← Home

Last updated: March 31, 2026

Privacy Policy

This policy describes our practices for the QAflow service at qaflow.io. It is not legal advice. Have counsel review it for your jurisdiction and use case.

1. Who we are

The Service is operated by QA Media Group LLC, doing business as QAflow (“QAflow,” “we,” “us,” or “our”). Contact: support@qaflow.io.

2. What this policy covers

This Privacy Policy applies to information we process when you visit our website, create an account, use QAflow (including trials), or otherwise interact with us in connection with the Service. It does not apply to third-party sites or services that we link to or that you connect to QAflow (for example, your telephony provider), except as described in Section 6.

3. Information we collect

Depending on how you use QAflow, we may collect:

  • Account and profile data. Name, email address, authentication identifiers, workspace or company name, roles, and similar account metadata you or your administrator provide.
  • Customer content (“Content”). Audio, video, or other call recordings you or your organization upload or that we ingest through integrations you authorize; transcripts; QA scores, notes, rubrics, coaching outputs, and other materials you store in the Service.
  • Integration and technical data. Tokens, webhook payloads, extension or agent identifiers, and configuration needed to operate integrations (for example, connecting telephony or webhooks), plus logs, device/browser type, IP address, timestamps, and diagnostic data used to operate and secure the Service.
  • Billing data. Payment-related information is processed by our payment processor (for example, Stripe); we receive limited billing metadata (such as subscription status, seat counts, and transaction references), not full card numbers.
  • Communications. Messages you send us (for example, support requests) and related correspondence.

4. How we use information

We use information to:

  • Provide, operate, maintain, and improve QAflow;
  • Authenticate users, enforce access controls, and secure the Service;
  • Perform transcription, AI-assisted grading, coaching, reporting, alerts, and other product features you enable, including routing Content to model providers as described in Section 6;
  • Process payments, manage trials and subscriptions, and communicate about billing or operational notices;
  • Respond to support requests and communicate about the Service;
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms or policies; and
  • Comply with law, enforce our agreements, and protect rights and safety.

We do not sell your personal information in the traditional sense. We may use aggregated or de-identified data that does not identify you for analytics, security, and product improvement.

5. Legal bases (where applicable)

If laws such as the GDPR or UK GDPR apply, we rely on one or more of: (a) performance of a contract with you or your organization; (b) our legitimate interests in operating, securing, and improving QAflow (balanced against your rights); (c) your consent where required; and (d) legal obligations.

6. How we share information

We may share information with:

  • Service providers and subprocessors who process data on our behalf and under our instructions, such as hosting, email delivery, authentication, logging, analytics, security, and customer support tools.
  • AI and communications vendors where needed to provide product functionality. For example, audio you submit for processing may be sent to OpenAI for transcription and related language-model operations; optional product areas may use additional model providers (such as Anthropic) when those features are enabled in your deployment or workspace configuration.
  • Payment processors (for example, Stripe) to complete transactions.
  • Your organization, administrators, and other users in the same workspace as permitted by your account settings and their roles.
  • Professional advisers, regulators, and authorities when required by law or necessary to protect rights, safety, and the integrity of the Service.
  • Business transfers, such as a merger, acquisition, or asset sale, subject to appropriate confidentiality and continuity obligations.

Third-party integrations (for example, telephony or CRM systems) are configured by you or your admin. Their use of data is governed by their own terms and privacy policies.

7. Retention

We retain information for as long as necessary to provide the Service, comply with law, resolve disputes, and enforce our agreements. Retention periods may depend on your workspace settings, backups, and legal holds. You or your administrator may delete certain Content within the product where such features are available; residual copies may persist for a period in backups or logs.

8. Security

We implement technical and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; you use the Service at your own risk.

9. International transfers

We are based in the United States and may process information in the U.S. and other countries where we or our providers operate. If we transfer personal data from regions that require safeguards, we use appropriate mechanisms (such as Standard Contractual Clauses) where required.

10. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, or export personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. To exercise rights, contact support@qaflow.io. We may need to verify your request. If you are part of an organizational account, your admin may need to act on your behalf for certain data.

California. California residents may have additional rights under the CCPA/CPRA. We do not “sell” or “share” personal information as those terms are defined for targeted advertising. You may request disclosure or deletion as provided by law.

Cookies and similar technologies. We use cookies and similar technologies for authentication, security, preferences, and basic analytics. You can control cookies through browser settings.

11. Children

QAflow is not directed to children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

12. Changes

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. If changes are material, we will provide notice as required by law or as we otherwise deem appropriate.

13. Contact

QA Media Group LLC (dba QAflow) · support@qaflow.io

Questions: support@qaflow.io. See also Privacy · Terms.