Quals.ai AI Data Usage & Protection Policy

At Quals.ai, we ensure ethical qualitative research and robust data protection. Our policy covers data collection, storage, processing, sharing, and disposal, ensuring respondents' informed consent, anonymity, and data security. We utilize AI moderation with transparency, perform rigorous quality checks, and provide detailed documentation to clients.

We collect minimal necessary data, anonymize personal information, and employ strict security measures. Data is used for service improvement, research, personalization, and security, without using client data to train publicly available AI systems. We comply with GDPR and other laws, and promptly address any data breaches. For details, please scroll down.

Introduction

At Quals.ai, we are deeply committed to the ethical conduct of qualitative research and the rigorous protection of data. This document provides an overview of our approach to research ethics, data protection, and the measures we take to ensure the integrity and confidentiality of the data entrusted to us by our respondents and clients.

Scope

This policy applies to all data collected and processed by Quals.ai, including but not limited to user data, research data, and any other data types processed by our AI systems. It covers the entire data lifecycle, from collection and storage to processing, sharing, and disposal.

1. Respondent Engagement and Consent

1.1. AI Moderation and Data Usage

1.1.1
Informed Consent: Participants in Quals.ai facilitated research are fully informed that an AI system moderates discussions and analyses findings. This transparency ensures that respondents understand the nature of their participation and the technological aspects of the research process.
1.1.2
Data Utilization Disclosure: We clearly communicate to respondents how the data and information they provide will be used, including that it will not serve in training publicly available AI systems. This ensures that participants are aware of their contributions' scope and purpose.
1.1.3
Rights and Anonymity: Every respondent is informed of their rights, including anonymity, the right to withdraw from the study at any point, and how to exercise these rights. Our commitment to protecting respondent identities and responses is paramount.

2. Quality Assurance and Validity

2.1. Ensuring Validity of Results

2.1.1
Quality Checks: Quals.ai employs a comprehensive system of quality checks throughout the research process. This includes validation of AI interpretations, peer reviews, and, where applicable, manual verification of findings.
2.1.2
2.1.2. Transparency and Access: Upon project completion, clients are provided with detailed documentation of the methodologies employed, including full interview transcripts and the AI's role in data analysis, to ensure the validity and reliability of the conclusions drawn.

3. Data Collection

3.1. Types of Data Collected

3.1.1
Personal Information: Includes names, email addresses, phone numbers, demographic information, and other identifying information.
3.1.2
Research Data: Includes responses, feedback, qualitative data provided by participants, photos, audio recordings, video recordings, and transcripts.
3.1.3
Usage Data: Includes data on how users interact with our platform, such as log files, activity logs, IP addresses, browser types, and operating systems.

3.2. Data Collection Methods

3.2.1
Direct Collection: Data provided directly by users through our platform, including through forms, surveys, interviews, and feedback mechanisms.
3.2.2
Automated Collection: Data collected automatically through cookies, web beacons, and other tracking technologies. This includes data analytics tools to monitor platform usage and performance.

3.3. Data Collection Purposes

3.3.1
To provide, operate, and maintain our platform and services.
3.3.2
To improve, personalize, and expand our platform and services.
3.3.3
To understand and analyze how users utilize our platform.
3.3.4
To develop new products, services, features, and functionality.
3.3.5
To communicate with users, either directly or through one of our partners, including for customer service, to provide updates and other information relating to the platform, and for marketing and promotional purposes.

3.4. Data Collection Principles

3.4.1
Data Minimization:

Relevance: Ensure data collected is directly relevant and necessary for the intended purposes.

Minimal dataset and avoiding excessive data: Collect only the minimum amount of data required to achieve the intended purpose. Refrain from collecting unnecessary or excessive data that is not essential.

4. Data Usage

4.1. Purpose of Data Usage

4.1.1
Service Provision: To provide and improve our services, ensuring they meet user needs and expectations.
4.1.2
Research: To conduct qualitative research, analyze participant responses, and generate insights.
4.1.3
Personalisation: To personalize user experiences and communications based on their interactions and preferences.
4.1.4
Security: To ensure the security and integrity of our platform, including fraud prevention and risk management.

4.2. AI Data Processing

4.2.1
Direct Collection: Data provided directly by users through our platform, including through forms, surveys, interviews, and feedback mechanisms.
4.2.2
Machine Learning: Use of machine learning algorithms to analyze and interpret qualitative data, enhancing the depth and accuracy of insights.
4.2.3
Automated Decision Making: Limited use of automated decision-making processes, with human oversight to ensure fairness and accuracy. Making AI decision-making processes understandable to stakeholders.

4.3. Data Aggregation

4.3.1
Aggregated data from multiple users may be used for analytics and research, ensuring that individual users cannot be identified from such aggregated datasets.

