, and support the Services and our website; create and administer customer accounts; process billing and payments; communicate about the Services, including service and legal notices; respond to inquiries; send marketing communications where permitted (you can opt out at any time); analyze and improve our website and Services; and prevent fraud, abuse, and security incidents.

Depending on the context, our legal bases are: performance of a contract (or steps at your request before entering one), our legitimate interests (running, securing, and improving our business and Services), your consent where required (for example, certain cookies or marketing), and compliance with legal obligations.

4. Sharing

We do not sell personal data. We share it only with: (a) service providers (sub-processors) who support our infrastructure and Services under contracts that restrict their use of the data - the categories are hosting and cloud infrastructure, AI model providers, vector database hosting, email and communications tooling, and payment/billing providers; the current list of sub-processors used to deliver the Services is maintained in our Data Processing Agreement at https://www.quissly.com/legal/dpa; (b) professional advisors under confidentiality; (c) authorities where disclosure is required by law or necessary to protect rights and safety; and (d) a successor entity in connection with a merger, acquisition, or asset sale, with notice where required. We also share personal data within the Quissly group (between Quissly, Inc. and its affiliates) as needed to deliver, support, and administer the Services and our business, under intra-group data protection terms.

5. AI Processing

The Services use large language models and machine learning systems, including models provided by third-party AI providers, to process queries and generate responses. Inputs are processed to deliver the requested functionality. We do not use personal data processed on behalf of our customers to train or fine-tune models. We may use aggregated, de-identified data that no longer identifies any person to improve the Services.

6. International Transfers

Our infrastructure runs primarily on Google Cloud Platform, personal data is shared within the Quissly group between the United States and Georgia, and some sub-processors process data in the European Union and the United States. Where personal data is transferred internationally, we use lawful transfer mechanisms and contractual safeguards consistent with applicable data protection law.

7. Security

We maintain technical and organizational measures appropriate to the risk, including encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access controls with mandatory multi-factor authentication on critical systems, access on a need-to-know basis under confidentiality undertakings, audit logging, and anomaly alerting. No system is perfectly secure; we notify affected parties of personal data breaches as required by applicable law and our contractual commitments.

8. Retention

We keep personal data only as long as needed for the purposes described here: account data for the life of the account plus the period required for legal, tax, and accounting obligations; prospect and inquiry data for as long as relevant to the relationship or as required by law; technical logs for limited operational periods. Data we process on behalf of customers is retained and deleted according to the customer's instructions and the Data Processing Agreement, including deletion following termination of the customer's subscription.

9. Your Rights

Subject to applicable law - including the Law of Georgia on Personal Data Protection and, where applicable, the GDPR - you may request access to your personal data, rectification, erasure, restriction of processing, portability, and object to processing, and you may withdraw consent where processing is based on consent, without affecting prior processing. To exercise these rights, contact privacy@quissly.com. If you are an end user of a customer's website, we will refer your request to that customer and assist them in responding. You also have the right to lodge a complaint with the competent supervisory authority (in Georgia, the Personal Data Protection Service).

10. Cookies

Our website uses cookies and similar technologies for functionality, analytics, and improving the site. You can control cookies through your browser settings; disabling some cookies may affect site functionality. Our website does not currently respond to "Do Not Track" browser signals.

11. Children

Our website and Services are intended for business use and are not directed to children under 18. We do not knowingly collect personal data from children as controller.

12. Changes

We may update this Privacy Policy from time to time. Each version carries a version number and effective date, and prior versions remain available via https://www.quissly.com/legal/changelog. For material changes, we will provide notice by email or via the Services before the change takes effect.

13. Contact

Privacy inquiries and rights requests: privacy@quissly.com

Quissly, Inc., a Delaware corporation Address: 131 Continental Drive, Suite 301, Newark, DE 19713, USA