Privacy Policy

Last updated: 20 April 2026

This policy describes how qadial (“we,” “us”) collects, uses, stores, and shares information at qadial.com, portal.qadial.com, and the per-tenant subdomains we provision for customers. It applies to prospective customers, active customers, agents and supervisors who log in through a tenant, and end-callers whose calls touch the qadial platform.

1. Who we are

qadial is a hosted contact-center platform operated from Lahore, Pakistan. For customer data processing, we act as a data processor on behalf of the customer (the data controller). For contact-form inquiries and billing information you give us directly, we act as a data controller.

2. Information we collect

(a) Website visitors (qadial.com)

• IP address, user-agent, referrer, and pages visited, via standard web-server logs.
• Information you voluntarily submit through the contact form: name, email address, company, phone number, expected agent count, topic, and message.
• No advertising cookies. No third-party behavioural trackers.

(b) Customers (portal.qadial.com)

• Tenant admin email and password hash (scrypt).
• Billing information: Stripe customer ID, subscription ID, wallet balance, ledger entries. Payment card details are handled by Stripe and are never stored on qadial servers.
• Tenant operational data: agents, queues, campaigns, DIDs, DNC lists, dispositions.
• Call Detail Records (CDRs): from-number, to-number, direction, duration, disposition, timestamp.
• Call recordings, when the customer has enabled recording on a queue. Stored in per-tenant encrypted storage for the retention period configured by the customer (default 30 days).

(c) End-callers

• The caller’s phone number (from-number).
• IVR selections and DTMF input, where captured by the customer’s IVR.
• Recorded audio of the call, where the customer has enabled recording and obtained required consent under applicable law.

3. How we use information

• To provide, operate, bill, and support the Service.
• To respond to contact-form inquiries (emails are sent to our internal inbox and stored in our leads database).
• To debug, monitor uptime, and investigate abuse (fraud, toll-fraud, TCPA-suspected activity).
• To send transactional emails (tenant-ready notifications, low-balance warnings, billing receipts).
• To comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not use customer call data or call recordings to train generic AI models.

4. Legal bases (GDPR / UK GDPR)

• Contract performance: when we process customer data to provide the Service.
• Legitimate interests: when we log web traffic for security, or store leads to follow up on inquiries you sent us.
• Legal obligation: when we retain billing records for tax and audit purposes.
• Consent: where required (e.g. non-essential cookies, if we ever introduce them; we currently use none).

5. Subprocessors

We use a small set of subprocessors to deliver the Service. Each is contractually bound to data-processing terms equivalent to ours.

• Hetzner Cloud (Germany) — compute and storage infrastructure for the qadial platform.
• Telnyx (United States) — voice carrier providing SIP trunking, DIDs, toll-free numbers, and call signaling.
• Stripe (United States / Ireland) — payment processing and subscription billing. Card details are tokenized by Stripe; we never see the card number.
• Resend (United States) — transactional email delivery for tenant notifications and contact-form replies.
• Cloudflare — DNS and edge caching for qadial.com.

6. International transfers

Customer data is primarily stored in the European Union (Hetzner, Germany). Some subprocessors are located in the United States and process data under Standard Contractual Clauses or equivalent safeguards. Call audio may traverse Telnyx’s global network during call setup and transport.

7. Retention

• Call recordings: default 30 days, configurable per tenant up to 1 year. Customers may request earlier deletion at any time.
• CDRs (Call Detail Records): retained for 13 months for billing reconciliation and dispute handling, then anonymized or deleted.
• Contact-form submissions: retained for 24 months to support ongoing sales conversations, then deleted unless the sender has become a paying customer.
• Billing records: retained for 7 years to meet tax and accounting obligations.
• Web-server logs: retained for 90 days.

8. Security

We protect data with TLS in transit on every public endpoint, SRTP for WebRTC voice media, encrypted storage at rest, scrypt password hashing, least-privilege server access, and regular vulnerability scanning. No system is perfectly secure; in the unlikely event of a breach affecting your data, we will notify the tenant admin address within 72 hours.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or export the personal data we hold about you, and to object to certain processing. To exercise these rights, email contact@qadial.com. We respond within 30 days.

End-callers whose data is held in a qadial tenant should contact the relevant tenant (the data controller) directly, because we cannot act on a controller’s records without their instruction.

10. Children

The Service is intended for business use. We do not knowingly collect personal information from children under 16.

11. Cookies

qadial.com sets only essential session cookies required for the portal (authentication) and does not use advertising or analytics trackers by default. If we add analytics in the future, we will request consent where required and update this policy.

12. Changes to this policy

We will update this page when our practices change. Material changes affecting existing customers will be emailed to the tenant admin address at least 30 days before taking effect.

13. Contact

Privacy questions, data-subject requests, and DPA requests: contact@qadial.com. See also our Terms of Service.