Privacy Policy

Voss Integrity LLC — operating the QenSAi platform and its products, including AIAGF, BDD (bots.qensai.dev), Crown Ledger / Cashflow Budgeting, King PBI, the QenSAi Operator Queue System, QenSAi Single Sign-On, the Q-En-S-Ai governance vault, System Logic Kit, and SysSecureOps (each a "Service," together the "Services").

Last updated: 2026-06-06

This is our launch-stage privacy policy. It states our practices as of the date above. We will update it before we introduce any new category of data collection (for example, analytics, advertising pixels, or tracking technologies), and the "Last updated" date will always reflect the most recent revision.

1. Our core commitment

We do not sell your personal information. We do not share your personal information for advertising. We do not run third-party analytics, advertising pixels, behavioral-tracking SDKs, or data brokers on our Services. We collect the minimum personal information needed to operate the Services, and wherever a Service can do its job without sending your content to our servers, it does.

If you only read one section, read this one — the rest of this Policy explains it in detail.

2. Who we are

The Services are operated by Voss Integrity LLC ("we," "us," "our"). This Policy applies to every Service listed above. For privacy questions or to exercise your rights, contact privacy@qensai.dev.

3. Information we collect

We keep collection to a minimum. Depending on which Service you use, we may collect:

  • Account and authentication data. Your email address, a hashed-and-salted password (we never see your plaintext password), optional multi-factor authentication (MFA) credentials, an internal account identifier, and your session token. Authentication is handled by our provider, Supabase Auth.
  • Subscription and billing data. When you purchase a subscription or product, our payment processor (Stripe) handles your card details — we never receive, store, or have access to your card number. We see only Stripe-generated identifiers, the email you provided, and which plan you bought.
  • Content you choose to enter into a Service. Some Services let you enter or upload data (for example, budgeting records, data files, prompts, or business records). Where a Service is designed to process this data in your browser, that data stays on your device and is not transmitted to or stored on our servers. Where a Service stores your content to provide the feature you asked for, we hold only what is necessary for that feature and protect it as described in Section 6.
  • Limited operational logs. Standard server and security logs (such as request metadata and governance/audit events) needed to run, secure, and debug the Services. These do not include advertising or behavioral-tracking data.
  • Contact-form messages. If you contact us, we receive the name, email, and message you send so we can reply.

We do not collect advertising identifiers, cross-site tracking data, behavioral profiles, or any data from third-party trackers (because we use none).

4. How we use information

We use personal information only to:

  • Provide, operate, secure, and maintain the Services;
  • Authenticate you and keep you signed in;
  • Process your payments and manage your subscription and feature access;
  • Respond to your messages and support requests;
  • Send transactional and operational emails (for example, welcome, password-reset, billing, and security notices) through our email provider (Resend);
  • Maintain audit and governance records needed to operate our products responsibly; and
  • Comply with law and protect the rights, safety, and security of our users and the Services.

We do not use your personal information for behavioral advertising, targeted advertising, or sale, as those terms are defined under applicable privacy laws.

4.A AI model training

We do not train any underlying third-party AI model (such as Anthropic, OpenAI, xAI, or open-source models) on your personal content. Where a Service routes a prompt to an AI provider, that provider's own terms govern its handling; by default those providers do not train on API data, and we do not enable any opt-in training-data sharing. Any product that learns from usage does so only from system-derived governance signals (such as which checks fired), never from your prompt text, outputs, financial records, uploaded files, or other content — and any such learning is disclosed in-product and, where applicable, is off by default and requires your explicit opt-in.

5. How we share information

We share personal information only with service providers who help us run the Services, and only so they can perform that function for us under contract. They are not permitted to use your information for their own purposes. Our providers include:

  • Supabase — authentication and database hosting
  • Stripe — payment and subscription processing
  • Resend — transactional email delivery
  • Vercel — application hosting
  • AI inference providers (for example, Anthropic, OpenAI, xAI, RunPod), where you use AI features — they receive only the prompt needed to fulfill your request
  • Microsoft / Airtable — only where you connect your own account or tenant to an optional integration

We may also disclose information (a) to comply with law or a lawful request, (b) to protect the rights, safety, or security of any person or our Services, or (c) in connection with a merger, acquisition, financing, or sale of assets (in which case we will notify you of any transfer that materially affects this Policy).