5. Data Protection

5.1. Data Security Measures

5.1.1
Encryption: All data is encrypted in transit and at rest using industrystandard encryption protocols (e.g., TLS/SSL for data in transit, AES256 for data at rest).
5.1.2
Access Controls: Implementation of strict access controls, ensuring that only authorized personnel have access to data based on the principle of least privilege. Regular audits and monitoring are conducted to ensure compliance with access policies.
5.1.3
Network Security: Deployment of firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access and attacks.
5.1.4
5.1.4. Physical Security: Data centers and servers are housed in secure facilities with access controls and surveillance measures.

5.2. Data Storage

5.2.1
Secure Storage: Data is stored in secure servers with robust security measures, including backup and disaster recovery solutions.
5.2.2
Data Retention: Data is retained only as long as necessary for the purposes outlined in this policy and legal regulations which we are subject to. Regular reviews are conducted to ensure data is not held longer than required.

5.3. Data Sharing and Disclosure

5.3.1
Third-party Processors: Data may be shared with third-party processors who provide services on our behalf, such as cloud storage providers, data analytics services, and payment processors. These processors are contractually obligated to comply with our data protection standards and relevant regulations. Third-party processor may be a local processor or located abroad.
5.3.2
Legal Requirements: Data may be disclosed as required by law, such as in response to a court order or legal process, or to protect our rights and property.

6. Confidentiality and Use Restrictions

6.1. Confidentiality Obligation

6.1.1
Internal Confidentiality: All Quals.ai employees, contractors, and subcontractors are bound by confidentiality agreements to protect client data.
6.1.2
External Confidentiality: We do not use tools or platforms that could expose client data to third parties without explicit, written consent from the client.

6.2. Generative AI Usage

6.2.1
Tool Restrictions: We do not use publicly available generative AI tools or internal tools that could use prompts and inputs to further train AI models with client data. Data is used solely for the purposes of enhancing our research capabilities and providing valuable insights to our clients.
6.2.2
Due Diligence: We undertake appropriate due diligence on AI platforms and tools before use to ensure they meet our data protection standards and do not expose client data.

6.3. Restriction on Training AI Systems with Client Data

6.3.1
Prohibition on Training with Client Data: We strictly prohibit the use of client data to train or enhance our AI models or any third-party AI models. Client data is used solely for the purpose of providing the agreed upon services and is not used to improve or develop AI systems.
6.3.2
Technical Safeguards: We implement technical safeguards to ensure that client data is not inadvertently used to train AI systems. This includes disabling any features or settings that allow for the use of input data in AI model training.

7. Intellectual Property and Compliance

7.1. Intellectual Property Rights

7.1.1
NonInfringement: We ensure that our services and deliverables do not infringe on third party intellectual property rights.
7.1.2
Due Diligence: We perform due diligence on AI platforms to ensure compliance with intellectual property laws and avoid any risk to our deliverables.

7.2. Legal Compliance

7.2.1
Adherence to Laws: We comply with all applicable laws, including privacy laws that may restrict the input of personal data into generative AI tools.
7.2.2
Legal Counsel: We consult with legal counsel to understand applicable legal requirements and ensure transparency with clients about the use of AI tools.
7.2.3
GDPR Compliance: We adhere to the principles of the GDPR and applicable local data protection laws, ensuring the lawful, fair, and transparent processing of personal data. We ensure that participants/users may easily use the rights which are conferred upon them under the applicable laws.

8. Incident Response

8.1. Data Breach Response

8.1.1
Immediate Action: Immediate steps to contain and mitigate data breaches, including isolating affected systems and assessing the extent of the breach.
8.1.2
Notification: Prompt notification of affected users and relevant authorities as required by law, providing details of the breach and measures taken to address it.
8.1.3
Remediation: Implementation of corrective actions to prevent future breaches, including system upgrades, policy changes, and additional training.

9. Continuous Improvement

Regular review and improvement of data protection practices, incorporating feedback from audits, risk assessments, and user input.

Ongoing training and awareness programs for employees on data protection, privacy, and security best practices.

10. Contact Information

For any questions or concerns regarding this AI Data Usage & Protection Policy, please contact us at: Email: hello@quals.ai
QualsAI by Twentify - Qualitative Research Logo

Our mission is to support researchers by supplementing their qualitative research with AI to be faster, more accurate and more efficient

Client Satisfaction 2023Visionary Owl Category Winner - Quals AIWINNER - Visionary Owl
PROJECT - Color Expert AI: The Future of Decoration
Contact Us
Twentify Teknoloji ve Kitle Kaynak Hizmetleri A.S.
Barbaros Mah
Begonya Sk
No:1 İç kapı no:2 Ataşehir
Istanbul
Wesley Clover Offices
Celtic Manor
Coldra Woods
Newport
NP18 1HQ
Business Central Towers, 
Tower A Office 1604A
Internet City 
P.O. Box 500826