How Qualisphere collects, uses, and protects information.
This Policy explains how Qualisphere Consulting processes information collected through qsphereconsulting.com and our public-facing channels.
1Purpose and Scope
Qualisphere Consulting LLC (“Qualisphere,” “we,” “us,” or “our”) provides operational, compliance, quality, and AI-governance advisory services. This Privacy Policy explains how we collect, use, retain, share, and protect information when you visit qsphereconsulting.com (the “Site”), submit a contact form, schedule a meeting, or otherwise interact with our public web properties.
This Policy applies only to information collected through the Site and our public-facing channels. Information processed under a signed Master Services Agreement (“MSA”), Statement of Work, or other client engagement contract is governed by the terms of those instruments and Qualisphere’s internal data-governance framework, not by this Policy.
Qualisphere treats website visitors as a distinct data class (“Public Visitor — Inbound Marketing”) with the minimum collection, retention, and use posture described in Sections 3 through 6.
2Who We Are (Data Controller)
For purposes of the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and analogous laws, the data controller is Qualisphere Consulting LLC, a Colorado limited liability company. A physical address for legal notices is available on written request to privacy@qsphereconsulting.com.
Qualisphere does not currently maintain an establishment in the European Union or the United Kingdom. Where Qualisphere processes personal data of EU or UK data subjects, it does so on the legal bases described in Section 5. Qualisphere relies on the Article 27 GDPR exemption for occasional, low-risk processing that does not involve special-category data on a large scale; this position is documented internally and is reviewed periodically.
3Information We Collect
Qualisphere applies data minimization as a default. We collect only the categories of information described below, and only for the purposes stated in Section 4.
3.1Information You Provide Directly
| Category | Examples | Source |
|---|---|---|
| Identity & contact | Name, business email, phone, company, role | Contact form, scheduling form, direct email |
| Inquiry content | Messages, project descriptions, requested service area | Contact form, email, scheduled-meeting notes |
| Scheduling data | Selected meeting time, time zone, calendar availability | Microsoft Bookings |
| Marketing preferences | Opt-in to communications, topic interests | Forms, email-list sign-up |
3.2Information Collected Automatically
Subject to the cookie-consent rules in Section 7, Qualisphere may collect limited technical information when you visit the Site, including IP address (truncated where supported), browser and device type, operating system, referring URL, pages viewed, and timestamps. Until you provide cookie consent, only strictly necessary cookies are loaded; no analytics, performance, or marketing cookies are placed.
3.3Information We Do Not Collect
Qualisphere does not knowingly collect special categories of personal data (race or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, or data concerning sex life or sexual orientation) through the Site. Qualisphere does not knowingly collect information from children under 16. Qualisphere does not sell personal information and does not engage in cross-context behavioral advertising.
4How We Use Information
Qualisphere uses the information described in Section 3 only for the purposes set out below. We do not use information collected through the Site for unrelated purposes without first obtaining a fresh legal basis or your renewed consent.
| Purpose | Description |
|---|---|
| Respond to inquiries | Reply to contact-form submissions, scheduling requests, and direct correspondence. |
| Provide requested services | Initiate prospective-client conversations, scope engagements, issue proposals or statements of work. |
| Operate and secure the Site | Maintain availability, prevent fraud and abuse, diagnose technical problems. |
| Marketing (consent-based) | Send newsletters, event invitations, and thought-leadership content, but only if you have opted in. |
| Legal and compliance | Comply with applicable law, respond to lawful requests, exercise or defend legal claims. |
5Legal Bases for Processing (EU / UK)
Where the GDPR or UK GDPR applies, Qualisphere relies on the following legal bases under Article 6:
| Activity | Legal Basis | Reference |
|---|---|---|
| Responding to inquiries you initiate | Steps at request prior to entering a contract | Art. 6(1)(b) |
| Operating and securing the Site | Legitimate interests (security and availability) | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Analytics, performance, and marketing cookies | Consent | Art. 6(1)(a) / ePrivacy |
| Compliance with legal obligations | Legal obligation | Art. 6(1)(c) |
| Defense of legal claims | Legitimate interests | Art. 6(1)(f) |
Where Qualisphere relies on legitimate interests, we have conducted a balancing assessment and have determined that those interests are not overridden by the fundamental rights and freedoms of data subjects. You may request a summary of the relevant balancing assessment by writing to privacy@qsphereconsulting.com.
6Use of Artificial Intelligence
Qualisphere builds and operates an AI Operations Platform supporting its consulting services. Artificial-intelligence tooling is also used internally to support business operations such as drafting, scheduling assistance, document review, and analysis. The following commitments apply to information collected through the Site:
- No training use. Personal data collected through the Site is not used to train, fine-tune, retrain, evaluate, or otherwise improve any artificial-intelligence model, whether operated by Qualisphere or by any third-party vendor. Qualisphere requires its AI vendors to contractually commit to the same exclusion as a condition of inclusion on Qualisphere’s Approved Tools List.
- Human-on-the-loop. Where AI tooling assists with responding to inquiries or scheduling, a Qualisphere employee or authorized contractor reviews the output before it is sent or acted upon. AI is not used to make solely automated decisions that produce legal or similarly significant effects concerning visitors.
- Transparency. If Qualisphere deploys a customer-facing AI feature on the Site — for example, a chatbot or AI scheduling assistant — we will clearly disclose that you are interacting with an AI system at the point of interaction, in accordance with Article 50 of the EU AI Act and analogous transparency requirements.
- Confidentiality discipline. Qualisphere prohibits its personnel from submitting visitor information, client-confidential material, or other sensitive data to public, non-enterprise AI tools. Approved AI tools operate under enterprise agreements with training-exclusion and confidentiality terms.