Because our products share a single billing account and identity layer, if you use more than one Service your account and entitlement records may be associated across our products. This co-location does not make your data available to anyone outside Voss Integrity.

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

6. Security

We protect personal information with: HTTPS/TLS encryption in transit; encryption at rest for sensitive stored data (AES-256-GCM where applicable); salted password hashing handled by our authentication provider; optional multi-factor authentication; and row-level security so each user can access only their own data. No method of transmission or storage is perfectly secure, but we use commercially reasonable measures and will notify you and the appropriate authorities of a security incident affecting your personal information to the extent required by law.

7. Data retention

We keep personal information only as long as we have a lawful basis to do so:

  • Account data — for the life of your account; deleted after account closure (subject to a short rollback window).
  • Billing / subscription records — retained as required by tax and accounting law (typically up to 7 years).
  • Content processed in your browser — not retained by us; it lives only on your device.
  • Audit / governance logs — retained for a limited period for security and integrity, then purged.
  • Contact-form messages — retained only as long as needed to handle your inquiry.

Payment records held by Stripe and email-delivery logs held by Resend follow those providers' own retention policies.

8. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, export (data portability), or restrict / object to the processing of your personal information, to withdraw consent, and to not be discriminated against for exercising these rights. Residents of California (CCPA/CPRA), other U.S. states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, and others), the EU/EEA and UK (GDPR/UK GDPR), Canada, and Brazil have rights under their respective laws.

To exercise any right, email privacy@qensai.dev with a short description of your request (for example, "Data Subject Request — Deletion"). Please use the email address associated with your account so we can verify your identity. We respond within the time required by applicable law (generally 30–45 days). If we deny a request, you may appeal by replying with the subject line "Appeal."

Many controls are also available directly in-product, including updating your account, managing MFA, canceling your subscription, and clearing locally-stored data.

9. Do Not Sell or Share / Global Privacy Control

We do not sell or share your personal information, so no opt-out is necessary. We nonetheless provide a Do Not Sell or Share My Personal Information page and we honor the Global Privacy Control (Sec-GPC: 1) browser signal as a verified opt-out request, recorded for audit. See the Do Not Sell page for details.

10. Cookies and local storage

We use only strictly necessary and functional cookies and browser storage — for example, to keep you signed in and to remember your in-app preferences. We do not use advertising cookies, tracking pixels, fingerprinting, or third-party analytics. Because we do not track or advertise, we do not display a cookie consent banner by default.

11. International transfers

Our service providers are primarily located in the United States. If you use the Services from outside the U.S. (including the EEA, UK, Switzerland, Canada, or Brazil), your personal information will be transferred to and processed in the U.S. and other countries where our providers operate. For transfers from the EEA/UK/Switzerland we rely on Standard Contractual Clauses or an equivalent transfer mechanism maintained by each provider.

12. AI transparency

Several of our Services use AI. When you interact with an AI system, that fact is disclosed, and AI-generated output is presented as such. AI output may be inaccurate or incomplete and is provided for your information only — you are responsible for reviewing it before relying on it. Our Services do not make legally or similarly significant decisions about you automatically.

13. Children's privacy

The Services are not intended for anyone under 18. We do not knowingly collect personal information from anyone under 18. A one-time age confirmation is presented at signup. If you believe a minor has provided us personal information, contact privacy@qensai.dev and we will delete it.

14. Changes to this Policy

We may update this Policy to reflect changes in our practices or the law. When we make material changes — including before we add any new tracking, analytics, or advertising technology — we will update the "Last updated" date and, where appropriate, notify you by email or an in-product notice.

15. Contact us

Voss Integrity LLC — privacy inquiries: privacy@qensai.dev (a postal address is available on request).

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data-protection supervisory authority.

Last updated: 2026-06-06 · Voss Integrity LLC