Last updated: May 3rd, 2026
At qBud, we place great importance on protecting your personal data. This privacy policy explains how we handle the information we collect and process about you. We strictly follow the guidelines of the General Data Protection Regulation (GDPR).
We recommend that you carefully read this document to understand how we safeguard your privacy.
qBud is an innovative company offering AI-powered software solutions for entrepreneurs. As the data controller, we are responsible for the processing of your personal data.
If you have questions about data protection or wish to exercise your rights, you may contact our Data Protection Officer (DPO) at: [email protected]
If the appointment of a DPO is not required under Article 37 GDPR, replace this with a designated privacy contact person.
When you visit our website, we collect:
If you use our AI assistant or fill out our contact form, we also ask for:
For our clients, we process additional data necessary for our service provision, which may include:
The specific categories of personal data processed depend on the services used. Detailed information is provided in the applicable Data Processing Agreement (DPA) for each service.
If you apply for a job with us, we collect:
Under Article 6 GDPR, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Service delivery to clients | Performance of a contract | Art. 6(1)(b) |
| Website analytics and optimization | Legitimate interest | Art. 6(1)(f) |
| AI assistant conversations | Consent / Contract performance | Art. 6(1)(a) / (b) |
| Newsletter and marketing | Consent | Art. 6(1)(a) |
| Job application processing | Pre-contractual steps / Consent | Art. 6(1)(b) / (a) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may request details of this assessment at any time.
We use your data for the following purposes:
We only share your data when necessary for our service provision, when you have given consent, or when we are legally obliged to do so.
For our AI services, we share pseudonymized chat message data with the following providers:
Data shared with these providers is anonymized where possible, retained for a maximum of 30 days, and is not used to train their AI models.
We use the following sub-processors to deliver our services. We have concluded data processing agreements with each of these parties.
| Sub-processor | Location | Purpose |
|---|---|---|
| Anthropic PBC | San Francisco, United States | AI language model provider for AI assistant functionality |
| OpenAI LLC | San Francisco, United States | AI language model provider for AI assistant functionality |
| Google Ireland LTD | Dublin, Ireland | AI language model provider for AI assistant functionality |
| Scaleway SAS | Paris, France | AI model hosting and inference infrastructure |
| Moneybird B.V. | Enschede, The Netherlands | Bookkeeping and financial administration |
| Postmark (ActiveCampaign LLC) | Chicago, United States | Transactional email delivery |
| TransIP B.V. | Leiden, The Netherlands | VPS hosting and server infrastructure |
| Microsoft Ireland Operations LTD | Dublin, Ireland | Email services (Microsoft 365) |
| HubSpot Ireland Limited | Dublin, Ireland | Customer relationship management (CRM) |
Some of our sub-processors are located outside the European Economic Area (EEA), in particular in the United States. For these transfers, we rely on the following safeguards in accordance with Chapter V of the GDPR:
You may request a copy of the applicable transfer safeguards by contacting us.
Our AI services assist users in generating content, insights, and recommendations. However, we do not engage in solely automated decision-making that produces legal effects or similarly significantly affects you within the meaning of Article 22 GDPR.
If this changes in the future, we will update this policy, inform affected individuals, and implement appropriate safeguards including the right to obtain human intervention, to express your point of view, and to contest the decision.
Under the GDPR, you have the following rights:
To exercise these rights, you can contact us at [email protected]. We will respond within 30 days.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority:
We use cookies on our website. For more information about this, please refer to our separate cookie policy.
You can subscribe to our newsletter. For this, we only use your name and email address, and only after your explicit consent. Every newsletter contains an unsubscribe link. We use Postmark to send our newsletters.
We take appropriate technical and organizational measures to protect your data against loss, theft, or unauthorized access. These measures include encryption in transit and at rest, access controls, regular security assessments, and staff training on data protection.
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete such data.
We reserve the right to modify this privacy policy. We will communicate significant changes via email and our website, with a two-month notice period. The date of the most recent update is shown at the top of this document.
Our privacy policy does not apply to third-party websites we may link to. We recommend that you consult their privacy policy before using their services.
Do you have questions about our privacy policy or how we handle your data? Please contact us at [email protected]. We aim to resolve any concern promptly.
At qBud, we are committed to protecting your privacy. We handle your data with care and strive for complete transparency in our processes. Together, we ensure safe and reliable service provision.