Privacy Policy

Last Updated: February 2026

We attach great importance to the protection of your personal data and take great care to ensure compliance with the applicable data protection regulations, in particular the European Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and the French Law n°78-17 of 6 January 1978, known as the “Data Protection Act”, as amended (the “Applicable Legislation”).

We invite you to carefully read this privacy policy (the “Policy”), which contains important information on how we collect, use and communicate your personal data in order to meet your needs and to optimize and improve the quality of the services we offer you.

For the purposes of this Policy, “you”, “your” or “User” means the natural person whose personal data is collected for processing hereunder and who is a “data subject” within the meaning of the Applicable Legislation.

1. Who are we?

The DOYE platform (the “Platform”), available at the URL https://app.qwoty.io, which enables its users to improve the B2B buying experience through shared spaces for sales teams and their prospects/customers (the “Service”), as well as the website available at the URL https://www.qwoty.io (the “Website”), are provided to you by the company DOYE, a simplified joint-stock company (société par actions simplifiée) with share capital of €12,495.10, registered with the Paris Trade and Companies Register under number 913 035 424, with its registered office at 18 rue Vignon, 75009 Paris, France (“we”, “us” or “our”).

You can contact us for any question regarding the protection of your personal data at the following email address: support@qwoty.io

When you visit the Website or use the Service through the Platform, we act as a “data controller” within the meaning of the Applicable Legislation.

2. Personal data collected

2.1. Information provided by the User

When you use the Platform or browse the Website, some of your personal data may be processed, including:

  • Identification data: last name, first name, job title
  • Contact details: email address, phone number, postal address
  • Company information: company name, SIRET number, VAT number
  • Payment data: processed by our payment provider Stripe (we do not store your full credit card details)
  • Any other information you voluntarily provide to us through contact forms or support requests

2.2. Information automatically collected

We may automatically collect certain information when you use the Website or the Platform, including:

  • Technical data: IP address, browser type and version, operating system
  • Usage data: pages visited, time spent on pages, navigation paths
  • Log data: access logs, error logs, activity timestamps
  • Device information: device type, screen resolution, language settings

This information helps us to understand how our users interact with our Service and allows us to improve the user experience. For more information on cookies and similar technologies, please see section 9 below.

3. How we use your personal data

We use your personal data for the following purposes:

  • To provide and manage the Service, including creating and managing your user account
  • To process payments and invoicing through our payment provider Stripe
  • To provide customer support and respond to your inquiries
  • To send you our newsletter and marketing communications (with your consent)
  • To conduct commercial prospecting activities
  • To improve and optimize our Service, Website and user experience
  • To ensure the security and prevent fraud
  • To comply with our legal obligations

3.1. Legal basis for processing

In accordance with the Applicable Legislation, the processing of your personal data is based on one of the following legal bases:

  • Your consent (e.g., for marketing communications and cookies)
  • The performance of a contract to which you are a party (e.g., providing the Service)
  • Compliance with a legal obligation (e.g., invoicing, accounting)
  • Our legitimate interest (e.g., improving our services, fraud prevention, security)

4. Disclosure of your personal data

For the purposes set out in section 3, we may share your personal data with the following categories of recipients:

  • Hosting and infrastructure providers: Amazon Web Services (AWS) for cloud hosting and data storage
  • Payment processors: Stripe for payment processing
  • Email service providers: Resend for transactional emails
  • CRM and support tools: HubSpot for customer relationship management and support
  • Analytics providers: Google Analytics for website analytics
  • Professional advisors: lawyers, accountants, auditors as necessary
  • Legal authorities: law enforcement or regulatory authorities when required by law

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. International data transfers

Your personal data is primarily processed within the European Economic Area (EEA). However, some of our service providers are located outside the EEA, particularly in the United States.

Where we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914)
  • Certification under the EU-US Data Privacy Framework where applicable
  • Additional technical and organizational measures such as encryption

6. Data security

We use appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction. These measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls with unique passwords and multi-factor authentication
  • Regular security assessments and monitoring
  • Secure storage on certified cloud infrastructure (AWS)

While we are committed to protecting your personal data, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

The retention periods we apply are as follows:

  • Active accounts: for the duration of your use of the Service
  • Inactive accounts: deleted after 2 years of inactivity
  • Invoicing and accounting data: 10 years (legal obligation)
  • Evidence for litigation: 5 years (statute of limitations)
  • Commercial prospecting data: 3 years from the last contact

8. Your rights

Under the Applicable Legislation, you have the following rights regarding your personal data:

  • Right of access: obtain confirmation of whether we process your personal data and access to such data
  • Right to rectification: request correction of inaccurate or incomplete personal data
  • Right to erasure: request deletion of your personal data in certain circumstances
  • Right to restriction: request restriction of processing in certain circumstances
  • Right to data portability: receive your data in a structured, commonly used format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent
  • Right to define post-mortem instructions: set instructions regarding the retention, erasure and communication of your data after death

To exercise any of these rights, please contact us at support@qwoty.io or by post at: DOYE SAS, 18 rue Vignon, 75009 Paris, France.

We may ask you to verify your identity before responding to your request. We will respond to your request within one (1) month, unless the request is complex, in which case we may extend this period by two (2) additional months.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence. In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL) – www.cnil.fr

9. Cookies and similar technologies

9.1. What are cookies?

A “cookie” is a small text file stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow the website to recognize your device and remember information about your visit, such as your preferences.

9.2. Cookies we use

We use the following types of cookies on our Website and Platform:

Essential cookies: These cookies are necessary for the Website and Platform to function properly. They enable core functionalities such as security, authentication and session management. You cannot opt out of these cookies.

Analytics cookies: We use Google Analytics to collect information about how visitors use our Website. This information helps us improve the Website and user experience. Google Analytics cookies collect information in an aggregated form. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

Functional cookies: We use HubSpot cookies for our live chat and customer support features. These cookies enable us to provide you with assistance and track support conversations.

9.3. Managing cookies

When you first visit our Website, you will be asked to accept or reject non-essential cookies through our cookie banner. You can change your cookie preferences at any time through our cookie settings.

You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that if you choose to block cookies, some features of our Website and Platform may not function properly.

Cookies will not be stored for more than 13 months from the date of deposit on your device.

10. Links to third-party websites

Our Website and Platform may contain links to third-party websites. Please note that these websites have their own privacy policies and terms of use. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal data.

11. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. We will notify you of any material changes by posting the updated Policy on our Website with a new “Last updated” date.

We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

12. Contact us

If you have any questions about this Policy or our data protection practices, please contact us:

By email: support@qwoty.io

By post: DOYE SAS, 18 rue Vignon, 75009 Paris, France

Website: https://www.qwoty.io