Lawyer review pending — this is the v1.0 alpha / MVP policy authored in good faith by the engineering team. A formal legal review is on the v1.5 productization roadmap.
Privacy Policy — qracle.ai (unified-QA)
Lawyer-review pending. This is the v1.0 alpha / MVP privacy policy authored by the engineering team in good faith based on the actual data handling described in decisions/0019-agent-email-infrastructure.md § 5 and the platform's retention tiers. A formal legal review is on the v1.5 productization roadmap (ADR-0019 + ROADMAP Phase 8). This source Markdown is the lawyer-handoff input; the Astro page renders it.
Last updated: 2026-05-06.
1. Who we are
qracle.ai (codename: unified-QA) is operated by manyadsinc.com.
- Service URL: https://qracle.ai
- Contact (general / privacy): admin@qracle.ai
- Source repository: private during alpha (public release planned for v1.5 per ROADMAP).
- Legal entity: manyadsinc.com (jurisdiction confirmed at v1.5 lawyer review).
We use the term "we", "us", and "our" to refer to manyadsinc.com. "You" refers to a user of the qracle.ai service.
2. What we collect
We are explicit about what flows through the platform:
- Scan inputs — URLs, optional credentials, and configuration you submit when you ask us to scan a system.
- Raw inbound MIME bodies — when our email-bot receives a verification email on your behalf, we persist the raw MIME body to Tier 0 retention (7 days). Per ADR-0019 § 5 non-negotiable #4. PII may transit through this path.
- Scan token + auth bundle artifacts — generated during scanner runs; tiered retention per
services/artifact-store(7d/30d/90d). - Postgres tenant + scan + email-mapping records — per-tenant operational data, isolated by
FORCE ROW LEVEL SECURITY(Phase 4 plan 04-05). - Operational logs — Railway stdout / Vercel logs. Pino logger is configured to redact request bodies, message bodies, auth tokens, and other PII before any log line is emitted (
req.headers.authorization,req.body,msg.text,msg.html). - No cookies on landing / privacy / terms — the public pages (
/,/privacy,/terms) are static HTML with zero JavaScript and zero analytics. No tracking pixels.
We do not collect:
- Browser fingerprints / canvas hashes / device identifiers.
- Third-party advertising or attribution data.
- Anything you have not asked us to scan.
3. Why we collect
We collect the data above for one purpose only: to perform the QA scan you requested and to serve you the resulting findings through the authenticated dashboard.
We do not:
- Sell, rent, or share your data with advertisers, brokers, or analytics vendors.
- Use your scan inputs to train external models without explicit opt-in.
- Aggregate your data in ways that re-identify other tenants' workloads.
The single exception, with opt-out: aggregated, anonymized finding patterns may be used internally for FP-rate calibration (Plan 05-02). Anonymization is at the finding-template level (no scan-input bodies, no recipient addresses, no tenant identifiers). Opt-out: email admin@qracle.ai with subject "calibration opt-out".
4. How long we keep it
Retention is tiered per ADR-0019 § 3 and enforced by two independent layers:
| Tier | Retention | Examples | Enforcement |
|---|---|---|---|
| Tier 0 | 7 days | Raw MIME bodies, ephemeral scan logs | R2 lifecycle rule (expire-raw-mime-7d) + app-level purgeExpired() cron |
| Tier 1 | 30 days | Scan tokens, finding artifacts not promoted to a finding | purgeExpired() cron |
| Tier 2 | 90 days | Adjudicated findings, dashboard data | purgeExpired() cron + manual operator review for >90d retention requests |
If any retention layer is unavailable, the other layer continues to purge — defense-in-depth. We never "soft-delete and hope" — purges remove the underlying bytes.
5. Who we share it with
We share data only with the infrastructure providers strictly required to operate the service:
- Cloudflare R2 (object storage; raw MIME at Tier 0). Encrypted at rest by default.
- Resend (email infrastructure: outbound transactional + inbound webhook delivery). Data flows through Resend's pipeline subject to their privacy practices.
- Railway (host runtime for the email-webhook receiver; processes payloads in memory only).
