Privacy & Legal

Your data is yours.
Full stop.

ISO 27001 certified. GDPR and UK GDPR compliant. We don't sell participant data, we don't train AI on your research, and we don't share anything without your explicit instruction.

Full policy documents

Our policies

Each policy applies globally and addresses applicable requirements across the UK/EU (GDPR), Australia (Privacy Act 1988), and United States (CCPA).

Privacy Policy
How we collect, use, and protect personal data for participants and clients. Effective 15 October 2025.
Cookie Policy
What cookies we use, why we use them, and how you can control them. Last updated April 2024.
Client Terms & Conditions
The terms governing use of the Qualzy platform for clients and organisations. Effective 15 October 2025.
Participant Terms & Conditions
Terms for individuals participating in research projects on the Qualzy platform. Effective 15 October 2025.
Spam Policy
Rules governing the use of Qualzy's messaging tools, including email and SMS communications. Last updated May 2023.

Questions about any of these documents? Contact us directly — no ticket system, real people.

Our commitments

How we protect your data

🔒
ISO 27001 Certified
Independently audited information security management, certified annually against the most rigorous international standard for data security.
🇪🇺
GDPR & UK GDPR Compliant
Full compliance for UK and EU data subjects. Data Processing Agreements available on request. You remain the data controller; we act as processor.
🚫
No AI Training on Your Data
Research responses, transcripts, and participant data are never used to train Maizy or any other model. Your data is yours — always.
📍
Regional Data Residency
UK, US, and Australian data residency options so your data stays in the jurisdiction you choose and meets local compliance requirements.
🗑️
Right to Deletion
Participant data deletion requests handled within 72 hours. You can request full project data deletion at any time after project close.
📋
Transparent Processing
We don't share participant data with third parties without explicit instruction. No advertising targeting. No data monetisation. Ever.
Questions about data?

Talk to the team directly.

We're happy to walk through our security setup, provide DPA documentation, or answer specific compliance questions. No ticket system — real people who know the platform.

Get in touch →