- Analytics run only if you accept cookies — reject, and nothing is loaded.
- We never sell personal data, and the mobile apps contain no ad tracking.
- Feedback you give a business through Qmeter belongs to that business — we process it on their instructions.
- Personal data in the platform is masked by default, and every reveal is audit-logged.
- Erasure requests run through a dedicated GDPR deletion workflow with a recorded outcome.
The summary is a courtesy — the full policy below is what applies.
1. Who we are
Qmeter (“Qmeter”, “we”, “us”) provides a customer experience and feedback management platform. We operate this website (qmeter.net), the Qmeter platform (app.qmeter.net), and the Qmeter mobile apps, from offices in Dubai (United Arab Emirates), Baku (Azerbaijan), and Germany.
This policy explains what personal data we handle, why we handle it, and what rights you have. It covers everyone we interact with: visitors to this website, people who contact us, businesses that use the Qmeter platform, and the people who answer surveys run through it. For any privacy question, write to info@qmeter.net.
Qmeter acts in two distinct roles: as a controller for this website and our own business relationships, and as a processor for the feedback data our customers collect through the platform. Section 12 explains the split in detail.
2. The data we collect
What we collect depends on how you interact with Qmeter.
Website visitors
If you accept analytics cookies (section 4), we collect usage data: pages viewed, approximate location, and device and browser details. Independently of cookies, our servers and error-monitoring keep technical logs — request details and, where relevant, IP addresses — to keep the site running and to diagnose failures. When a form with a phone field loads, your browser calls an IP-based country-lookup service so we can pre-select your country code; the service returns a country code and nothing more.
People who contact us
When you request a trial, quote, or consultation, or send us a question, we collect the details you enter — typically your full name, email address, company name, phone number, country, and your message. Forms on this website are submitted to Qmeter’s own backend (front-api.qmeter.net), not to a third-party form service.
Platform customers and their users
For businesses using the Qmeter platform, we process account and profile data (name, work email, role, phone), configuration such as branch assignment and permissions, licence details, and session security data such as login attempts, login IP addresses, and browser user agents. Where payments are made, they are processed by external payment providers; Qmeter does not store full card details on its own servers.
Survey respondents
If you answer a survey run through Qmeter by a business you deal with, Qmeter processes your responses on behalf of that business: ratings, comments, any contact fields you choose to fill in, and — where the survey includes them — optional media, voice, or video responses, together with context such as the branch, service, and channel the feedback came through. That business decides what is asked and why; Qmeter processes the answers on its instructions (section 12).
3. Purposes and legal bases
Where the GDPR or a similar law applies, we rely on the following legal bases:
- Consent — analytics cookies and similar technologies (section 4), and any marketing communications you explicitly sign up for. You can withdraw consent at any time.
- Contract — responding to your inquiry or trial request, onboarding, and providing, supporting, and billing the Qmeter platform under our agreement with your organisation.
- Legitimate interests — keeping the website and platform secure, preventing abuse, monitoring and fixing errors, improving our services, and establishing or defending legal claims. We balance these interests against your rights and freedoms.
For survey respondent data, the purposes and legal basis are determined by the business that collects your feedback, acting as controller.
5. Third-party services
We keep the list of third parties short, and we name them. We do not sell personal data to anyone.
- Google Tag Manager & Google Analytics 4 (Google) — consent-gated website analytics and tag management (section 4).
- Sentry — error monitoring on our servers. When something breaks, technical details of the failing request (URL, request metadata and, in some cases, IP address) are logged so we can fix it. We do not run Sentry in your browser.
- jsDelivr (CDN) — serves the small country-flag images in our forms. Your browser requests those images directly, so jsDelivr sees your IP address, as with any content delivery network.
- country.is — IP-based country lookup used to pre-select the country code in forms; it receives your IP address and returns a country code.
- SMS and email gateways — survey invitations, campaigns, and ticket emails from the platform are sent through SMTP servers and SMS gateways that each customer configures with providers of its own choice. Qmeter does not select those providers.
- AI providers — AI features are off by default and run only after a customer enables them with its own API key. Only the structure of a query (the schema) is sent to the AI provider — never customer records, response texts, or personal notes.
- Customer-connected integrations — customers may connect their own services to the platform (for example CRM systems or Google Reviews). Those connections operate on the customer’s instructions and under the third party’s own terms.
6. Data retention
- Inquiries and leads — kept as long as needed to handle your request and any business relationship that follows, then deleted or anonymised.
- Website analytics — retained according to the settings of the tools listed in section 4; the consent cookie itself lasts about 180 days.
- Platform data — retained while the customer’s agreement is active. The platform includes a retention feature: administrators set a data-retention window, and respondents who stay inactive beyond it are anonymised automatically — statistics survive, personal data does not.
