PRIVACY POLICY

Last Updated: January 13, 2026

1. WHO WE ARE (DATA CONTROLLER)

Qrystal Partners (" Company", " we", " us", or " our") operates the Qrystal Uplink platform (the " Service" or " Platform").

The data controller responsible for your personal data is:

Entity: Mikayel Grigoryan, Individual Entrepreneur
Trade Name: Qrystal Partners
Registration: Republic of Armenia (Reg. No. 273.1337949/2023-08-25)
Location: Yerevan, Armenia
Email: support[at]qrystaluplink.io

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our Service.

2. LEGAL BASES FOR PROCESSING (GDPR)

We process personal data only where permitted under applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Depending on the context, processing is based on:

  • Performance of a contract (Art. 6(1)(b))
  • Legal obligations (Art. 6(1)(c))
  • Legitimate interests (Art. 6(1)(f))
  • Consent, where required (Art. 6(1)(a))

Consent is not used where another lawful basis applies.

3. INFORMATION WE COLLECT

A. Account & Identity Information
Legal basis: Contract performance

  • Name
  • Email address
  • Authentication identifiers
  • Profile image (only if provided via third-party login)

Used to create and manage your account, authenticate access, and communicate with you.

B. Device & Operational Data
Legal basis: Contract performance / legitimate interest
The Service processes technical and operational data related to devices you choose to monitor, including:

  • Device names, labels, and identifiers
  • Connection timestamps and heartbeat intervals
  • Device health status and diagnostic flags
  • Configuration settings (alerts, intervals)
  • Telemetry data (e.g., battery level, firmware version)
  • Optional payload data (e.g., sensor readings or location coordinates, if enabled)

Some device data may constitute personal data if it can be linked to an identifiable individual.

C. Technical, Security & Log Data
Legal basis: Legitimate interest (security, abuse prevention)

  • IP address
  • Login timestamps
  • Browser and operating system metadata
  • Authentication cookies and session tokens

Used to protect accounts, detect abuse, and maintain platform security.

D. Third-Party Authentication Data
Legal basis: Contract performance
If you sign in using Google, GitHub, or similar providers, we store secure authentication tokens required to maintain login functionality. We do not receive your passwords.

4. PAYMENT INFORMATION
We do not store credit card or banking details.
All payments are processed by our authorized Merchant of Record, Polar Inc. (polar.sh).
We retain only:

  • Subscription status
  • Plan type
  • Billing state (active, canceled, past due)

For details on payment data processing, refer to Polar Inc.’s Privacy Policy.

5. HOW WE USE YOUR DATA

We process personal data to:

  • Provide and operate the Service
  • Detect device outages and send alerts
  • Authenticate users and secure accounts
  • Verify subscription status
  • Communicate service-related notices
  • Improve reliability, performance, and features
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use personal data for advertising or data resale.

6. COOKIES & TRACKING TECHNOLOGIES

A. Essential Cookies (No Consent Required)
These cookies are strictly necessary to operate the Service, including:

  • Login authentication
  • Session security
  • Platform navigation

Without these cookies, the Service cannot function.

B. Analytics Cookies (Consent Required - EU/EEA)
We use analytics tools such as Google Analytics to understand how users interact with the Platform.

These tools may collect:

  • Page views
  • Click interactions
  • Performance metrics
  • Error reports

Analytics cookies are only activated after you provide explicit consent via our cookie banner, where required by law.

You may withdraw consent at any time through cookie settings.

7. DATA SHARING & DISCLOSURE

We do not sell or rent personal data.
We may share data only with:

  • Service providers (e.g., payment processing, email delivery, hosting)
  • Analytics providers (only with consent where required)
  • Public authorities, where legally required

All service providers process data under contractual confidentiality and data protection obligations.

8. INTERNATIONAL DATA TRANSFERS

Some service providers may process data outside your country of residence, including outside the EU/EEA.

Where required, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Equivalent legal safeguards

You may request additional information regarding transfer safeguards.

9. DATA RETENTION

A. General Retention
We retain personal data only as long as necessary to provide the Service or fulfill legal obligations.

B. Account Deletion
Upon account deletion, we remove personal data without undue delay, except where retention is legally required.

C. Mandatory Retention
We may retain limited data for:

  • Tax and accounting compliance (typically 5 years)
  • Security and fraud prevention
  • Legal claims and dispute resolution
  • Audit logs evidencing consent and acceptance

D. Backups
Deleted data may persist in encrypted backups for up to 30 days before automatic deletion. Backup data is isolated and not actively processed.

10. DATA SECURITY

We apply appropriate technical and organizational measures, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure credential handling and hashing
  • Restricted internal access controls
  • Continuous monitoring for security incidents

No system is completely secure, but we take reasonable steps to protect your data.

11. YOUR RIGHTS (GDPR)

If you are located in the EU/EEA or UK, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent (where applicable)
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us at support[at]qrystaluplink.io.

12. CHILDREN’S PRIVACY

The Service is not intended for children under 16 years of age, or under the minimum age required by applicable law. We do not knowingly collect personal data from children. If such data is discovered, it will be deleted promptly.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or by email, where required by law. Continued use of the Service constitutes acceptance of the updated policy.

14. CONTACT INFORMATION
For privacy or data protection inquiries:

Qrystal Partners Data Controller: Mikayel Grigoryan, Individual Entrepreneur
Email: support[at]qrystaluplink.io
Location: Yerevan, Armenia