Privacy Policy

1. Introduction

Caliqa is operated by Xloron, a Belgian company. We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and Belgian data protection law.

This policy explains how we collect, use, and protect your personal data when you use Caliqa.

2. Data Controller

3. Data We Collect

3.1 Account Data (You as Data Controller)

When you create an account, we collect:

• Full name
• Email address
• Organisation name
• Password (hashed, never stored in plain text)

3.2 Usage Data (You as Data Processor)

Data you store in Caliqa (we process this on your behalf):

• Instrument records (names, serial numbers, calibration dates)
• Calibration certificates (PDF files)
• Checklist templates and results
• Operator names/signatures (if provided in checklists)
• Audit logs of all actions

3.3 Technical Data

• IP address (for security and audit trail)
• Browser type and version
• Session data (authentication cookies)

4. Legal Basis for Processing

• Contract performance: Processing necessary to provide Caliqa services
• Legal obligation: Audit logs required for ISO 9001/17025 compliance
• Legitimate interest: Security monitoring, fraud prevention
• Consent: Optional analytics cookies (if accepted)

5. Sub-processors

We use the following third-party services to provide Caliqa. All sub-processors are GDPR-compliant:

6. Data Retention

• Calibration records: Minimum 6 years (ISO 17025 requirement)
• Checklist results: Minimum 3 years (ISO 9001 requirement)
• Audit logs: Minimum 6 years (compliance requirement)
• Account data: Until account deletion requested
• Deleted organisations: All data permanently deleted after 30-day grace period

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to access: Export all your data from Settings → Export Data
• Right to erasure: Delete your account from Settings → Delete Organisation
• Right to portability: Download your data as CSV/PDF
• Right to rectification: Edit your data directly in the app
• Right to restrict processing: Contact privacy@xloron.com
• Right to object: Opt out of analytics cookies

To exercise these rights, contact privacy@xloron.com. We will respond within 30 days.

8. Data Security

• All data encrypted in transit (HTTPS/TLS)
• Database encrypted at rest (AES-256)
• Row-level security (RLS) ensures organisation data isolation
• Multi-factor authentication available
• Regular security audits and penetration testing
• Incident response plan with 72-hour breach notification

9. Data Breach Notification

In the event of a data breach, we will notify:

• Belgian Data Protection Authority (GBA/APD) within 72 hours
• Affected customers without undue delay
• Steps taken to mitigate the breach

10. International Data Transfers

All customer data is stored in the EU (Frankfurt region). Some sub-processors (Vercel CDN, Stripe) may process data globally, but all comply with GDPR via Standard Contractual Clauses (SCCs).

11. Children's Privacy

Caliqa is a B2B service for manufacturing professionals. We do not knowingly collect data from individuals under 16 years of age.

12. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be notified via email to account holders.

13. Contact

For privacy inquiries, complaints, or to exercise your rights: