Privacy Policy

Last updated: June 22, 2026

This Privacy Policy explains how Optiq B.V. (“Optiq”, “we”, “us”), the company behind the qbrix product (“qbrix”, the “Services”), collects, uses, and shares personal data. It applies to our website at qbrix.io, the qbrix console, and the qbrix API and SDKs.

qbrix is a managed decisioning service. We handle personal data in two distinct roles, and this policy covers both:

  • As a controller — for the data of our account holders and website visitors (your name, email, billing details, and how you use qbrix).
  • As a processor — for the end-user data our customers send to the qbrix API to obtain decisions. For that data, our customer is the controller and our handling is governed by our Terms of Service and our Data Processing Agreement (DPA).

1. Who we are

The data controller for account and website data is:

  • Optiq B.V. (trading as qbrix)
  • Zeearend 25, 3435 HA Nieuwegein, the Netherlands
  • Chamber of Commerce (KvK): 99498707
  • VAT (BTW): NL869015990B01
  • Privacy contact: privacy@optiqio.com

2. Information we collect

Account and profile data

When you register for qbrix we collect your name, email address, and a securely hashed password. If you are invited to a workspace, we process the email address used for the invitation.

Billing data

Payments are processed by Stripe. We receive and store billing records such as your subscription status, plan, and invoices. We do not receive or store full payment-card numbers — these are handled directly by Stripe as a PCI-DSS compliant payment processor.

Usage and technical data

We collect data generated as you use the Services — including API usage and request metadata, log data, approximate location derived from IP address, and device/browser information — to operate, secure, and improve the Services.

End-user data processed on behalf of customers

When a customer calls the qbrix API, they may send context describing an end user or request (for example a context identifier, a feature vector, and associated metadata). We process this data solely to provide the Services to that customer. The customer decides what data to send and is the controller for it; we act only on their instructions.

3. How we use personal data

  • To provide, maintain, and secure the Services and your account.
  • To process payments, manage subscriptions, and send service and billing communications.
  • To provide support and respond to your requests.
  • To monitor, debug, and improve performance and reliability.
  • To detect, prevent, and address fraud, abuse, and security incidents.
  • To comply with our legal obligations and enforce our agreements.

4. Legal bases (GDPR)

Where the EU/UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Services you sign up for and to bill you.
  • Legitimate interests — to secure, operate, and improve the Services and to prevent abuse, balanced against your rights.
  • Legal obligation — to meet accounting, tax, and other legal requirements.
  • Consent — where we ask for it (you may withdraw consent at any time).

5. Sharing and sub-processors

We do not sell personal data. We share it only with service providers (“sub-processors”) that help us run qbrix, under contracts that require them to protect it. These currently include cloud infrastructure (Amazon Web Services), payment processing (Stripe), and managed database and analytics providers used to store account data and processed event data. We may also disclose data where required by law or to protect our rights, and in connection with a merger, acquisition, or sale of assets.

Our current list of sub-processors is available on request at privacy@optiqio.com and is maintained as part of our DPA for business customers.

6. International transfers

We are based in the Netherlands and aim to process data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example to a sub-processor), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. Data retention

  • Account and billing data — kept for the life of your account, and afterwards only as long as needed for legal, accounting, and dispute-resolution purposes.
  • End-user event data processed on behalf of customers — retained for up to 90 days, after which it is automatically deleted, unless a customer agreement specifies otherwise.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact privacy@optiqio.com.

If you are an end user whose data was sent to qbrix by one of our customers, please direct your request to that customer (the controller); we will assist them as their processor.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9. Security

We use technical and organizational measures appropriate to the risk — including encryption in transit, hashed credentials, access controls, and tenant isolation — to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Cookies

Our website and console use strictly necessary cookies and similar technologies (such as authentication tokens) to keep you signed in and to operate the Services. We do not currently use advertising cookies. If we introduce analytics or other non-essential cookies, we will update this policy and request consent where required.

11. Children

qbrix is a business product and is not directed to children. We do not knowingly collect personal data from anyone under 16.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, for material changes, take additional steps where required by law.

13. Contact

Questions about this policy or our data practices can be sent to privacy@optiqio.com, or by post to Optiq B.V., Zeearend 25, 3435 HA Nieuwegein, the Netherlands.