Privacy Policy

This Privacy Policy explains how Q11 AI (“we”, “us”, “our”) collects and uses personal data when you visit our websites, use our AI test plan services (Q11 AI), or otherwise interact with us.

We process personal data in accordance with the General Data Protection Regulation (GDPR / AVG) and other applicable privacy laws.

1. Who we are (Controller)

The data controller responsible for processing your personal data is:

Q11 AI
Poortland 66
1046 BD Amsterdam
The Netherlands

KvK (Chamber of Commerce) number: 81513399
VAT number: NL003571308B27

Email: q11ai.privacy@theq11.com
Website: theq11.com

For privacy-related questions, you can contact us using the details above.

2. Scope of this Privacy Policy

This Privacy Policy applies when:

• You visit or use our websites, web shop or online platforms;
• You purchase AI-generated test plans or related services from us;
• You communicate with us, for example by email or contact forms;
• You interact with us as a business contact (B2B) or as a consumer (B2C).

This Privacy Policy does not cover processing carried out by third parties we do not control. For those, their own privacy policies apply.

3. What personal data we collect

We may process the following categories of personal data:

3.1 Data you provide to us

• Account and contact details
  • Name, job title, company name
  • Email address, phone number, billing address, country
    
• Order and payment details
  • Products/services purchased, order history
  • Limited payment information (e.g. transaction IDs, payment status).
    We do not receive or store full card details if you pay via a payment provider.
    
• Project and test plan input data
  • Information you submit to generate test plans, such as product descriptions, system details, requirements, user flows, risk areas, and other prompts or files you upload.
  • These may sometimes contain personal data if you choose to include it (we ask you to avoid including personal data in test data where possible).
    
• Support and communication data
  • Content of emails, support requests, feedback and survey responses.

3.2 Data we collect automatically

When you visit our websites or use our platform, we may automatically collect:

• IP address and approximate location (country/region);
• Device, browser type and operating system;
• Referrer URL, pages visited, date and time of access;
• Usage data such as actions on the platform (e.g. creating a test plan, downloading files).
  

This is typically collected via cookies and similar technologies. You can manage your cookie preferences through your browser settings and our cookie banner. Refer to our Cookie Policy for further details. https://theq11.com/cookie-policy/ 

3.3 Data we receive from third parties

We may receive personal data from:

• Payment service providers (e.g. confirmation of payment, limited payer details);
• Business partners (e.g. if you are introduced by a partner);
• Public sources, such as company registers (e.g. company contact details).

4. For what purposes we use your data and on what legal bases

We process your personal data for the purposes and legal bases listed in this section (Article 6 GDPR).

4.1 To provide our services and perform our contract with you

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

We use your data to:

• Create and manage your account;
• Process your orders and payments;
• Generate, deliver and maintain access to AI-generated test plans;
• Provide customer support and respond to your requests.

4.2 To improve and secure our services

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Our legitimate interests include:

• Monitoring usage to maintain security and prevent abuse;
• Analysing service performance and improving our AI models, products and user experience;
• Fixing bugs and developing new features.

Where possible, we use aggregated or pseudonymised data for these purposes.

4.3 To communicate with you

Legal basis:

• Performance of a contract (Art. 6(1)(b)) for service-related messages;
• Legitimate interests (Art. 6(1)(f)) for general business communication;
• Consent (Art. 6(1)(a)) where required for marketing.

We may use your contact details to:

• Send you service and transactional emails (such as order confirmations, security alerts and important updates);
• Respond to questions or support requests;
• Send you marketing communications (e.g. newsletters or product updates) if you have subscribed or if this is allowed by applicable law.
• You can unsubscribe from marketing emails at any time via the link in the email or by contacting us.

4.4 For billing, accounting and legal obligations

Legal basis: Legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f))

We may process your data to:

• Comply with tax, accounting and other legal requirements;
• Respond to lawful requests from authorities;
• Establish, exercise or defend legal claims.

5. AI processing and profiling

Q11 AI agent processes the input data you provide to generate AI-based test plans. This may involve automated processing and profiling in the sense that:

• The system analyses the content and structure of your input;
• It generates test scenarios based on patterns, historical training data and your instructions.

However:

• We do not use AI to make legal or similarly significant automated decisions about you as an individual (e.g. credit scoring or automated hiring decisions).
• The automated output (test plans) is a tool to assist your testing and decision-making, and you are responsible for reviewing and deciding how to use it.

