QotterLegal

Privacy policy

Last updated 12 July 2026. Founder-drafted for launch-foundation; counsel review pending (PRD section 12).

Qotter is currently a pre-launch waitlist website. This policy explains how we process personal data at this stage, before any product access exists. When the product itself launches, this policy will be extended to cover the workspace, agents, and connected tools, and republished with a new version date.

Who we are

The controller of your personal data is Qotter, operated by [ASSUMPTION: the operating legal entity name and its jurisdiction are pending founder confirmation and counsel, not necessarily a US “Qotter, Inc.”]. We refer to it here as “Qotter,” “we,” or “us.” Qotter is hosted in the EU (Frankfurt, Germany) on Neon Postgres. You can reach us at the contact address at the end of this policy.

What we process at this stage

Joining the waitlist or visiting this site involves the following personal data:

  • Your email address, submitted when you join the waitlist.
  • The timestamp of your consent and, once we send it, the timestamp of your confirmation.
  • Referral relations: who referred you, and whom you refer, used to compute your position in the referral-ranked queue.
  • Source and campaign data derived from UTM parameters, if you arrived through a tagged link.
  • Rate-limiting data derived from your IP address, kept briefly to prevent automated waitlist submissions.
  • Analytics data collected through PostHog and Google Analytics 4, only after you consent to analytics cookies (see the cookie policy).

Why we process it, and on what basis

  • Running the waitlist (your email, consent timestamp, referral relations, source data): lawful basis is your consent, given when you submit the waitlist form.
  • Analytics (PostHog, GA4): lawful basis is your consent, given through the cookie banner. Analytics data is not collected before you consent.
  • Security and abuse prevention (rate-limiting data, Cloudflare Turnstile): lawful basis is our legitimate interest in keeping the waitlist form free of automated abuse, weighed against your rights and kept to the minimum needed.

Who we share it with

We use the following subprocessors to run this site. Each is bound by a data processing agreement; the subprocessors located outside the EU/EEA additionally rely on Standard Contractual Clauses (SCCs) for the transfer.

Subprocessor Function Region
Cloudflare Hosting, CDN, and edge compute (Workers) Global network
Neon Postgres database Frankfurt, Germany (EU)
Clerk Authentication, for product access once launched United States, DPA and SCCs
Resend Transactional email United States, DPA and SCCs
Sentry Error monitoring EU
PostHog Product analytics, consent-gated EU
Google GA4 analytics, consent-gated United States

We do not sell your personal data.

How long we keep it

We retain waitlist data until your launch cohort is resolved (the point at which your account is created or your seat is released) or until you ask us to delete it, whichever comes first. [ASSUMPTION: the exact retention period past that point is pending confirmation from the founder and counsel.]

Your rights

Under the GDPR, you have the right to access, correct, delete, restrict, or export your personal data, and to object to or withdraw consent for its processing. To exercise any of these rights, contact us at the address below.

International transfers

Where a subprocessor is located outside the EU/EEA, we rely on Standard Contractual Clauses and the subprocessor’s own EU representative arrangements, as listed in the table above.

Complaints

You can lodge a complaint with your local data protection supervisory authority at any time. We would appreciate the chance to address your concern directly first, at the address below.

Changes to this policy

We will update the date at the top of this page whenever this policy changes, and for material changes we will notify waitlist members by email.

Data protection contact: privacy@qotter.com

Placeholder address pending the founder's domain decision (tracked in docs/ops/credentials-needed.md). It resolves the moment the apex domain in @qotter/site-config is finalized.

Qotter

The AI operating system for your company.

PrivacyTermsCookiesSecurity
©2026 Qotter

We use functional storage to run this site. With your consent, we also use analytics to see what is working. Read the cookie policy.