Early Access

Qeludra

  • Community
  • Workshops
  • Blog
  • About

Our Privacy Policy

Introduction

Protecting your privacy and personal data is very important to us. We therefore only use your personal data within the scope of legal regulations, in particular the General Data Protection Regulation (GDPR). With this privacy policy, we would like to inform you about the nature, scope and purposes of the collection, use and processing of your personal data by Qeludra B.V. regarding the use of LUDRA, our AI-Powered software application.

Qeludra B.V.Wilhelminakade 173, 41. Floor

3072 AP Rotterdam, The Netherlands

Email: contact@qeludra.com

 
At the heart of our operations, LUDRA, our premier AI-powered software application, is designed with an unwavering commitment to data privacy and security. Utilizing advanced large language models, our infrastructure and operational practices are meticulously crafted to align with the highest standards of data protection, particularly within the European context.

When using any AI tool privacy, security and compliance need to be considered incredibly carefully. This document provides some background information about the use of Large Language Models (LLMs) and outlines the steps Qeludra has implemented to safeguard your data privacy, ensure ownership, and maintain your absolute authority over your information.

Large Language Models (LLMs)

Currently, access to the best-in-class technology only comes from privately operated foundational models like OpenAI’s GPT-n models. No other AI company currently possess models with equivalent performance. Runner-ups are open-source models from Meta and Mistral.

What are Foundational models?

Foundational Models are large multimillion parameter AI models that are trained on a vast corpus of data. The ChatGPT-4 model has around 175 billion parameters, the open-source model Llama from Meta comes in different sizes ranging from 7B, 13B, 33B, and 65B parameters; and the model from Mistral (Mistral 7B) has 7.3 billion parameters.

At Qeludra B.V. our expertise shines in the realm of qualitative data analysis. Our application is a testament to this, designed to harness the capabilities of AI to transform qualitative data analysis. However, the creation of foundational AI models is a vastly different domain, one that requires a unique set of resources, knowledge, and infrastructure.

The computational resources required to train large-scale AI models are immense. It involves access to high-performance computing clusters, often with hundreds or thousands of GPUs or TPUs, running for weeks or months. The financial and environmental cost of such operations is substantial, making it prohibitive for companies whose primary focus is not on developing underlying AI technologies.

This is the rationale behind constructing our application atop pre-existing foundational models, currently integrating ChatGPT-3.5 and ChatGPT 4 Turbo and the open source model Llama from Meta.

Our application has been designed with flexibility in mind, enabling seamless transitions between underlying models for any given query. Looking ahead, we plan to empower users with the ability to select their preferred model, further enhancing the customization and utility of our service.

Integration of LLMs with LUDRA

Different from the personal use of ChatGPT, as a business we access the LLM via an API. The Open AI API Platform that we use has been audited and certified for SOC 2 Type 2 compliance. SOC 2 Type 2 compliance refers to a framework for managing data to protect the interests and privacy of clients of service organizations. It's an auditing procedure that ensures a service organization manages customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Security: Ensuring data is protected against unauthorized access, disclosure, and destruction.

Availability: Ensuring systems are available for operation and use as agreed upon.

Processing Integrity: Ensuring that system processing is complete, valid, accurate, timely, and authorized.

Confidentiality: Ensuring that confidential information is protected as agreed upon.Privacy: Addressing the collection, use, retention, disclosure, and disposal of personal information.

If you want to learn more about what it means to access a service via an API, please read the following article on our blog: Beyond the Comfort Zone: The Dynamics of Technological Acceptance

Customer Content

As users of LUDRA, you may submit data to the Services ("Input") and, in turn, receive results generated from your Input ("Output"). Collectively, Input and Output constitute "Customer Content." You maintain full ownership rights over the Input and are granted exclusive ownership of the Output. OpenAI transfers to you any rights, titles, and interests it may hold, ensuring you possess complete control and ownership.

OpenAI will manage and store your data following their privacy commitments. They will use your data only as needed: to provide the services you use and to follow legal requirements. OpenAI will not use your data to enhance or upgrade their services. Further information.

Data Processing Agreement

Qeludra B.V. has signed a Data Processing Addendum (DPA) with OpenAI as required by European law. The DPA delineates the data handling practices, delineating our obligations and your rights in protecting your data in compliance with GDPR and other applicable privacy laws. OpenAI complies with GDPR and CCPA. Further information.

