Privacy Policy

1. Introduction

QoreStruct is a multi-tenant operations platform for construction companies, contractors, developers, facility management firms, and enterprise operations teams. We take the privacy and confidentiality of Customer and User information seriously and process it only as described in this Policy and in our agreements with each Customer.

In most cases, the Customer (your employer or the organization that invited you) is the controller of the operational data held in its portal, and QoreTek acts as a processor that handles that data on the Customer's behalf and under its instructions.

2. Information We Collect

We collect information needed to provide the Platform, grouped into the categories described in the sections below. We do not sell personal information.

3. Account and Company Information

When a company is onboarded and when administrators invite Users, we collect information such as company name and subdomain, User names, work email addresses, job titles, departments, assigned roles and permissions, and authentication credentials (passwords are stored only in hashed form by our authentication provider).

4. Usage and Operational Data

As Users operate the Platform, we process the business records they create or manage — for example projects, work orders, procurement requests, approvals, invoices and payment records, inventory and materials data, and HR records. We also collect technical usage data such as log entries, actions taken, timestamps, IP addresses, device and browser information, and audit events used for security and accountability.

5. Cookies and Analytics

We use strictly necessary cookies to keep Users signed in and to maintain secure sessions and tenant context. We may use limited, privacy-respecting analytics and error-monitoring tools to understand performance and reliability. Where required by applicable law, we will seek consent for non-essential cookies and provide controls to manage them.

6. How We Use Information

• To provide, operate, secure, and maintain the Platform.
• To authenticate Users and enforce role-based access controls.
• To provide support and respond to requests.
• To monitor performance, detect abuse, and prevent fraud.
• To maintain audit trails and meet legal and contractual obligations.
• To improve features and reliability, using aggregated or de-identified data where practical.

7. How We Share Information

We share information only as needed to run the Platform: with sub-processors and infrastructure providers that host and operate the service under contractual confidentiality and security obligations; within a Customer's own organization according to the access its administrators configure; and where required by law, regulation, or valid legal process. We do not share one Customer's tenant data with another Customer.

8. Data Retention

We retain Customer and User information for as long as the Customer's subscription is active and as needed to provide the Platform, and thereafter as required to comply with legal, accounting, or reporting obligations. Customers may request export or deletion of their data in accordance with their agreement with QoreTek and applicable law.

9. Security

We use technical and organizational measures designed to protect information, including encryption in transit, tenant isolation, role-based access control, least-privilege practices, and audit logging. No system can be guaranteed to be completely secure, but we work to align our practices with recognized industry standards and to improve them over time. Where applicable, we will pursue independent security assessments and certifications as the platform matures.

10. International Data Transfers

QoreTek may process and store information in countries other than the Customer's own. Where information is transferred across borders, we take steps intended to ensure it remains protected and that transfers are carried out in accordance with applicable data protection laws, including the use of appropriate safeguards where required.

11. User and Company Administrator Responsibilities

Customer administrators are responsible for managing their own Users, assigning appropriate roles and permissions, promptly removing access for people who should no longer have it, and ensuring they have any necessary rights or consents to place data into the Platform. Users are responsible for keeping their credentials confidential and for using the Platform in line with their organization's policies.

12. Children's Privacy

The Platform is a business tool intended for use by organizations and their personnel. It is not directed to children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us information, please contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Continued use of the Platform after an update constitutes acceptance of the revised Policy.

14. Contact Information

For privacy questions or requests, contact QoreTek at [privacy contact email placeholder], or reach out through the contact options on our website. Users may also contact their own company administrator for questions about data held in their company's portal.