Privacy Policy
Effective date: June 27, 2026
This Privacy Policy explains how Qoat, LLC ("Qoat", "we", "us") collects, uses, and protects information in connection with the Qoat operational alignment platform and the qoat.ai website (the "Service"). Questions: align@qoat.ai.
1. Information we collect
- Account & access-request information — name, email address, and company name you provide when requesting access or when an administrator creates your account.
- Organization & CRM data you enter — organizations, contacts, opportunities, and notes you add to the platform.
- Assessment data — responses, scores, and the analysis derived from them (drift, continuity, findings).
- Authentication data — a securely hashed (bcrypt) password and single-use, time-limited setup/reset tokens. We never store passwords in plain text.
- Technical & usage data — server logs, IP addresses, and error/diagnostic reports used to operate, secure, and troubleshoot the Service.
2. What we do not collect
- No payment or financial card data. We do not collect or store credit-card or bank-account information. Payments for invoiced professional-services engagements are processed by Square (see Service providers below); your card details go to Square, not to Qoat.
- No advertising or cross-site tracking cookies. The Service does not use third-party advertising trackers.
3. How we use information
- To provide, maintain, and improve the Service.
- To authenticate users and secure accounts.
- To send transactional email (e.g., welcome, password setup/reset). We do not send marketing email without consent.
- To monitor, debug, and protect the Service against abuse.
4. Cookies & local storage
The platform stores your authentication token in your browser's local storage to keep you signed in; this is not a tracking cookie. The marketing site loads web fonts from Google Fonts, which may expose your IP address to Google when the page loads.
5. Service providers (sub-processors)
We share data with a limited set of vendors strictly to operate the Service:
- Railway — application hosting and PostgreSQL database.
- Resend — delivery of transactional email.
- Cloudflare — DNS for qoat.ai.
- Sentry — error monitoring (configured to minimize personal data).
- Google Workspace — our business email (e.g., align@qoat.ai).
- Square — payment processing for invoiced professional-services engagements. Square receives the billing details needed to process your payment; Qoat does not receive your card or bank-account numbers.
6. Data retention
We retain information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Deactivated records are retained per our internal retention practices.
7. Security
We protect data with encryption in transit (TLS), hashed credentials (bcrypt), role-based access controls, per-organization data scoping, rate-limiting on authentication endpoints, and regular database backups. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
8. Your rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information. To make a request, contact align@qoat.ai.
9. International data transfers
Our providers may process data in the United States and other countries.
10. Children
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect information from children.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the effective date and, where appropriate, by notice. The current version is maintained under version control.
12. Contact
Qoat, LLC · align@qoat.ai