7Cookies and Similar Technologies
Qualisphere applies a strict consent-first cookie posture. When you first visit the Site from a new device or browser, a cookie banner allows you to accept, reject, or fine-tune non-essential cookies. Until you affirmatively grant consent, only strictly necessary cookies (required for the Site to function and for security) are placed on your device.
| Category | Purpose | Default State |
|---|---|---|
| Strictly necessary | Site delivery, security, load-balancing, consent state | Always on |
| Analytics | Aggregate usage statistics; understand which content is read | Off until consent |
| Performance | Page-load monitoring and error tracking | Off until consent |
| Marketing | Campaign attribution and audience segmentation | Off until consent |
| Cross-site advertising | Cross-context behavioral advertising | Not used |
You may change your cookie preferences at any time using the consent-management control accessible from the Site footer. Qualisphere honors recognized opt-out signals where reasonably feasible, including Global Privacy Control (GPC).
8How We Share Information
Qualisphere does not sell personal information. Qualisphere does not share personal information for cross-context behavioral advertising. Qualisphere shares information only as described below.
| Recipient Category | Purpose | Safeguards |
|---|---|---|
| Service providers (processors) | Hosting, email, scheduling, analytics (where consented), security tooling | Written processor agreements; confidentiality; training-exclusion where AI is involved |
| Professional advisors | Legal, accounting, audit | Professional confidentiality duties |
| Authorities | Where required by law, valid legal process, or to protect rights and safety | Narrow, documented, logged |
| Successor entities | In connection with a merger, acquisition, or sale of assets | Equivalent privacy obligations imposed on successor |
A current list of categories of subprocessors is available on written request to privacy@qsphereconsulting.com. Qualisphere reviews each service-provider relationship for compliance with this Policy and with applicable data-protection law before onboarding, and on a periodic basis thereafter.
9International Data Transfers
Qualisphere operates from the United States. If you submit information from outside the United States, that information will be transferred to and processed in the United States and, where applicable, in other jurisdictions where Qualisphere’s service providers operate.
Where personal data of EU, EEA, or UK residents is transferred outside those territories, Qualisphere relies on appropriate safeguards including the European Commission’s Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, and supplementary measures such as encryption in transit and at rest, access controls, and contractual training-exclusion commitments. A copy of the relevant safeguards is available on request.
10Data Retention
Qualisphere retains personal data only for as long as necessary to fulfill the purposes for which it was collected, satisfy legal obligations, resolve disputes, and enforce agreements. The default retention windows for website-collected data are:
| Data | Retention Window | Trigger |
|---|---|---|
| Unanswered inquiry | 90 days after last contact | Auto-delete from inbound queue |
| Active prospect inquiry | 24 months from last interaction | Re-confirmation required after window |
| Marketing list (consent-based) | Until opt-out, plus 30-day suppression record | Opt-out by you, or annual confirmation |
| Scheduling records | 12 months | Auto-purge from scheduling tool |
| Site logs | 30 days | Rolling retention |
| Analytics data (if consented) | 14 months | Vendor default |
11Your Rights
Depending on your jurisdiction, you may have the rights set out below. Qualisphere extends substantially equivalent rights to all visitors as a matter of policy, even where local law would not require it.
11.1EU / UK Residents (GDPR / UK GDPR)
- Right of access to your personal data.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) where applicable.
- Right to restrict processing in specified circumstances.
- Right to data portability for data you provided to us.
- Right to object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent at any time, without affecting prior lawful processing.
- Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Qualisphere does not engage in such processing on the Site).
- Right to lodge a complaint with your supervisory authority.
11.2California, Colorado, and Other US State Residents
- Right to know what personal information is collected, used, disclosed, or sold.
- Right to delete personal information, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing (Qualisphere does not sell or share for cross-context behavioral advertising).
- Right to limit use of sensitive personal information (Qualisphere does not knowingly collect sensitive personal information through the Site).
- Right to non-discrimination for exercising any of these rights.
11.3How to Exercise Your Rights
Submit a verifiable request to privacy@qsphereconsulting.com. Qualisphere will acknowledge receipt within ten (10) business days and respond substantively within forty-five (45) days, with one extension permitted by law where the request is complex. Where required, Qualisphere will request information sufficient to verify your identity, and will not use that information for any other purpose.
You may designate an authorized agent to make a request on your behalf, subject to verification. Qualisphere does not discriminate against any individual for exercising privacy rights.
12Security
Qualisphere implements administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Controls include role-based access, multi-factor authentication, encryption in transit and at rest, security logging with agent, action, approver, and timestamp metadata, vendor due diligence, and periodic review of access and configuration. No method of transmission or storage is perfectly secure; Qualisphere cannot guarantee absolute security.
In the event of a personal-data breach affecting your information, Qualisphere will notify affected individuals and the relevant supervisory authorities where required by law, within the timelines mandated by applicable law.
13Third-Party Links and Services
The Site may link to third-party websites or embed third-party services (for example, a scheduling tool). Qualisphere does not control those third parties and is not responsible for their content or privacy practices. Their handling of your information is governed by their own privacy policies, which you should review before using their services.
14Changes to This Policy
Qualisphere may update this Policy from time to time. The version and effective date at the top of this document indicate when it was last updated. Material changes will be highlighted on the Site for a reasonable period and, where required by law, communicated to affected individuals directly. Prior versions are retained internally and are available on written request.
15Contact
Questions, requests, complaints, or disclosures regarding this Policy may be directed to:
| Controller | Qualisphere Consulting LLC |
| Privacy contact | privacy@qsphereconsulting.com |
| Legal notices | Physical address available on written request to privacy@qsphereconsulting.com |
| Response window | Acknowledge within 10 business days; substantive response within 45 days |
For privacy questions or to exercise your rights: privacy@qsphereconsulting.com
See also: Website Terms & Conditions