Your Obligations for Customer Content

You are in charge of all the information you provide (Input) and must ensure you have the necessary rights, licenses, and permissions to share this Input with our Services. You alone are accountable for how you use the results (Outputs) the Services give you. It's up to you to check if these Outputs are accurate and suitable for your needs, which might include getting them reviewed by a person when needed.

Our Responsibility

At QELUDRA, we understand that the integrity and confidentiality of your research data are paramount. Safeguarding the privacy of your research participants and ensuring their information remains secure is a responsibility we embrace with utmost seriousness. We are dedicated to continuously advancing our security measures and refining our privacy practices to uphold and surpass the most stringent standards for data protection, specifically catering to the unique needs of researchers and research organizations.

Compliance with European Data Protection

LUDRA is supported by a robust infrastructure, with our main application hosted on AWS servers in Frankfurt, Germany (eu-west-1 (EU), and our vector database securely housed on GSP servers The Netherlands (europe-west 4). This strategic setup ensures that our services are not only reliable and efficient but also adhere to European data sovereignty and privacy regulations.

Our operational base in Europe signifies more than just a geographical location; it represents our dedication to upholding the stringent data privacy standards set by the European Union. See our compliance page here.

Our Privacy Promise

The privacy and security of your data are paramount at every stage of your interaction with LUDRA. We implement advanced encryption, strict access controls, and continuous surveillance to prevent unauthorized access and potential data breaches. ·        

  • All data is encrypted securely at rest and in transit using AES-256 and TLS or equivalent.·        
  • Data is stored and processed on machines housed in secure tier 3 and 4 data centres hosted by GCP and AWS.·        
  • Data is siloed from other company data in a logical order and arrangement.·        
  • There are legally binding agreements in place for all third parties used by Qeludra B.V. (Privacy Policy, Data Processing Addenda and NDAs).

Creating a LUDRA account and signing up for a LUDRA Subscription

Scope of Data Protection

Data protection applies to personal data as defined by the GDPR, i.e. all information relating to an identified or identifiable natural person. An identifiable natural person is deemed to be a natural person who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific attributes.

Creating a LUDRA account

To create the account, the following personal data will be stored:

  • Name      
  • E-mail address        
  • IP-address location

We process the email address and password on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR in order to perform the contract of use. Your IP address is processed in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, as it is in our legitimate interests to match your IP address with IP addresses that have misused our service in the past for fraud prevention purposes.

Please note that the creation of a LUDRA account is a prerequisite for signing up for and using a LUDRA subscription (see next section) but creating a LUDRA account does not oblige you to purchase a paid subscription. Even if you do not sign up for a subscription after creating the account, the LUDAR account remains available, and you can use it. You can delete your LUDRA account at any time by sending an e-mail with your request to support(at)qeludra.com.

Signing up for a Subscription

If, after creating a LUDRA account, you sign up for a LUDRA subscription, additionally the following personal data will be collected and processed for the purposes of concluding and fulfilling the contract (Art. 6 para. 1 sentence 1 lit. b) GDPR):

  • First name, surname, and where applicable, company name
  • Address        
  • Payment details
  • Tax numbers (where applicable)        
  • Selected subscription option·        
  • Possibly other, additional data you provided during the registration process.

In order to process payments, we forward the necessary payment data to our authorized payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Where necessary, Stripe will transfer the data to Stripe, Inc., located in the USA. Further information on data protection at Stripe and compliance with the requirements of Art. 44 GDPR can be found here and here. We have concluded a data processing agreement with Stripe, which allows Stripe to process the data solely in accordance with our instructions and not for its own purposes.

In addition to the aforementioned data, we process further (usage-)data relevant for the provision and billing of our service, such as subscription ID, date and time of the subscription conclusion, billing period, successful payment processing, logins, volume of data processed and number or prompts. The processing and storage of the aforementioned data is necessary for the conclusion of the contract as well as its performance and is therefore justified according to Art. 6 para. 1 sentence 1 lit. b) GDPR. If you yourself are not a party to the contract, but LUDRA is provided to you, e.g. by your employer or an organization to which you belong, we justify the processing of the data mentioned in section 6.1 and the aforementioned usage data via Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is necessary for the performance of the business relationship with our customers, i.e. your employer or your organization.

