Privacy Policy

Queria (hereinafter "we" or "the Service") is committed to protecting the privacy of its users. This Privacy Policy describes how we collect, use, store, and protect the personal information of users who use our AI-based knowledge management platform.

Effective date: October 29, 2025 Last updated: October 29, 2025

We collect the following categories of data:

Registration Data:

• First and last name
• Corporate email address
• Company name
• Number of employees
• Corporate role

Usage Data:

• System access logs
• Search queries performed
• Uploaded documents (content and metadata)
• AI conversation history
• Usage metrics (frequency, session duration)

Technical Data:

• IP address
• User agent and browser
• Operation timestamps
• System performance data

Corporate Documents: The documents you upload to the platform remain your exclusive property. We act solely as a data processor under GDPR.

We use collected data to:

• Service Delivery: Provide semantic search, AI chat, and knowledge management functionalities
• Service Improvement: Analyze usage to optimize performance and user experience
• Technical Support: Resolve technical issues and respond to support requests
• Security: Prevent unauthorized access, fraud, and system abuse
• Compliance: Meet legal and regulatory obligations

We never use your data or documents for:

• Training commercial AI models
• Sharing with third parties for marketing purposes
• Selling to data brokers or other companies

Data processing is based on:

• Contract execution: Data is necessary to provide the requested service (Art. 6.1.b GDPR)
• Legitimate interest: Service improvement and security (Art. 6.1.f GDPR)
• Consent: For marketing communications (Art. 6.1.a GDPR)
• Legal obligations: Data retention for fiscal/legal compliance (Art. 6.1.c GDPR)

We do not sell or share your data with third parties, except:

Necessary Sub-processors:

• Hosting providers (on-premise servers or private cloud)
• Backup and disaster recovery services
• Monitoring and alerting tools

All sub-processors are bound by GDPR-compliant Data Processing Agreements (DPA).

Legal Requests: We may disclose data only in case of:

• Court order or request from competent authorities
• Protection of company legal rights
• Prevention of fraud or illegal activities

We implement technical and organizational security measures:

Technical Measures:

• Encryption at-rest (AES-256) for all data
• Encryption in-transit (TLS 1.3) for all communications
• Multi-factor authentication (MFA)
• Network segmentation and firewall
• Complete audit logs

Organizational Measures:

• Access control based on least privilege principle
• Background checks for technical staff
• Periodic security training
• Documented incident response plan
• Annual third-party penetration testing

On-Premise Deployment: With on-premise deployment, you maintain complete physical control of servers and data.

We retain data for:

• Account data: For the duration of the contract + 2 years (fiscal obligations)
• Corporate documents: Until deletion by you or contract termination
• System logs: 12 months (security and audit)
• Backups: 90 days (disaster recovery)

Upon account deletion, all data is eliminated within 30 days, including backups.

You have the following rights:

• Access (Art. 15): Request a copy of your data
• Rectification (Art. 16): Correct inaccurate data
• Erasure (Art. 17): "Right to be forgotten"
• Restriction (Art. 18): Limit processing
• Portability (Art. 20): Receive data in machine-readable format
• Objection (Art. 21): Object to processing
• Withdraw consent: Withdraw consent at any time

To exercise your rights: privacy@queria.pro

Response time: Within 30 days of request.

We use technical cookies necessary for service operation:

• Session cookies: Authentication and session management
• Preference cookies: Save language and UI preferences

We do not use:

• Profiling cookies
• Third-party cookies for advertising
• Social media tracking pixels

You can manage cookies from your browser settings.

With on-premise deployment, data remains physically in your data centers.

For cloud deployments, we guarantee:

• Data centers in the European Union
• Standard Contractual Clauses (SCC) approved by EU Commission
• Compliance with Schrems II decision

We may update this Privacy Policy periodically. Substantial changes will be communicated via email with at least 30 days' notice.

Current version: v1.0 (October 29, 2025)

For privacy questions:

Data Controller: Azero S.r.l. Via Example, 123 20100 Milano, Italy

Data Protection Officer (DPO): Email: dpo@queria.pro PEC: queria@pec.it

Supervisory Authority: In case of complaint, you can contact the Data Protection Authority: www.garanteprivacy.it