- Vercel (static hosting for this dashboard; no server-side secrets, no SSR).
- Postgres database provider — operator's choice (typically Neon or Supabase). Tenant data is isolated via FORCE RLS.
We have a written or click-through data-processing agreement with each provider above to the extent each provider offers one. We do not share with non-essential third parties (advertisers, analytics, brokers).
6. Your rights
We respect the following user rights regardless of where you live; in some jurisdictions these are statutory (GDPR, CCPA), in others they are voluntary best practice:
- Right to access — request a copy of your data via admin@qracle.ai.
- Right to correction — ask us to fix data we hold about you.
- Right to erasure — ask us to delete your data. v1.0 ships best-effort manual fulfillment within 30 days. Programmatic right-to-erasure is a v1.5 deliverable per ADR-0019 § 8.5.
- Right to portability — we'll export your data in a machine-readable format on request.
- One-click unsubscribe (RFC 8058) — every transactional email we send carries a
List-Unsubscribeheader pointing athttps://qracle.ai/unsubscribe?u=<token>. We honor unsubscribes within 24 hours. - CAN-SPAM (US): we identify the sender, provide a physical mailing address (TBD at v1.5), and honor opt-outs.
To exercise any of these rights: email admin@qracle.ai with a clear subject line identifying the right. We may verify identity before honoring deletion / portability requests.
7. Cookies and tracking
The public pages (/, /privacy, /terms) set no cookies and load no third-party scripts. They are static HTML.
The authenticated dashboard (/runs, /findings, /trends, /calibration, /budget) is currently out of public scope for v1.0 and not protected by an authentication layer. When v1.5 adds authentication, a session cookie will be introduced; this policy will be updated with its purpose and lifetime before any session cookie is set.
8. Security
Security controls in place at v1.0:
- Webhook signature verification — HMAC-SHA256 +
timingSafeEqualon every Resend Inbound POST per ADR-0019 § 5 non-negotiable #1. Unsigned / invalid signatures return 401 and emit a structured forensic audit log; they do not enter the DLQ. - Prompt-injection sanitizer — every inbound message body is sanitized before any LLM consumption boundary per ADR-0019 § 5 non-negotiable #5. The sanitizer is the same
sanitizeForPromptInjectionused by the five-whys scanner. - FORCE ROW LEVEL SECURITY — multi-tenant Postgres tables enforce tenant isolation at the database engine level (Phase 4 plan 04-05); a misconfigured query cannot leak across tenants.
- DKIM, SPF, DMARC — outbound mail from
mail.qracle.aicarries DKIM 2048-bit signatures, SPF + DMARC alignment, and the DMARC policy escalates fromp=nonetop=quarantineafter a 30-day clean Postmaster Tools window (target: 2026-06-04 per Plan 05-005 T7). - No shared admin secrets in source. All secrets live in environment-scoped vaults (Railway Variables; Cloudflare R2 token); rotation procedures are documented in
infra/r2/PROVISION.mdandinfra/railway/email-webhook/DEPLOY.md.
We disclose material security incidents to affected tenants within 72 hours of detection (GDPR breach-notification cadence).
9. Children's data
qracle.ai is not directed at children under 13 (US COPPA) or under 16 (EU GDPR). We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, email admin@qracle.ai and we will delete it.
10. International data transfers
If you are in the EU and your data is processed in the US (or vice versa), the applicable provider's standard contractual clauses govern the transfer (Cloudflare R2 EU clauses; Resend EU clauses; Railway US; Vercel global). We do not maintain a separate Privacy Shield / DPF attestation at v1.0; v1.5 may add formal certifications.
11. Changes to this policy
We will publish material changes to this policy at least 14 days before they take effect. The change-log will be linked here once the first update is published. v1.0: this is the initial revision.
12. Contact and disputes
For any question, request, or complaint regarding this policy:
- Email: admin@qracle.ai
- Source code: private during alpha; available for audit on request to admin@qracle.ai.
If we cannot resolve a dispute, EU users may escalate to the supervisory authority in their member state. US users may consult the FTC.