Legal

Privacy Policy

Last updated: 4 April 2026

1. Introduction

Quana LLP ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform and related services (the "Service"). Quana LLP is operated from Bengaluru, Karnataka, India.

By using our Service, you consent to the collection and use of your information in accordance with this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information you provide:

  • Account registration details (name, email address, password).
  • Profile information and organisational account details.
  • Billing and payment information (processed by our third-party payment processors; we do not store full card details).
  • Communications you send to us (contact forms, support requests, feedback).
  • Content and data you upload or create within the Service.

Information collected automatically:

  • Device and browser information (type, version, operating system).
  • IP address and approximate geographic location.
  • Usage data (pages visited, features used, time spent, clicks).
  • Cookies and similar tracking technologies.
  • Log data (access times, referring URLs, error logs).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process transactions and manage subscriptions.
  • To personalise your experience and improve the Service.
  • To communicate with you (transactional emails, updates, support).
  • To detect, prevent, and address fraud, abuse, or security issues.
  • To comply with legal obligations and enforce our Terms.
  • To conduct analytics and research to improve our products.

4. Legal Basis for Processing

Under applicable Indian law, including the Digital Personal Data Protection Act, 2023 (DPDPA), and the Information Technology Act, 2000, we process your personal data on the following bases:

  • Consent: Where you have given explicit consent for a specific purpose.
  • Contractual necessity: Where processing is necessary to perform our agreement with you.
  • Legitimate interest: Where processing is necessary for our legitimate business interests, provided it does not override your rights.
  • Legal obligation: Where processing is required to comply with applicable law.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

  • Service providers: Trusted third parties who assist in operating the Service (hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data.
  • Legal requirements: When required by law, court order, or governmental request, or to protect the rights, property, or safety of Quana LLP, its users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
  • With your consent: When you have explicitly authorised us to share your information.

6. Data Storage & Security

Your data is stored on secure servers. We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures) Rules, 2011, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Access controls and authentication measures.
  • Regular security audits and vulnerability assessments.
  • Secure backup and disaster recovery procedures.

While we take all reasonable measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law. When data is no longer needed, it is securely deleted or anonymised.

Specific retention periods:

  • Account data: retained for the duration of your account and up to 90 days after deletion.
  • Transaction records: retained for a minimum of 8 years as required under Indian tax and commercial law.
  • Log data: retained for up to 12 months.

8. Your Rights

Under the DPDPA 2023 and applicable law, you have the right to:

  • Access: Request a summary of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Withdraw consent: Withdraw previously given consent at any time.
  • Grievance redressal: Lodge a complaint with our Data Protection Officer or the Data Protection Board of India.
  • Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact us through our contact form.

9. Cookies & Tracking

We use cookies and similar technologies to enhance your experience. Types of cookies we use:

  • Essential cookies: Required for the Service to function (session management, authentication, security).
  • Analytics cookies: Help us understand usage patterns and improve the Service.
  • Preference cookies: Remember your settings and customisations.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Cross-Border Data Transfers

Your data is primarily stored and processed in India. In certain cases, data may be transferred to or processed in other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for such transfers in compliance with applicable Indian data protection law.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date and, where appropriate, notifying you via email or the Service. Continued use constitutes acceptance of the revised Policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA 2023, the details of our Grievance Officer / Data Protection Officer are:

Grievance Officer

Quana

Bengaluru, Karnataka, India

Contact: Contact Form

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days.