We store the data for the duration of the contract term and subsequently, if applicable, for the duration of statutory retention periods, insofar as these prescribe the retention for the respective types of data. We will delete your account if you wish to do so after cancelling your subscription. Otherwise, we will maintain your account as LUDRA account so that it is available to you in the event of a renewed subscription without you having to register again. This is in your as well as in our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

In your account in the section “usage”, you can also view data about your usage behaviour e.g., - number of queries. If you have a consumption-based subscription, such as the LUDRA Pro, you can also view the monthly costs incurred. We justify this data processing via Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as it is necessary for the performance of the contract, in particular for billing purposes or for managing the number of queries still available. Insofar as the processing goes beyond what is necessary for the performance of the contract, we base the processing on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, as we seek to meet our customers' wish to view information on usage behaviour in a transparent manner.

If you yourself are not a party to a LUDRA subscription, but access to our products is provided to you by your employer or an organization to which you belong, it is possible that we share data about your usage behaviour (e.g. last login date) with your employer or organization. Such data transfer only takes place insofar as this corresponds to our legitimate interests as well as the legitimate interests of our customers in receiving information about the use of the subscriptions they have paid for, and your interests do not override in the individual case.


Automatic Collection of Data via Website Access

Regardless of whether you use our paid or free service, your device automatically transmits certain data for technical reasons when you access our website www.qeludra.com and www.qeldura.ai. The following data that you may send us will be stored:·        

  • Date and time of access        
  • Browser type and version        
  • Operating system        
  • Volume of data transmitted        
  • Requested domain        
  • Notification of successful data retrieval        
  • Search term when using a web browser        
  • Abbreviated/anonymized IP        
  • Full IP address        
  • Diagnostic information in the event of errors

Processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is stored for purely technical reasons. Website access data is used for error analysis, ensuring system security, logging access to a LUDRA subscription or trial version. Based on your IP address, we also use geolocation to determine the region from which you are visiting our website. We use this information to check whether we can offer you the LUDRA subscription service in your region, which corresponds to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. The storage of the full IP address for the users of the LUDRA free version for a maximum period of 14 days is also justified by our legitimate interest in achieving the listed purposes, Art. 6 para. 1 sentence 1 lit. f) GDPR. The storage of IP addresses of users of the paid LUDRA subscription for the duration of the contract is justified by Art. 6 para. 1 sentence 1 lit. b) GDPR.

Qeludra Newsletters

We make use of AWeber for our email services. Aweber is GDPR compliant and self-certified with both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Visit their privacy policy here.

Product Newsletter

If you have signed up for our ALL THINGS QUALITATIVE newsletter, we will occasionally send you emails that provide you with an accessible overview of the latest trends, techniques, and best practices when using AI in qualitative research. In addition, we will send you news on our products, such as the launch new features as well as on related products and services. This will also include information and tips on how to get the most out of our app LUDRA. We are entitled to use the email address you provided when signing up for a LUDRA account or a subscription. Given our existing contractual relationship, it is also in our legitimate interest to inform you as set out above (Art. 6 para. 1 sentence 1 lit. f) GDPR). If you do not wish to receive such emails from us, you can object to the use of your email address for this purpose at any time by sending an email to support(at)qeludra.com. Of course, each of our emails contain an unsubscribe link at the end.

Marketing Newsletter and other marketing communication

If you would like to receive more detailed information about our company, products, services, and promotions, you can sign up for our marketing newsletter or you can agree to receiving marketing communication in certain other contexts. We may send you information, within the scope of your consent, about offers, special offers, promotions and marketing campaigns and other news from LUDRA from time to time or get in touch with you to discuss specific products and services. The processing of your data is based on your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). You can withdraw your consent at any time with effect for the future by sending an email to support(at)qeludra.com. Of course, our emails each contain an unsubscribe link at the end. Note to US Individuals: We may also send you marketing communications and newsletters and offers and promotions if you have agreed to send your information to Qeludra, such as via Quora. In such a case, we rely on your agreement to send us your information as establishing a relationship with us and your consent to such marketing. You can withdraw your consent at any time with effect for the future by using the unsubscribe link at the end of our emails.

Webinars

We offer webinars for our users and existing or prospective customers. The webinars are interactive events on the products we offer, conducted by our staff. External speakers may also be invited to the webinars. We point this out accordingly before registration.

We use a service provided by Zoom Video Communications, Inc. ("Zoom"), 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA, on whose platform the webinars are held. Registration for our webinars takes place via a corresponding landing page of Zoom. We have concluded a data processing agreement with Zoom and Zoom may only process personal data according to our instructions and not for its own purposes. We would like to point out that if you access Zoom's website, Zoom is responsible for the personal data processed through your use of the website. If you have entered into a contractual relationship with Zoom, we have no influence on the personal data collected and processed in this context as part of our webinars. Further information on the handling of personal data at Zoom - in particular also in relation to webinars - can be found here.

