Privacy Policy

Last updated: November 2025

Quandify AB (“Quandify”, “we”, “our”, “us”) is committed to protecting your privacy.

This Policy explains what data we collect, how we use it, and what rights you have when using Quandify devices, the Quandify App, and the Quandify Platform (“Services”).

1. Who we are

Quandify AB
Gustavslundsvägen 151E
167 51, Bromma, Sweden
Organisation No. 559134-5904

Support
support@quandify.com

Privacy
privacy@quandify.com

Website
https://quandify.com

Quandify acts as:

  • Data Controller for consumer accounts;
  • Data Processor for Business Customers who control end-user data (under a Data Processing Agreement).

2. Personal data we collect

We collect the minimum information necessary to provide the Services.

Account data
Example: Name, email address, password (hash), username
Legal basis (GDPR): Art. 6 (1)(b)

Device data
Example: Sensor measurements (e.g., flow, temperature, diagnostics, alerts), firmware version, serial number
Legal basis (GDPR Art.): Art. 6 (1)(b)

App & usage data
Example: App settings, notification preferences, connectivity status, logs (≤ 30 days)
Legal basis (GDPR): Art. 6 (1)(f)

Support & communication
Example: Emails or chat messages with Quandify support
Legal basis (GDPR): Art. 6 (1)(b)/(f)

Business Customer data
Example: Company name, VAT, billing details, contact persons
egal basis (GDPR): Art. 6 (1)(b)

Marketing (optional)
Example: Email address for updates or newsletters (if opt-in)
Legal basis (GDPR): Art. 6 (1)(a)

We do not collect payment-card data directly; payments are processed through certified third-party providers.

3. Why we process your data

We use data only for legitimate purposes:

Provide and operate the Services
Device connectivity, analytics, and user interface.

Detect and notify events
Such as leak alarms, abnormal readings, or system faults.

Maintain security and integrity Authentication, logging, and fraud prevention.

Improve performance
Anonymised statistics and aggregated analysis.

Customer support
Toubleshooting and service communications.

Legal and compliance
Warranties, record-keeping, and regulatory requests.

Marketing (only with consent)
Product updates and surveys.

Quandify does not sell, rent, or trade personal data.

4. How data is stored and secured

Hosting region
All personal and device data are stored within the European Economic Area (EEA) in secure cloud data centres.

Encryption
Quandify uses industry-standard encryption and security measures to protect information during transmission and storage. This includes established methods for encrypting data, authenticating users and devices, and monitoring system integrity.

Backups & redundancy
Encrypted backups are maintained regularly within to ensure service continuity and disaster recovery.

Access controls
Data access is limited to authorised personnel following role-based permissions and logged administrative actions.

Device security
Each Quandify device communicates through secure, authenticated channels and is designed to prevent unauthorised access or tampering.

5. Data retention

Account identifiers (email, username)
Retention period: While account is active
Action after expiry: Deleted or anonymised

Device logs
Retention period: ≤ 30 days
Action after expiry: Deleted automatically

Sensor / usage data
Retention period: Life of account, then anonymised for aggregate analytics
Action after expiry: Anonymised

Support tickets
Retention period: > 24 months
Action after expiry: Deleted or archived for legal claims

Business billing records
Retention period: 7 years (as required by Swedish law)
Action after expiry: Archived / deleted after limit

We retain personal data no longer than necessary for the purposes stated, in line with GDPR Art. 5(1)(e).

6. Data sharing and recipients

We share data only when necessary:

Cloud service providers
Purpose: Hosting, storage, data transfer (EEA)
Safeguard: GDPR Art. 28 DPAs in place

Technical support partners
Purpose: Maintenance and troubleshooting
Safeguard: Restricted access

Business Customers
Purpose: Where they control end-user data (e.g., property deployments)
Safeguard: Data Processing Agreement

Public authorities
Purpose: Legal obligations or lawful requests
Safeguard: Only if required by law

We do not transfer personal data outside the EEA unless adequate protection is ensured (Art. 46 GDPR Standard Contractual Clauses).

7. User rights

You have the following rights under GDPR:

Access
Request a copy of your data.

Rectification 
Correct inaccurate data.

Erasure
Delete data when no longer needed (Art. 17).

Restriction
Temporarily limit processing.

Portability
Receive data in a structured format.

Objection
Opt out of processing based on legitimate interest.

Withdraw consent
At any time for optional features.

To exercise these rights, contact privacy@quandify.com. Quandify will respond within 30 days (extendable by 2 months for complex requests). If you believe your rights are violated, you may lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

8. Business Customers and controllers

For corporate deployments:

  • Quandify acts as processor; the Business Customer is controller.
  • A Data Processing Agreement (DPA) specifies roles, retention, and security measures.
  • Business Customers must ensure their end-users receive privacy information and can exercise rights.

9. Cookies and tracking

Our website and app use essential cookies for security and session management. Non-essential analytics or marketing cookies are used only with consent. You can change preferences at any time in your browser or device settings.

10. Children’s privacy

Quandify Services are not intended for children under 16. We do not knowingly collect data from minors. If you believe a child has provided data, contact us for immediate deletion.

11. Data Act information obligations

In accordance with EU Data Act Article 3(2), Quandify provides clear information on:

  • categories and formats of data generated by Quandify devices,
  • access and retrieval methods via the Quandify App and support channels,
  • storage location (EEA cloud centres), security measures, and retention periods,
  • users’ rights to port, delete, and share data with third parties at their request.

12. Changes to this Policy

Quandify reserves the right to modify this Privacy Policy at any time. Any changes will be posted on this page and will apply to all new orders placed after the changes are published. We recommend that you review these terms periodically to stay informed.

13. Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

14. Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

15. Contact us

Quandify AB
Gustavslundsvägen 151E
167 51, Bromma, Sweden
support@quandify.com
privacy@quandify.com