Privacy Policy
This Privacy Policy describes how Quintessentia Network Inc. (“we,” “us”), operating the IMS (Incident Monitoring System) marketing site and live console, collects and uses information.
1. Who we are
Quintessentia Network Inc. is a Canadian corporation operating two surfaces under the Quintarthai brand:
- Marketing site — ims.quintarthai.com and quintarthai.com/ims/
- Live console — quintarthai.com/tracker
This Privacy Policy covers the marketing site and lead-capture form. The live console has its own data-handling policy disclosed at sign-up.
2. What we collect on the marketing site
2.1 Information you provide
- If you submit the contact form: name, work email, organisation, role, and your written use case. All fields are voluntary.
2.2 Information collected automatically
- Server access logs (nginx) — IP address, timestamp, requested path, response code, referrer, user-agent. Retained 30 days.
- Analytics beacon (
/ims-api/track) — event name (e.g.tour_tab_click,pdf_download), the path on which it fired, and the referring URL. No cookies. No fingerprinting. IP is logged only to the standard nginx access log (point above).
2.3 What we do not collect
- No tracking cookies. The site sets zero cookies.
- No behavioural fingerprinting.
- No third-party advertising or marketing tags.
- No facial recognition. No PII scraping. (These promises also apply to the live console product.)
3. Why we collect it (legal basis under GDPR)
- Lead form data — to respond to your enquiry and pursue a possible business relationship. Legal basis: your consent (by clicking submit) and our legitimate interest in operating a B2B sales process.
- Server logs — to operate, secure, and debug the site. Legal basis: legitimate interest.
- Analytics beacon — to understand which sections of the page work for visitors. Legal basis: legitimate interest; the data collected is non-identifying.
4. How long we keep it
- Lead form submissions — 24 months from last contact, then deleted.
- nginx access logs — 30 days, then rotated and deleted.
- Analytics events log — 90 days, then rotated and deleted.
5. Who we share it with
We do not sell, rent, or trade your information.
Sub-processors with access to data on your behalf:
- Hostinger International Ltd. — VPS hosting (Lithuania / EU). All data encrypted at rest.
- Let's Encrypt (ISRG) — TLS certificate issuance. No personal data shared; only the domain name.
If we add sub-processors handling your personal data, we will update this list before the change takes effect.
6. Where your data lives
Today: EU (Hostinger). EU data residency on dedicated infrastructure is available on contract for institutional buyers.
Cross-border transfers, if any, are governed by Standard Contractual Clauses (SCCs).
7. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Object to or restrict processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with your data-protection authority
Exercise any of these by emailing privacy@quintarthai.com. We respond within 30 days.
8. Security
- TLS 1.3 in transit (verifiable via SSL Labs)
- AES-256 at rest on the server
- Strict Content-Security-Policy on every page
- Privacy by design: no facial recognition, no PII scraping, public sources only
9. Children
The marketing site and the IMS product are not directed at children under 16. We do not knowingly collect personal information from children.
10. Changes to this Policy
Material changes will be flagged on this page with a new “last updated” date and, where significant, by email to anyone who has previously contacted us. Cosmetic edits (typos, link fixes) will be silent.
11. Contact
Privacy questions: privacy@quintarthai.com
Security disclosures: security.txt
Postal address available on request.
This page is a draft pending review by external counsel. The data-handling commitments above are operationally accurate as of the “last updated” date.