Privacy Policy
Last updated 13 July 2026This policy explains what personal data Wiretouch Limited, trading as Qflow for events™ ("Qflow", "we", "us"), collects, why we collect it, and the rights you have over it. It applies to our websites, the Qflow dashboard, our mobile check-in applications and our API (together, the "Service").
Wiretouch Limited is registered in England with its registered office at 2A Church Road, Hove, East Sussex, BN3 2FL. For anything relating to this policy or your personal data, contact support@qflow.email.
If you are an event guest
If your details are in Qflow because you were invited to, registered for, or attended an event run by one of our customers, that event organiser is the data controller for your personal data and Qflow processes it only on their instructions — to send you their invitations and confirmations, manage their guest list, and check you in at their event. We do not use guest data for our own marketing and we never sell it. Questions about your data, including requests to access or delete it, should be directed to the event organiser; if you contact us instead, we will pass your request to them.
What we collect
- Account data — your name, email address, organisation and password when you create an account, and billing details when you subscribe to a paid plan. Payments are processed by Stripe; Qflow does not store full payment card numbers.
- Customer Data you upload — guest lists, attendee details and event information you add to the Service. For personal data in Customer Data we act as your processor, as described above and in our Trust Centre.
- Usage and log data — IP addresses, device and browser information, and activity logs, used to secure, operate and troubleshoot the Service.
- Communications — messages you send us, including support requests, and delivery data for emails and SMS sent through the Service (delivered, bounced, opened and similar delivery events).
How we use personal data, and our legal grounds
Under UK and EU data protection law we need a legal ground for each use of your personal data:
- To provide the Service — operating your account, processing payments, providing support (necessary for our contract with you).
- To secure and improve the Service — monitoring for abuse and fraud, diagnosing errors, understanding aggregate usage (our legitimate interest in running a secure, reliable platform).
- To comply with the law — accounting, tax and other legal obligations.
- To send you product news and offers — only with your consent, which you can withdraw at any time using the unsubscribe link in any marketing email or from your account settings. Service and system update emails are part of operating your account and are sent to all account holders.
Cookies
We use only essential cookies and similar technologies needed to sign you in and keep the Service secure. See our Cookie Policy for details.
Who we share personal data with
We do not sell personal data, and we do not share it with advertisers. We share personal data only with:
- Service providers (subprocessors) who help us run the Service — cloud hosting, email and SMS delivery, payment processing, network security and error monitoring. Each is bound by contracts that restrict them to processing on our instructions. The current list is published in our Trust Centre.
- Event organisers — if you are a guest, your registration, RSVP and check-in data is shared with the organiser of that event, who is the controller of it.
- Authorities — where we are required to by law, or where disclosure is reasonably necessary to protect the rights, property or safety of Qflow, our customers or the public.
International transfers
Where personal data is transferred outside the UK or the European Economic Area — for example to a service provider operating in the United States — we rely on safeguards recognised under UK and EU data protection law: adequacy decisions where they apply, and otherwise the UK International Data Transfer Agreement or Addendum and the EU Standard Contractual Clauses. Details of the safeguards for each subprocessor are available on request.
How long we keep personal data
- Account data — for as long as your account is active. If you ask us to close your account we typically delete your personal data within 90 days, and we treat accounts inactive for 7 years the same way. We may retain limited records for longer where the law requires it (for example, invoicing records).
- Customer Data (including guest data) — under the control of the account holder: when you delete a guest or an event in the Service, it is deleted — we do not keep our own copy beyond routine, time-limited backup cycles.
- Delivery and log data — kept for limited periods appropriate to security, troubleshooting and abuse prevention.
Security
The Service is hosted on Microsoft Azure, with encryption in transit and at rest, role-based access controls, and continuous monitoring. Our security practices are described in the Trust Centre.
Your rights
You have the right to request access to the personal data we hold about you, and to ask us to rectify, erase or restrict it, to object to processing based on legitimate interests, to data portability, and to withdraw consent where processing is based on consent. You can exercise most of these directly from your account settings; for anything else, contact support@qflow.email and we will respond within the timescales required by law.
If you are unhappy with how we have handled your personal data, you can complain to the UK Information Commissioner's Office (ico.org.uk) or, if you are in the EEA, to your local supervisory authority. We would appreciate the chance to resolve your concern first.
Changes to this policy
We update this policy from time to time and will post the revised version here with an updated date. If a change materially affects how we use your personal data, we will notify you by email or through the Service.