ISO 27001 & SOC 2 Certified
QuarkCube maintains the highest standards of data protection with ISO 27001 and SOC 2 Type II certifications. Your enterprise data is protected with bank-grade security measures.
1. Overview
QuarkCube ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our multi-dimensional data platform, applications, and services.
As a provider of enterprise financial and operational data platforms, we understand the critical importance of data privacy and security in business operations. This policy applies to all users of our platform, including but not limited to:
- QuarkCube Platform users and administrators
- Application users (QuarkPlan, QuarkClose, QuarkFlare, etc.)
- Website visitors and prospects
- Service clients and consulting customers
- Partners and vendors
Quick Summary: We only collect data necessary to provide our services, never sell your information, and employ enterprise-grade security measures to protect your data.
2. Information We Collect
2.1 Platform and Application Data
When you use our platform and applications, we collect and process:
- Business Data: Financial records, operational data, employee information, and other business metrics uploaded to or processed through our platform
- Configuration Data: System settings, user preferences, dashboard configurations, and custom business rules
- Integration Data: Data synchronized from your ERP, CRM, and other connected systems
- Analytical Results: Reports, insights, and analytical outputs generated by our platform
2.2 Account and User Information
- Registration Information: Name, email address, job title, company information, phone number
- Authentication Data: Login credentials, security tokens, multi-factor authentication details
- Profile Information: User preferences, role assignments, department affiliations
- Billing Information: Payment details, billing addresses, subscription information
2.3 Usage and Technical Information
- Log Data: IP addresses, browser types, access times, pages viewed, system interactions
- Performance Data: System performance metrics, error logs, usage patterns
- Device Information: Operating system, browser version, screen resolution, device type
- Communication Records: Support tickets, chat logs, email correspondence
3. How We Use Your Information
3.1 Platform Operations
- Provide and maintain our multi-dimensional data platform
- Process and analyze your business data according to your instructions
- Generate reports, dashboards, and analytical insights
- Facilitate data integration and synchronization
- Ensure platform security and prevent unauthorized access
3.2 Service Delivery
- Deliver consulting and implementation services
- Provide technical support and customer assistance
- Customize applications and develop solutions
- Conduct training and onboarding activities
- Monitor system performance and optimize operations
3.3 Business Operations
- Process payments and manage subscriptions
- Communicate about platform updates and new features
- Conduct security monitoring and incident response
- Analyze usage patterns to improve our services
- Comply with legal and regulatory requirements
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal or business information. We may share information only in the following circumstances:
4.1 Service Providers
We work with trusted third-party service providers who assist in platform operations:
- Cloud infrastructure providers (AWS, Azure, Google Cloud, Oracle Cloud)
- Payment processors and billing service providers
- Customer support and communication tools
- Security monitoring and compliance services
- Analytics and performance monitoring tools
All service providers are bound by strict confidentiality agreements and data processing terms.
4.2 Business Partners
With your explicit consent, we may share information with:
- ERP implementation partners for system integration
- Certified consultants providing specialized services
- Technology partners for enhanced functionality
4.3 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process and regulatory requirements
- Protect our rights, property, and safety
- Protect the rights and safety of our users
- Investigate potential fraud or security incidents
5. Data Security
Enterprise-Grade Security Measures
Our security framework includes multiple layers of protection designed for enterprise financial data:
- ISO 27001 Information Security Management certification
- SOC 2 Type II compliance for service organization controls
- AES-256 encryption for data at rest and in transit
- Multi-factor authentication and single sign-on capabilities
- Regular security audits and penetration testing
- 24/7 security monitoring and incident response
5.1 Technical Safeguards
- Encryption: All data encrypted using industry-standard AES-256 encryption
- Access Controls: Role-based access with principle of least privilege
- Network Security: Firewalls, intrusion detection, and secure protocols
- Data Centers: Certified facilities with physical security controls
- Backup Systems: Encrypted backups with geographically distributed storage
5.2 Administrative Safeguards
- Comprehensive security policies and procedures
- Employee background checks and security training
- Incident response and breach notification procedures
- Regular security assessments and compliance audits
- Vendor security management programs
6. Data Retention
6.1 Retention Periods
- Active Account Data: Retained throughout the duration of your subscription
- Business Data: Retained as specified in your service agreement, typically until account termination plus 90 days
- Backup Data: Maintained for disaster recovery purposes for up to 7 years
- Log Data: Retained for 12 months for security and compliance purposes
- Financial Records: Retained for 7 years as required by applicable regulations
6.2 Data Deletion
Upon account termination or data deletion request:
- Active data deletion within 30 days of termination
- Backup data deletion within 90 days
- Secure deletion methods that prevent data recovery
- Certificate of destruction provided upon request
7. Your Privacy Rights
7.1 Access and Control
You have the right to:
- Access: Request copies of your personal information
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Export your data in standard formats
- Restriction: Limit how we process your information
- Objection: Object to certain types of data processing
7.2 International Privacy Rights
For users in various jurisdictions, you may have additional rights under applicable privacy laws:
- Right to be informed about data processing
- Right to withdraw consent at any time
- Right to lodge complaints with supervisory authorities
- Right to data portability in machine-readable formats
9. International Data Transfers
As a global platform, we may transfer data internationally. All transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by European Commission
- Adequacy decisions for transfers to approved countries
- Binding Corporate Rules for intra-group transfers
- Additional safeguards including encryption and access controls
9.1 Data Processing Locations
Data may be processed in:
- United States (primary data centers)
- European Union (for EU customers)
- Other jurisdictions as required for service delivery
10. Regulatory Compliance
10.1 Financial Regulations
We comply with relevant financial data protection regulations:
- Sarbanes-Oxley Act (SOX) requirements
- Gramm-Leach-Bliley Act (GLBA) privacy provisions
- PCI DSS for payment card data security
- Industry-specific data protection requirements
10.2 International Standards
- International privacy and data protection regulations
- Cross-border data transfer compliance
- Regional data protection requirements
- Other applicable national and regional privacy laws
11. Children's Privacy
Our platform is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete such information promptly.
12. Privacy Policy Changes
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:
- Notify users of material changes via email or platform notifications
- Post updated versions on our website with revision dates
- Provide 30 days' notice for significant changes
- Obtain consent where required by applicable law
Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
13. Contact Information
Privacy Questions and Requests
For privacy-related questions, data requests, or to exercise your privacy rights, please contact us:
We respond to privacy requests within 72 hours and resolve most issues within 30 days as required by applicable privacy regulations.
Thank You for Trusting QuarkCube
Your privacy and data security are fundamental to our mission of providing enterprise-grade financial and operational platforms.