Privacy Policy
1. Privacy Overview
Quibit, Inc. ("Quibit," "we," "us," or "our") operates Quibit Suite — a business management platform for SME owners and their teams. This Privacy Policy explains how we collect, use, share, and protect personal information in the context of operating a business on Quibit Suite.
Quibit Suite is an owner-side tool. It handles sensitive business data: sales records, employee information, customer data, financial reports, and private internal communications. We take that responsibility seriously.
Quibit Suite operates on a strict privacy model: business data is never surfaced to unrelated users. Owner-defined access controls, role-based permissions, and data isolation are core to how the platform works.
1.1 Key Points
The most important things you should know:
Business owners control what data their team members can see and access
Employee and team member data is private — not visible across businesses
POS transaction data, invoices, and financial records are encrypted and access-controlled
We do NOT sell your business data, customer lists, or financial records to third parties
Owners can download all business data at any time from Settings
Deleted records follow a soft-delete model — owners can restore within 30 days
Customer-facing data on your public page is governed by your own privacy settings
AI features (if enabled) do not train on your private business data
2. Who This Policy Covers
This Privacy Policy applies to three groups of people who interact with Quibit Suite:
2.1 Business Owners & Admins
You have created or administer a business page on Quibit Suite. You control the platform and are responsible for data entered about your business.
Your account credentials and profile information
Business registration details and verification documents
All data you input: products, services, pricing, staff, inventory
Financial records: invoices, expenses, income reports, POS transactions
Communication history via the Suite messaging system
Audit logs of actions taken in your account
2.2 Team Members & Employees
You have been invited to join a business on Quibit Suite. Your employer (the business owner) added you to the platform.
Name, email, and phone number provided at invitation
Role and permissions assigned by the business owner
Tasks assigned to you and their completion status
Attendance and shift records (if your business uses these features)
Messages sent within business channels you are a member of
Actions taken on behalf of the business (POS sales, edits, approvals)
Team members' data is visible to their business owner/admin. It is not visible to other businesses on the platform.
2.3 End Customers (via Business Pages)
You are a customer who interacted with a business operating on Quibit Suite — e.g., made a booking, received an invoice, or messaged the business.
Contact information shared with the business (name, phone, email)
Purchase and booking history with that specific business
Messages sent to the business
Any profile data visible on your Quibit or QuiTalk account (if linked)
Customer data belongs to the business relationship. Quibit, Inc. processes this data as a data processor on behalf of the business owner (the data controller).
3. Information We Collect
We collect different types of data depending on how you use Quibit Suite:
3.1 Business Operational Data
- Transaction records: items sold, quantities, prices, totals
- Payment method (cash, KBZPay, Wave, AYA Pay, CB Pay — no card numbers stored)
- Receipt data and customer-facing receipt metadata
- Refund and void records with reason codes
- Daily, weekly, and monthly sales summaries
- Product catalog: names, descriptions, prices, images, categories
- Stock levels, reorder thresholds, supplier information
- Product variants and custom fields defined by the owner
- Invoices issued and their payment status
- Business expenses logged
- Income records
- Client/vendor contact details attached to financial records
- File attachments (receipts, contracts) stored via Bunny CDN
- Staff profiles: name, role, contact, permissions
- Task assignments, deadlines, and completion records
- Shift schedules and attendance (if enabled)
- Internal notes and delegation history
- Client records added by the business
- Booking and appointment history
- Customer notes and tags
- Communication history
3.2 Platform & Technical Data
Login timestamps and device information
Feature usage patterns (which screens you access, how often)
Error reports and crash logs (via Sentry)
Push notification delivery status
API request logs (for security auditing)
3.3 Files & Attachments
Files uploaded to your business page (images, PDFs, receipts, contracts) are stored on Bunny CDN. Storage is allocated per business page and tracked via our storage quota system.
Product images and media
Invoice and receipt attachments
Business verification documents
Profile and banner images
Each business page has a storage quota. Deleted files are moved to Trash and permanently removed after 30 days unless restored.
4. How We Use Your Information
We use data collected through Quibit Suite for the following purposes:
4.1 Operate the Platform
Process POS transactions and generate receipts
Maintain your inventory, product catalog, and pricing
Generate financial reports and analytics for your business
Manage team member roles, tasks, and access permissions
Deliver push notifications for assigned tasks, approvals, and alerts
Power the business-facing chat and communication channels
Serve your public business page to customers on Quibit/QuiTalk
4.2 Security & Compliance
Authenticate users and enforce role-based access controls
Detect unauthorized access or suspicious activity
Maintain audit logs for accountability
Enforce platform policies (acceptable use, payment terms)
Fulfill legal obligations (tax record retention, court orders)
4.3 Improve the Platform
Analyze aggregated, anonymized usage to improve features
Diagnose bugs and crashes from error reports
Prioritize features based on anonymized usage patterns
We never use your specific business records (transactions, client lists, financial data) to train AI models or for cross-business analytics.
5. Who Can Access Your Data
Quibit Suite is built on a strict role-based access model. Data access is controlled at multiple levels:
The business owner is the data controller for their page. They define roles and permissions. Quibit, Inc. acts as a data processor — we only access business data to operate the platform or respond to legal requirements.
