Privacy Policy

How Qefro handles personal data for the marketing site, Admin Console, Internal Portal, website widget, WhatsApp, and APIs.

Last updated: 2026-07-18

This Privacy Policy explains how Qefro (“Qefro,” “we,” “us”) collects, uses, and shares information when you visit qefro.com, use the Admin Console at app.qefro.com, the Internal Portal, the website widget, WhatsApp experiences, or related APIs at api.qefro.com.

1. Who we are

Qefro provides an AI Workspace Platform for organizations — Customer AI, Employee AI, knowledge retrieval, and Business Actions. Contact: support@qefro.com.

2. Information we collect

Account and organization data

  • Name, work email, organization name, and authentication-related data needed to create and secure accounts
  • Role and membership information (Owner, Admin, Member), team and workspace assignments
  • Billing and subscription records processed via our payment provider (Razorpay), including invoices and payment status

Customer content (organization-controlled)

  • Documents and crawled content you upload to workspaces
  • Assistant instructions, Business Tool configurations, and encrypted credentials you store for integrations
  • Conversation transcripts, citations, feedback, leads captured by the widget, and tool execution logs

End-user identity you forward

If you call the widget identify() API, your application may send end-user identifiers (such as id, email, name) and authentication material (JWT or session token) so Business Actions can run in that user’s context. Qefro does not replace your identity provider; you remain responsible for how you obtain and forward that identity.

Technical and usage data

  • IP address, device/browser metadata, approximate location derived from IP, and request logs
  • Product analytics needed to operate quotas, rate limits, reliability, and abuse prevention
  • Cookies or local storage for theme preference, session continuity, and (where enabled) marketing analytics such as Microsoft Clarity on the marketing site

3. How we use information

  • Provide, secure, and improve the Qefro platform
  • Authenticate users, enforce RBAC, isolate tenants and workspaces, and prevent abuse
  • Process payments, send transactional email (verification, invites, invoices, security notices)
  • Generate AI answers and Business Actions using your organization’s configured knowledge and tools
  • Respond to support requests and legal obligations

We do not use your organization’s customer content to train foundation AI models. Outbound model calls may include PII scrubbing controls as described on our Security page.

4. Sharing

We share information only as needed to operate the service, including:

  • Infrastructure and subprocessors that host compute, storage, email, and related services under contract
  • Payment processors (Razorpay) for checkout and billing
  • Model / inference providers required to generate answers, subject to our security controls
  • Your own systems when Business Tools or webhooks call APIs you configure
  • Legal disclosure when required by law or to protect rights and safety

We do not sell personal information.

5. Retention

We retain account, billing, conversation, and log data for as long as needed to provide the service, meet legal/accounting requirements, resolve disputes, and enforce agreements. Organizations may delete documents, members, and certain configurations from the Admin Console; contact support@qefro.com for account closure requests.

6. Security

We use multi-tenant isolation, workspace isolation, encryption in transit, encrypted secrets for Business Tools, SSRF protections for outbound tool calls, and access controls described on qefro.com/security. No method of transmission or storage is 100% secure.

7. International transfers

Qefro is operated globally. Your information may be processed in countries other than where you are located. Enterprise customers seeking private deployment or specific data-processing terms should contact Sales.

8. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. Organization Owners/Admins control most workspace content. Email support@qefro.com to exercise privacy requests. You can also stop using the service and request account deletion.

9. Children

Qefro is designed for business use and is not directed to children under 16.

10. Changes

We may update this policy. Material changes will be reflected by updating the “Last updated” date on this page and, when appropriate, notifying account Owners by email or in-product notice.

11. Contact

Privacy questions: support@qefro.com · Contact form · Related: Terms of Service, Security.