Privacy Policy

Last updated: December 29, 2025

Introduction

Tesseran QMS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our quality management system platform and website (collectively, the "Service").

This policy applies to all users of Tesseran QMS, including visitors to our website, trial users, and paying customers. By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account or sign up for our Service, we collect:

  • Name and email address
  • Company name and role
  • Billing information (processed securely through our payment processor)
  • Authentication credentials (stored securely using industry-standard encryption)

Product Usage Data

When you use Tesseran QMS, we automatically collect:

  • Actions performed within the platform (document uploads, approvals, workflow steps)
  • System logs and error reports
  • IP addresses and device information
  • Session data and timestamps
  • Audit trail information (required for compliance)

Content You Upload

You control the documents, records, and data you upload to Tesseran QMS. We store and process this content solely to provide the Service. We do not access, read, or analyze your content except as necessary to:

  • Store and deliver it to you and authorized users
  • Maintain version control and audit trails
  • Provide technical support when requested
  • Comply with legal obligations

Website Usage Information

When you visit our website, we may collect:

  • Cookies and similar tracking technologies
  • Analytics data (page views, time spent, referral sources)
  • Information you provide through contact forms or support requests

How We Use Your Information

We use the information we collect to:

  • Provide and secure the Service: Operate Tesseran QMS, authenticate users, enforce access controls, and maintain system security
  • Process transactions: Handle billing, subscription management, and payment processing
  • Communicate with you: Send service updates, security alerts, support responses, and billing notifications
  • Improve our Service: Analyze aggregated, anonymized usage patterns to enhance features and fix bugs
  • Comply with legal obligations: Maintain audit trails, respond to legal requests, and meet regulatory requirements
  • Prevent fraud and abuse: Detect and prevent unauthorized access, security threats, and violations of our Terms of Service

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Sub-Processors and Data Sharing

We work with trusted service providers to operate Tesseran QMS. These sub-processors handle data only as necessary to provide the Service:

Infrastructure Providers

  • Render.com: Application hosting and compute infrastructure (SOC 2–certified)
  • Supabase: Database services, authentication, and document/file storage (hosted on SOC 2–certified infrastructure, encrypted at rest)

Service Providers

  • Payment Processors: Stripe (for billing and subscription management)
  • Email Services: For transactional emails and notifications
  • Analytics: Aggregated, anonymized website usage data

All sub-processors are contractually required to maintain appropriate security measures and use data only for the purposes specified. We do not share your content or personal information with third parties except as described in this policy or with your explicit consent.

We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access control (RBAC) with granular permissions
  • Infrastructure: Hosted on SOC 2–certified infrastructure providers
  • Audit Logging: Comprehensive, tamper-evident audit trails for all system actions
  • Data Isolation: Multi-tenant architecture with logical data separation per company
  • Authentication: Enterprise-grade JWT authentication through Supabase Auth

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry best practices.

Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Active Accounts: Data is retained while your account is active and for 30 days after cancellation
  • Trial Accounts: Trial data is retained for 30 days after trial expiration
  • Audit Trails: Compliance-related audit logs may be retained longer as required by regulatory requirements (e.g., FDA, ISO standards)
  • Legal Requirements: We may retain certain data longer if required by law, court order, or regulatory compliance

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal or compliance purposes.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and Correction

You can access and update your account information at any time through your profile settings in Tesseran QMS.

Data Deletion

You can request deletion of your account and associated data by contacting us at contact@quokka-analytics.dev. Note that we may retain certain information as required by law or for compliance purposes.

Data Export

You can export your data in standard formats (PDF, CSV, JSON) through the Service. Contact support for assistance with bulk exports.

Opt-Out

You can opt out of marketing communications by clicking the unsubscribe link in emails or updating your preferences in your account settings. You cannot opt out of essential service communications (security alerts, billing notifications).

Cookies

Most web browsers accept cookies by default. You can modify your browser settings to decline cookies, though this may affect website functionality.

International Data Transfers

Tesseran QMS is primarily hosted on infrastructure located in the United States. If you are located outside the United States, your information may be transferred to, stored, and processed in the United States.

By using our Service, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy. We implement appropriate safeguards to protect your information regardless of where it is processed.

For customers subject to GDPR or other international data protection laws, we can provide a Data Processing Addendum (DPA) upon request. Contact us at contact@quokka-analytics.dev for more information.

Children's Privacy

Tesseran QMS is a business-to-business (B2B) service intended for use by companies and professionals. We do not knowingly collect personal information from children under 13 years of age. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users for significant changes
  • Displaying a notice in the Service for substantial updates

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.