- After a contract ends — personal data processed for a customer is deleted, anonymised, or returned in line with the agreement, except where law requires us to keep specific records longer.
7. Your rights
Where the GDPR or a similar law applies, you have the right to access your personal data, rectify inaccurate data, request erasure (the “right to be forgotten”), restrict or object to processing, receive a portable copy of data you provided, withdraw consent at any time without affecting earlier processing, and complain to a data protection supervisory authority.
To exercise your rights with Qmeter, email info@qmeter.net. We may ask you to verify your identity, and we respond without undue delay — at the latest within one month where the GDPR applies.
If you are a survey respondent, the business that collected your feedback is the controller of that data, so the quickest route is to contact them directly. Inside the platform, erasure requests enter a dedicated Deletion Requests queue that records the reason, the channel the request came through, and an SLA deadline. When a request is approved, your personal data is anonymised across the entire system while the anonymous responses keep the statistics intact; if it is denied, the reason is recorded. Either way, the decision stays in the audit trail. If you contact us directly about data one of our customers controls, we will pass your request to them and support its handling.
8. Security measures
We apply industry-standard technical and organisational measures, and the platform is designed so that personal data is visible strictly on a need-to-know basis:
- Personal contact fields (emails, phone numbers) are masked by default; revealing them requires a dedicated PII permission.
- Every reveal is audit-logged — who revealed which field, and when.
- Access is controlled through role-based permissions (Full or View, per module) and branch scoping, so users only see the data of their own locations.
- Every customer record carries an immutable audit log of the operations performed on it.
- Data is encrypted in transit (HTTPS/TLS).
No online service can promise absolute security, and we do not. What we can say is that the platform is built to make data protection the default rather than an afterthought — see how these protections work in the product. Organisations with strict data-residency requirements can also run Qmeter on-premise, on their own servers.
9. International data transfers
Qmeter operates from the United Arab Emirates, Azerbaijan, and Germany, so personal data may be processed in those countries. Some of the third-party services listed in section 5 may process data in other countries, including the United States.
Where the GDPR applies and personal data is transferred outside the European Economic Area, we rely on appropriate safeguards where required — such as contractual protections with the receiving provider. Enterprise customers who need data to stay entirely within their own infrastructure can choose the on-premise deployment option, in which case respondent data does not leave their environment at all.
10. Children's privacy
Our website and services are directed at businesses, not at children, and we do not knowingly collect personal data from children for our own purposes.
Some of our customers are schools and universities measuring student and parent experience. In those deployments the institution is the controller: it decides what is asked, obtains any consents required by the laws that apply to it (including parental consent where required), and instructs Qmeter as its processor. The platform’s masking, retention, and anonymisation tools described in this policy are available to support those obligations.
11. Mobile apps
The Qmeter mobile apps for iOS and Android are companions to a Qmeter platform account — used by teams to work with feedback and by businesses to collect it on tablets and kiosks. The apps collect only what the platform account requires: your login credentials and the work data your role gives you access to. They contain no advertising SDKs and no ad tracking, they do not track you across other companies’ apps or websites, and we do not sell app data.
Device permissions such as camera, microphone, or photo access are requested only when a feature needs them — for example when a survey includes media, voice, or video responses — and you can decline or revoke them in your device settings. In kiosk mode, responses collected while the device is offline are stored on the device and synced to the platform once the connection is restored.
This section is written to match the privacy details we publish on the App Store and Google Play listings; if the apps change, we update both.
12. Controller and processor roles
Qmeter as controller. For data about website visitors, people who contact us, and our customers’ account users, Qmeter decides the purposes and means of processing and is the controller. Sections 2–6 describe that processing.
Qmeter as processor. For survey responses and respondent profiles collected through the platform, our customer — the business you gave feedback to — is the controller. Qmeter processes that data only on the customer’s documented instructions and provides the tools controllers need to meet their own obligations: the deletion-request workflow, configurable retention with auto-anonymisation, PII masking, audit logs, and data export.
A data processing agreement (DPA) covering these commitments, including the use of sub-processors, is available to customers on request at info@qmeter.net.
13. Changes to this policy and how to reach us
We may update this policy as the website, platform, or law changes. When we do, we revise the “Last updated” date at the top of this page, and for material changes we say so on the website. The current version always lives at qmeter.net/privacy.
For privacy questions, requests, or the DPA, contact info@qmeter.net or write to any of our offices:
- Dubai — 360 Business Center, City Tower 2, Sheikh Zayed Road, Dubai, United Arab Emirates
- Baku — SKS Plaza, Fuzuli str. 49, Baku, Azerbaijan
- Germany — Haardtstr. 43, 57076 Siegen, Germany
Our Terms of Service cover use of the website itself, and our contact page lists every way to reach the team.