Privacy Policy
Last updated: 15 July 2026
This Privacy Policy explains how Zafronix LLC ("Zafronix", "we", "us"), a Wyoming, USA limited liability company, collects, uses, discloses, and protects information in connection with the QORA platform ("QORA", the "Service") and the website at qoraguard.com (the "Site").
Questions about this policy or your data? Email privacy@zafronix.com.
1. Our role: controller vs. processor
For visitors to the Site and for our own business contacts, Zafronix is the data controller. When we process data on behalf of a business customer through QORA — including video feeds, detections, and any analytics a customer enables — Zafronix acts as a data processor, and the customer is the controller responsible for lawful basis, notices, and subject requests. This policy describes both roles.
2. Information we collect
From Site visitors
- Usage & device data — pages viewed, referrer, approximate location, browser and device type, collected via analytics cookies (see §5).
- Contact information — your name, email, company and message when you email us or request a demo.
From QORA customers & users
- Account data — name, work email, role, and authentication events (QORA uses passwordless magic-link and/or SSO sign-in).
- Configuration data — sites, cameras, devices, triggers and settings you create.
- Operational data — video frames, snapshots, detections, incidents, audit logs and notifications generated by the Service.
3. How we use information
- Provide, secure, operate and improve the Service and the Site.
- Authenticate users, prevent abuse, and maintain audit trails.
- Respond to demo requests, support and enquiries.
- Meet legal, tax and regulatory obligations.
Where required, our legal bases include performance of a contract, our legitimate interests in operating and securing the Service, your consent (e.g., non-essential cookies), and compliance with law.
4. Video, detections & biometric data
QORA analyzes camera feeds to detect events. By default, sensitive analytics — including any facial recognition or other biometric identifiers — are disabled. They can only be enabled by an authorized administrator, per customer and per site, after the customer accepts supplemental terms accepting responsibility for lawful basis and required notices.
- Human-in-the-loop. QORA never takes an automated adverse action against an individual based on a match. Potential matches are surfaced to a human for review and confirmation.
- Producer-side gating. A biometric identifier is not computed at all for a customer or site that has not enabled the feature.
- Retention. Biometric templates and related data are subject to tight, configurable retention and deletion controls.
Where a customer enables such features, the customer is the controller and is responsible for obtaining any consent and providing any notice required by applicable law (for example, the Illinois Biometric Information Privacy Act (BIPA), GDPR Article 9, or other biometric-privacy laws).
5. Cookies & analytics
The Site uses Google Analytics (measurement ID G-530ECB4SNM) to understand aggregate usage. This sets cookies and processes usage data as described in our Cookie Policy. You can decline non-essential cookies through your browser settings and, where offered, Google's opt-out tools.
6. How we share information
- Service providers — infrastructure, email delivery, and analytics vendors bound by contract to process data only on our instructions.
- Customers — operational data is made available to the customer that owns it.
- Legal — where required by law, or to protect rights, safety and security.
- Business transfers — in connection with a merger, acquisition or asset sale, subject to this policy.
We do not sell personal information.
7. Retention
We keep information only as long as needed for the purposes above, to comply with law, and to resolve disputes. Operational data retention within QORA is configured by the customer. Analytics data is retained per our analytics settings.
8. Security
We use technical and organizational measures including encryption in transit, access controls, credential encryption, and audit logging. No system is perfectly secure; we work to protect information in line with industry practice.
9. Your rights (GDPR / CCPA / BIPA)
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, to object to certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and delete, and to opt out of "sharing" for cross-context behavioral advertising. To exercise any right, email privacy@zafronix.com. If your data is processed by QORA on behalf of a customer, we will refer your request to that customer.
10. International transfers
We are based in the United States and may process information there and in other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for transfers of personal data out of the EEA/UK.
11. Children
The Service and Site are intended for businesses and are not directed to children under 16. We do not knowingly collect their personal information.
12. Changes
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, additional notice.
13. Contact
Zafronix LLC (Wyoming, USA)
Privacy: privacy@zafronix.com
General & product: qora@zafronix.com