In the event of registration for a webinar on a landing page provided by Zoom, we collect and process all personal data that you provide when registering for one of our webinars (first and last name, email address, company (optional), position (optional)). We process your data to fulfil the free participation contract concluded between you and us on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. We store your data on this basis for the duration of the existence of our contractual relationship, i.e. until the conclusion of the webinar, and subsequently for the duration of the statutory retention periods where this is required. If you have a LUDAR account and it is possible for us to assign the webinar registration to this account, the processing of your personal data in the context of our customer database and the analyses of our customer-related processes until the end of the webinar is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is in our legitimate interest to record the demand for webinars and in this context to improve the services for our customers. After completion of the webinar, we note in our customer database under your account that you participated in the webinar. The name and e-mail address given during registration will not be noted and - if they do not match the details in the LUDRA account created - will be deleted by us after the webinar has ended. Should personal data be processed at all in this note in the customer database beyond the webinar, we base this on Art. 6 para. 1 sentence 1 lit. f) GDPR, as this is in our legitimate interest to specifically identify whether customers understand our products in order to provide them with support more quickly in individual cases, or in order to provide certain customers with extended webinars and training.

When participating in a webinar and using Zoom, the following additional personal data is processed:

User information (This is data associated with the Zoom account and its authentication, e.g. first name, last name, display name, email address, password (unless Single Sign On (SSO) is used), profile picture, Zoom unique user ID).

Communication data (This is data that you independently enter, upload or share as part of the webinar and associated Zoom usage).

Meeting metadata and telemetry data (This technical data is, among other things, data relating to the use of the service, including when and how sessions were conducted (IP address, event logs, session information, etc.), as well as device and hardware information that Zoom needs to access in order for features such as camera, microphone, etc. to be operational in the context of participation).

Please note that it is also possible to participate in the webinar without having a Zoom account. In this case, the collection and processing of data is limited to the minimum necessary to be able to maintain the service for you. We have chosen settings so that the collection and processing of the communication content generally takes place on servers in the European Union. As Zoom is based in the USA, we cannot exclude the possibility that data processing (in particular meeting metadata) may also take place in the USA when using the service. A collection and processing of your data through the use of Zoom takes place on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR (participation contract). We store the data collected and processed by Zoom on our behalf for the duration of the Zoom webinar and subsequently for the duration of the statutory retention periods, if this is required. We have no influence on the duration of the data processed by Zoom under its own responsibility. Please contact Zoom directly for information in this regard.

Automated decision-making pursuant to Art. 22 GDPR does not take place.

Please note that we may record Zoom webinars and publish them afterwards on our website or social media channels. Participants will not be visible or identifiable in these recordings. If, contrary to expectations, personal data of the participants is visible during the recording, it will be made unrecognisable before publication.  The recording and storage of the webinar is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, as these processing operations are in our legitimate interest to improve the quality of our webinars. When the webinars are published, no further processing of personal data will take place, as we will make them unrecognisable beforehand - if they can be viewed at all.

Data Security While Connecting to Our Website

Your connections to our website and our apps are protected with encryption techniques in line with the current state of the art. The level of protection also depends on which encryption your Internet browser and/or mobile device supports. You can tell whether an individual page of our website is transmitted in encrypted form by looking at the closed key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Your Rights

The following rights are granted by European Union directives and regulations. If you wish to exercise any of the rights listed below, please contact us at the above address.·      

  • Right to confirmation and right of access - We will gladly confirm whether we are processing any of your personal data, which data we are processing, and for what purpose we are processing it.·        
  • Right to rectification - If any of the data we have stored is incorrect, we would certainly be happy to correct it.·        
  • Right to erasure - Should you wish your personal data to be deleted, we will comply with your request as far as legally possible.·      
  • Right to restriction of processing - Should you wish to restrict use, we will comply with your request as far as legally possible.·        
  • Right to withdraw your consent - Should you wish to revoke any previously granted consent, we will comply with your request. Revocation does not affect the permissibility of the processing of your data up to now.

In addition, you can object to the further processing of your data if we process your data based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f), Art. 21 GDPR). If we process your data for the purpose of direct advertising, you have a general right to object. If we do not process your data for advertising purposes, the objection must be based on your particular situation.

You also have the right to lodge a complaint regarding the processing of your personal data with a supervisory authority at the Dutch Data Protection Authority.

For further details on our data privacy measures or to address any inquiries regarding the security of your data with LUDRA, please reach out to us at contact@qeludra.com

Qeludra B.V., March 15, 2024