PRIVACY
Privacy notice
This notice explains how Qubictry collects, uses, shares, and protects personal data for Guild members, partners, and visitors. It stays aligned with the ecosystem-wide commitments published on Qubicweb and Qlutterbox.
This badge may be updated, suspended, or revoked based on Trust Core records.
Last updated: 29 January 2026
Who we are
- Qubictry sits inside Qubicbox Technologies Limited, the same group operating Qubicweb, Qlutterbox, Trust badge, and E-Fraud Watch. Qubicbox serves as the data controller unless we explicitly act as a processor for enterprise partners.
- Operational headquarters: Lagos, Nigeria with TrustOps, engineering, and reviewer support distributed across the EU/EEA.
Information we collect
- Identity & profile: names, pronouns, business registrations, guild membership history, references, verification artefacts (photo/video, certificates).
- Contact details: email, phone, WhatsApp handles, preferred messaging channels for referrals and bookings.
- Portfolio & inspection media: project descriptions, photos, videos, diagnostic logs, testimonials, dispute evidence, restitution outcomes.
- Payments & referrals: referral IDs, invoice references, protected payment IDs when work transitions into Qlutterbox, guild payouts, leaderboard analytics.
- Technical telemetry: device fingerprints, IP addresses, session IDs, MFA events, TrustOps audit logs, rate-limiting fingerprints.
Purposes & lawful bases
- Contract: onboarding, publishing profiles, routing referrals, powering Qlutterbox protected payment, handling disputes, issuing guild scorecards.
- Legal obligation: NDPR/NDPA, AML/CFT, financial services, tax, and consumer protection requirements.
- Legitimate interest: preventing fraud, protecting the directory, sharing trust telemetry with Qubicweb/Qlutterbox, and improving moderation accuracy. Assessments are reviewed annually.
- Consent: optional marketing spotlights, testimonials, saved searches, or sharing anonymised insights with partners.
Retention
- Guild dossiers: duration of membership plus 5 years for audit and restitution.
- Portfolio assets & testimonials: retained while the Guild member is active or until removed by request.
- Dispute & complaint records: 5 years after resolution.
- Evidence uploads: 24 months unless legal holds apply, then securely deleted from primary and backup storage.
- Analytics & telemetry: 24 months, aggregated thereafter.
International transfers
- Data may move between Nigeria, the EU, and South Africa to provide redundancy and low latency. Transfers rely on Standard Contractual Clauses (2021/914/EU), encryption, scoped access, and supplementary risk assessments.
Security controls
- AppShell-backed access control with MFA for guild admins, TrustOps, and reviewers.
- Immutable audit logs for referrals, DSARs, payouts, and listing edits.
- Evidence sanitisation (EXIF removal, malware scans) before analysts review uploads.
- Honeypots, adaptive rate limiting, and incident response playbooks aligned with the ecosystem transparency page.
Your rights
- Access, rectification, erasure, restriction, objection, portability, and withdrawal of consent without affecting prior lawful processing.
- Right to complain to the Nigeria Data Protection Commission (NDPC) or your local EU supervisory authority.
- We do not run solely automated decisions with legal effects; human review remains part of every decision ladder.
How to exercise your rights
- Email privacy@qubictry.com with the subject “Data Subject Request” and include your registered email or referral reference. We acknowledge within one working day and fulfil within 30 days (extendable by 15 days for complex cases).
- Postal: Qubictry Privacy Desk, 12B Adeola Odeku Street, Victoria Island, Lagos, Nigeria.
Updates
- We review this notice whenever regulations, processors, or product scope change. Updated versions appear here with a new revision date.
- Latest revision: 29 January 2026.