6. Cookies and similar technologies

We may use cookies and similar technologies on our website and platform to:

• Enable core functionality (e.g. login, session management);
• Remember your preferences;
• Analyse usage and improve our services;
• Support marketing and measuring the effectiveness of campaigns.

Where required by law, we will ask for your consent for non-essential cookies and you can withdraw your consent at any time via your browser or our cookie settings (if provided).

You can also block cookies via your browser, but this may affect the functionality of our website or services.

Refer to our Cookie Policy for further details: https://theq11.com/cookie-policy/  

7. How long we keep your data

We keep personal data only as long as necessary for the purposes described above, or as required by law. In particular:

• Test plans:
  • Test plans generated for you are stored on our systems for a limited period.
  • Test plans are deleted from our databases within 3 months of delivery and are not recoverable afterwards.
  • You are responsible for downloading and safely storing any test plans you wish to keep.
    
• Account and contact data:
  • Kept for as long as your account is active and for a reasonable period afterwards (e.g. up to 2–3 years) for support, record-keeping and to manage our relationship with you, unless a longer period is required by law.
    
• Order and billing data:
  • Kept for the statutory retention period under Dutch and EU tax and accounting law (usually up to 7 years).
    
• Marketing data:
  • Kept until you withdraw your consent or object to processing, or after a period of inactivity as defined in our internal retention rules.
    

We may retain anonymised or aggregated data that no longer identifies you for longer periods for statistical and analytical purposes.

8. How we share your data

We do not sell your personal data.

We may share your personal data with:

1. Service providers (processors)
   • Hosting and infrastructure providers;
   • Providers of AI processing infrastructure;
   • Email and communication tools;
   • Payment service providers;
   • Analytics and monitoring providers;
   • CRM and support tools.
     
2. These service providers may only process your data on our instructions and under a data processing agreement.
3. Business partners
   • In some cases we may share limited data with partners who refer customers or work with us on joint offerings, but only where necessary and lawful.
     
4. Professional advisers and authorities
   • Lawyers, accountants, auditors and similar professionals under confidentiality obligations;
   • Public authorities and regulators where required by law or to protect our rights.
     

In the event of a business transaction such as a merger or sale of assets, your data may be transferred to the acquiring entity, subject to appropriate safeguards and applicable law.

9. International data transfers

Some of our service providers may be located outside the European Economic Area (EEA).

Where we transfer personal data to a country that does not have an adequacy decision from the European Commission, we will ensure that appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
• Other lawful transfer mechanisms under the GDPR.

You can contact us for more information about international transfers and the safeguards used.

10. How we protect your data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. These measures may include:

• Access controls and authentication;
• Encryption in transit (e.g. HTTPS) and, where appropriate, at rest;
• Regular backups and monitoring;
• Internal policies and staff training.
  

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we strive to protect your data as much as reasonably possible.

11. Your rights

Under the GDPR you have the following rights, subject to conditions and exceptions:

1. Right of access – You can request confirmation whether we process your personal data and obtain a copy of that data.
2. Right to rectification – You can ask us to correct inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”) – You can request deletion of your personal data in certain situations.
4. Right to restriction of processing – You can request that we temporarily restrict processing of your data in certain situations.
5. Right to data portability – Where processing is based on consent or a contract and carried out by automated means, you can request to receive your data in a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible.
6. Right to object –
   • You can object at any time to processing based on our legitimate interests, on grounds relating to your particular situation;
   • You always have the right to object to direct marketing (including profiling for marketing).
7. Right to withdraw consent – Where processing is based on your consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
   

To exercise your rights, please contact us using the details in section 1. We may need to verify your identity before responding.

You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl

12. Children’s privacy

Our services are not directed at children under 16 and we do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete such data if required.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our services, technologies or legal requirements.

When we make material changes, we will take appropriate steps to inform you (for example, by posting a prominent notice on our website or by email). The “Last updated” date at the top of this page shows when the policy was last revised.

14. Contact

If you have any questions, requests or complaints regarding this Privacy Policy or our processing of your personal data, you can contact us at:

Q11 AI
Poortland 66
1046 BD Amsterdam
The Netherlands

Email: q11ai.privacy@theq11.com
Website: theq11.com