qBud Privacy Policy

Last updated: June 4th, 2026

1. Introduction

At qBud, we place great importance on protecting your personal data. This privacy policy explains how we handle the information we collect and process about you. We strictly follow the guidelines of the General Data Protection Regulation (GDPR).

We recommend that you carefully read this document to understand how we safeguard your privacy.

2. Data Controller

qBud is an innovative company offering AI-powered software solutions for entrepreneurs. As the data controller, we are responsible for the processing of your personal data.

Company name
qBud B.V.
Chamber of Commerce (KVK)
98203851
Registered address
Schoollaantje 9, 2211CZ Noordwijkerhout
Website
www.qbud.ai
Email
[email protected]

2.1 Data Protection Officer

If you have questions about data protection or wish to exercise your rights, you may contact our Data Protection Officer (DPO) at: [email protected]

If the appointment of a DPO is not required under Article 37 GDPR, replace this with a designated privacy contact person.

3. What Data Do We Collect?

3.1 Visitors to our website

When you visit our website, we collect:

If you use our AI assistant or fill out our contact form, we also ask for:

3.2 Clients

For our clients, we process additional data necessary for our service provision, which may include:

The specific categories of personal data processed depend on the services used. Detailed information is provided in the applicable Data Processing Agreement (DPA) for each service.

3.3 Job applicants

If you apply for a job with us, we collect:

Under Article 6 GDPR, we process your personal data based on the following legal grounds:

Where we rely on legitimate interest, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may request details of this assessment at any time.

5. Purposes of Processing

We use your data for the following purposes:

6. How Long Do We Keep Your Data?

7. Sharing of Data

7.1 General policy

We only share your data when necessary for our service provision, when you have given consent, or when we are legally obliged to do so.

7.2 AI functionality

For our AI services, we share pseudonymized chat message data with the following providers:

Data shared with these providers is anonymized where possible, retained for a maximum of 30 days, and is not used to train their AI models.

7.3 Sub-processors

We use the following sub-processors to deliver our services. We have concluded data processing agreements with each of these parties.

Sub-processor Location Purpose
Anthropic PBC San Francisco, United States AI language model provider for AI assistant functionality
OpenAI LLC San Francisco, United States AI language model provider for AI assistant functionality
Google Ireland LTD Dublin, Ireland AI language model provider for AI assistant functionality
Scaleway SAS Paris, France AI model hosting and inference infrastructure
Moneybird B.V. Enschede, The Netherlands Bookkeeping and financial administration
Postmark (ActiveCampaign LLC) Chicago, United States Transactional email delivery
Cloudflare, Inc. San Francisco, United States Bot detection and abuse prevention (Cloudflare Turnstile)
TransIP B.V. Leiden, The Netherlands VPS hosting and server infrastructure
Microsoft Ireland Operations LTD Dublin, Ireland Email services (Microsoft 365)
HubSpot Ireland Limited Dublin, Ireland Customer relationship management (CRM)

7.4 Bot Protection (Cloudflare Turnstile)

To protect our website and AI assistant against automated abuse, spam, and fraud, we use Cloudflare Turnstile. When you interact with protected forms or our AI assistant, Turnstile may process technical signals such as your IP address, browser and device characteristics, and interaction data to verify that you are a human visitor. This processing is based on our legitimate interest in securing our services (Art. 6(1)(f) GDPR). For more information on how Cloudflare processes this data, please refer to Cloudflare's Turnstile Privacy Addendum.

7.5 International Data Transfers

Some of our sub-processors are located outside the European Economic Area (EEA), in particular in the United States. For these transfers, we rely on the following safeguards in accordance with Chapter V of the GDPR:

You may request a copy of the applicable transfer safeguards by contacting us.

8. Automated Decision-Making & Profiling

Our AI services assist users in generating content, insights, and recommendations. However, we do not engage in solely automated decision-making that produces legal effects or similarly significantly affects you within the meaning of Article 22 GDPR.

If this changes in the future, we will update this policy, inform affected individuals, and implement appropriate safeguards including the right to obtain human intervention, to express your point of view, and to contest the decision.

9. Your Rights

Under the GDPR, you have the following rights:

To exercise these rights, you can contact us at [email protected]. We will respond within 30 days.

9.1 Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Authority
Autoriteit Persoonsgegevens
Website
www.autoriteitpersoonsgegevens.nl
Phone
+31 (0)88 – 1805 250

10. Cookies

Our website does not use tracking or advertising cookies. We only use strictly necessary, first-party local storage required for the site to function (for example, remembering your language preference). For website statistics we use Umami, a self-hosted, privacy-friendly analytics tool that does not use cookies and collects only anonymous, aggregated data, so it does not track or identify individual visitors.

11. Newsletter

You can subscribe to our newsletter. For this, we only use your name and email address, and only after your explicit consent. Every newsletter contains an unsubscribe link. We use Postmark to send our newsletters.

12. Security

We take appropriate technical and organizational measures to protect your data against loss, theft, or unauthorized access. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training on data protection.

13. Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete such data.

14. Changes to This Privacy Policy

We reserve the right to modify this privacy policy. We will communicate significant changes via email and our website, with a two-month notice period. The date of the most recent update is shown at the top of this document.

15. Third-Party Websites

Our privacy policy does not apply to third-party websites we may link to. We recommend that you consult their privacy policy before using their services.

16. Questions or Complaints

Do you have questions about our privacy policy or how we handle your data? Please contact us at [email protected]. We aim to resolve any concern promptly.

At qBud, we are committed to protecting your privacy. We handle your data with care and strive for complete transparency in our processes. Together, we ensure safe and reliable service provision.