1. Data Controller
The data controller for personal data collected through qusto.io and the Qusto platform is:
Qusto
Email: compliance@qusto.io
2. Data We Collect
We collect the minimum data necessary to provide our service:
- Account data: Business email address, chosen password (hashed), and the store URL you provide at registration.
- Beta application data: Email address, store URL, and e-commerce platform submitted via the beta application form.
- Usage data: Aggregate, anonymised analytics about how the Qusto dashboard is used (page views, feature interactions). No individual user journeys are tracked.
- Analytics event data: Events sent from your store to Qusto (page views, orders, funnel steps). Customer identity within these events is represented by opaque operator-issued tokens — no PII (name, email, address) is transmitted or stored.
- Technical data: Server logs containing IP addresses (retained for 7 days for security purposes), browser type, and request timestamps.
3. Legal Basis for Processing (GDPR)
- Contract (Art. 6(1)(b)): Processing your account and store data is necessary to provide the Qusto service you sign up for.
- Legitimate interest (Art. 6(1)(f)): Server logs and security monitoring are processed in our legitimate interest to protect the platform and its users.
- Consent (Art. 6(1)(a)): Marketing communications, if any, are sent only with your explicit opt-in.
4. Cookies and Tracking
Qusto does not use tracking cookies. We do not place any third-party cookies, advertising pixels, or cross-site tracking scripts on our website or within the analytics platform. A single session cookie is used solely for authentication (keeping you logged in); it contains no tracking data and expires when you close your browser.
Because we do not use tracking cookies, no consent banner is required on your store when using Qusto for analytics.
5. Data Storage and Transfers
All personal data is stored on servers located within the European Union. We do not transfer personal data to countries outside the EEA. Our infrastructure providers are contractually bound to process data only on our instructions and within the EU.
6. Data Retention
- Account data: Retained for the duration of your account. Deleted within 30 days of account closure.
- Analytics event data: Retained for the period covered by your subscription plan. Exportable at any time.
- Beta application data: Retained for 12 months or until your account is created, whichever is earlier.
- Server logs: 7 days.
7. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restriction: Request that we limit processing of your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
To exercise any of these rights, contact us at compliance@qusto.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
8. Third-Party Services
We use the following third-party services in the operation of qusto.io:
- Formspree — processes beta application and contact form submissions on our behalf. Formspree's privacy policy is available at formspree.io/legal/privacy-policy.
We do not use Google Analytics, Meta Pixel, LinkedIn Insight, or any other third-party tracking services.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact
For any privacy-related questions or to exercise your rights:
compliance@qusto.io