5.1 Role-Based Access
- Full access to all business data across all modules
- Can view all team activity, tasks, and messages in business channels
- Can assign and revoke permissions for all other roles
- Can export or delete all business data
- Access defined by owner — typically includes staff management and task assignment
- May have access to financial reports depending on owner settings
- Cannot change billing or subscription settings
- Access limited to assigned features (e.g., POS only, tasks only)
- Cannot see financial reports or other team members' private data
- Can only see messages in channels they are members of
5.2 Quibit, Inc. Access
Platform engineers can access business data only to resolve support tickets or system issues
Access is logged and audited
We never share business data with other businesses on the platform
We do not perform analytics on individual businesses' financial or customer data
5.3 Third-Party Service Providers
Bunny CDN — file and image storage
AWS SES — transactional email delivery
OneSignal — push notification delivery
Sentry — crash and error reporting (anonymized device/error data only)
KBZPay / Wave / AYA Pay / CB Pay — payment gateway processing (we do not store card or account numbers)
All third-party providers are bound by data processing agreements. They may not use your data for their own purposes.
6. POS & Financial Data Privacy
POS transaction data and financial records are among the most sensitive data in Quibit Suite. We apply enhanced protections:
6.1 POS Data Protections
Transaction records are encrypted at rest (AES-256)
Only roles with explicit POS access can view transaction history
Voided and refunded transactions are retained in audit logs — they cannot be permanently deleted by staff
Receipt data sent to customers does not include internal cost or margin data
No full payment account numbers are stored — only gateway references
6.2 Financial Record Protections
Invoice and expense records are access-controlled by role
Financial exports (CSV, PDF) are watermarked with the requester's name
Tax-relevant records (invoices, receipts) are retained for 7 years per Myanmar and regional legal requirements
Owners can lock financial periods to prevent retroactive edits
7. Employee & Team Member Privacy
Team members invited to Quibit Suite have privacy rights regarding their employment data:
7.1 What Team Members Can Control
View their own task history and completion records
Update their own profile information (name, profile photo, phone)
See which channels they are members of and leave optional channels
Request a copy of their own activity data from the business owner
7.2 What Business Owners Can See About Team Members
Task assignments, completion status, and history
POS transactions processed under their account
Login times and active sessions
Messages in business channels they are members of
Team members should be informed by their employer that their business activity is monitored for operational purposes. This is standard employment practice.
7.3 When a Team Member Leaves
Their account is deactivated (soft-removed) — data is retained for audit and handover purposes
They lose access to all business channels and features
Their completed tasks and transaction records remain in business history
Their personal contact details are retained only as long as needed by the business
8. Your Public Business Page
Quibit Suite allows you to publish a public-facing page at <your-slug>.thequibit.com. The following applies to that public presence:
8.1 What Is Public
Business name, logo, banner, description, and category
Products, services, menus, and pricing that you choose to publish
Booking pages and contact forms
Opening hours and location (if provided)
Public posts and announcements
8.2 What Always Stays Private
POS transaction history and financial reports
Staff details, roles, and internal communications
Inventory cost prices and supplier information
Customer CRM records and contact lists
Internal notes, tasks, and delegation history
9. Data Retention
We retain business data according to the following schedule:
9.1 Retention Periods
- Retained for the lifetime of your business account
- Owners can manually delete records subject to legal retention rules
- Retained for 7 years (Myanmar tax law + standard commercial practice)
- Cannot be permanently deleted during the retention window
- Moved to Trash — restored by owner within 30 days
- Permanently deleted after 30 days in Trash
- Files deleted from CDN on permanent deletion
- Retained for 3 years after the member leaves (employment records standard)
- Activity logs retained for 1 year
- Business data deleted within 90 days of account closure
- Tax-required records retained per legal obligation
- Backups purged within 180 days
10. Data Export & Portability
Business owners have the right to export all data from their Quibit Suite account:
10.1 What You Can Export
Complete transaction and POS history (CSV/PDF)
Invoice and expense records
Customer and CRM records
Product catalog
Staff records and task history
Business analytics and reports
File attachments (ZIP archive)
Exports are available from Settings > Data & Privacy > Download Business Data. Processing takes up to 48 hours for large datasets.
11. Data Security
We implement enterprise-grade security to protect your business data:
11.1 Technical Measures
TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Bcrypt password hashing — plaintext passwords are never stored
JWT-based authentication with short-lived tokens
Role-based access enforcement at the API layer
Audit logs for all sensitive actions (financial edits, permission changes, deletions)
Automated anomaly detection for unusual access patterns
11.2 Breach Notification
We notify affected business owners within 72 hours of a confirmed breach
Notification includes what data was affected and remediation steps
Regulatory authorities notified per applicable law
12. Your Privacy Rights
Business owners and team members have the following rights regarding their personal data:
12.1 Universal Rights
Access — request a copy of all personal data we hold about you
Correction — update inaccurate personal information
Deletion — request deletion of personal data (subject to legal retention requirements)
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interests
12.2 EU/EEA Users (GDPR)
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority
Contact [email protected] for GDPR requests.
12.3 Myanmar-Based Users
We apply the same data protection standards globally — including for users in Myanmar
Financial records handled in compliance with Myanmar tax and commercial laws
Payment data handled per KBZPay, Wave, AYA Pay, and CB Pay guidelines
13. Contact Us
For any privacy questions, data requests, or concerns related to Quibit Suite:
13.1 Mailing Address
Quibit, Inc.
Attn: Privacy Department — Quibit Suite
Seoul, South Korea
For questions about this policy, contact [email protected]
© 2026 Quibit, Inc. · Version 1.0· Last updated 2026-05-25