Last updated: September 18, 2025
Version 1.2
Qbim takes data protection very seriously. This privacy policy explains who we are, what Q-Sales is, how we collect, use, and share personal data, and how you can exercise your rights. The policy applies to the use of Q-Sales – Qbim AB’s AI-based sales coaching service with transcription connected to CRM, email, and business systems – including the website.
The Q-Sales service is provided to customer companies (B2B) and used by their employees, such as sales representatives, sales managers, and administrators. It may also process personal data about third parties who appear in the customer’s commercial communication (e.g., contact persons at the customer company’s clients, leads, meeting participants).
We recommend that you read this policy in full to ensure that you are fully informed. If you have any questions about our handling of personal data, please contact us using the details provided at the end.
We use your data to provide and improve the service for your use. By using the service, you consent to the collection and use of information in accordance with this policy.
QBIM processes your personal data in accordance with the EU General Data Protection Regulation (GDPR) as well as applicable Swedish data protection law.
Service: The service is the website https://qsales.app.
Personal Data: Data relating to a living individual who can be identified from such data (or from that and other information in our possession or likely to come into our possession).
Usage Data: Data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
Cookies: Small amounts of data stored on your device (computer or mobile device).
Controller: The natural or legal person who (alone, jointly or in common with others) determines the purposes for which and the manner in which personal data are processed. For this privacy policy, Qbim Aktiebolag (org. no. 556944-6981) is the controller of your personal data.
Processor (or service provider): Any natural or legal person who processes personal data on behalf of the controller. We may use the services of various processors in order to process your personal data more effectively.
Data subject (or user): Any living individual who uses our service and is the subject of personal data.
We collect and process different types of personal data within Q-Sales in order to provide and improve the service. Below is a summary of the categories of personal data that may be processed, with examples for each category:
Name (first and last)
Title and team/department
Company name and registration number
Work phone and email address
Username and password references
Language/region settings
User IDs and permissions in Q-Sales and connected systems (e.g., internal IDs, CRM IDs)
License type/role and access rights
Authentication logs (login times, IP addresses, browser/device)
Contact details of customer company’s clients, leads, and prospects: name, title, company, email, phone, address
Business-related CRM data: opportunities, quotes/cases (ID numbers), meeting notes, free-text fields
Sales information: sales stages, value, products/services, responsible salesperson, deadlines, follow-up activities
Documents and attachments related to deals (contracts, quotes), including metadata
Meeting invitations and calendar events: title/subject, agenda, date and time, time zone, location or video link, participant list (name and email)
Audio recordings from meetings (via our digital meeting assistant)
Generated transcripts, including:
Speaker identification (who said what)
Timestamps
Key quotes
AI-generated meeting content: summaries, decisions/action points, follow-up reminders, keywords/tags, conversation analysis (e.g., talk/listen ratios)
Note: Customer companies are responsible for informing participants and obtaining consent before recording meetings.
Emails: sender, recipients (including CC), subject line, body text, signatures, attachments (PDF, DOCX, etc.), conversation history, timestamps
Calendar information: meeting titles, invited participants, date/time, location/link, notes connected to bookings
Used by Q-Sales to create automatic summaries of email threads and simplify meeting management
Information from uploaded documents such as contracts or quotes
Typical data: counterparty name, title, contact details, signatures, contract numbers
Key dates: validity/expiration, delivery and payment terms
Other contract text and metadata
Some documents may contain personal ID numbers or other identifiers (customer is responsible for lawful handling)
Q-Sales does not request sensitive data in documents and recommends avoiding unnecessary sensitive information
IP address, device and system information (OS, browser, app version)
Unique session IDs and cookies
Logs recording events (logins, creation/modification/deletion of records)
Security-related data: login attempts, MFA status, permission changes, error reports, crash analysis
AI-generated data based on collected inputs, such as:
Recommendations for next best actions
Risk indicators in deals
Prioritization scores and lead classifications
Conversation summaries
Sales performance metrics and KPIs
Information voluntarily provided when contacting support:
Support tickets
Email correspondence with support
User feedback
Training or onboarding (“enablement”) information
Used only to assist and improve the service
Sensitive personal data: Q-Sales does not request any sensitive personal data (under Art. 9 GDPR). Such data may, however, inadvertently appear in free-text fields, audio recordings, or documents uploaded by the customer. In such cases, we only process this data on the customer’s instructions, and we strongly recommend avoiding unnecessary sensitive personal data in Q-Sales.
Responsibility for collected data: When a customer company uses Q-Sales, the company is responsible for ensuring the lawfulness of the personal data shared with us via the service. This includes ensuring that individuals (employees, clients, contacts) have been informed and that necessary consent has been obtained where required under GDPR or other law. Qbim acts as a processor for this data and processes it only in accordance with the customer agreement and this policy.
We process the above-mentioned personal data for clearly specified purposes. In summary, Q-Sales and Qbim use collected data to:
Provide and operate the service – Deliver the core functions of Q-Sales, e.g., processing your CRM, meeting, or email data and generating AI-based sales insights, transcripts, and reports. Includes maintaining user accounts, authenticating logins, and ensuring authorized access.
Maintain and improve the service – Analyze usage data and feedback to continuously improve Q-Sales functions, performance, user experience, and AI model accuracy.
Enable integrations and automation – Process data from CRM, email, and documents to automatically log activities, update deals, send reminders, and generate summaries for the user.
Communicate with users – Use contact details (such as email and phone) to send important service-related messages, e.g., changes or outages. With your consent or under contract, we may also send newsletters, training materials, or offers related to Q-Sales. You can opt out of marketing communications at any time.
Provide support and customer service – Use relevant personal data (such as your name, contact info, case history) to assist and resolve support cases. Past cases may also be used to improve support quality.
Monitor, protect, and troubleshoot – Process technical logs and usage data to monitor system health, detect/prevent unauthorized use or security incidents, and troubleshoot issues. If suspicious activity is detected, we may use personal data to investigate and take action (e.g., inform the account owner or temporarily block access).
Fulfill legal obligations – Process and store data as required by law, e.g., bookkeeping, cybersecurity reporting, or court orders.
Other legitimate interests – Process data when necessary for legitimate interests not outweighed by the individual’s rights, e.g., aggregated/anonymized data for developing new features or analyzing trends.
We only process personal data for explicitly stated and legitimate purposes, and not in ways incompatible with those purposes. If new purposes arise, we will inform affected parties and obtain consent where necessary.
Under GDPR, all processing of personal data must rely on a legal basis. Qbim relies on different bases depending on data type and context:
Contract (Article 6.1b) – Most processing is necessary to perform our contract with the customer company and users, e.g., creating accounts or processing CRM/meeting data to deliver Q-Sales’ core AI functions.
Consent (Article 6.1a) – For specific processing, such as non-essential cookies or newsletters to non-customers. Consent can be withdrawn at any time.
Legitimate interest (Article 6.1f) – For certain processing like technical logs, security monitoring, or product updates to existing users. We ensure these interests are balanced against your rights.
Legal obligation (Article 6.1c) – For processing required by law, e.g., storing transaction data for accounting or responding to lawful authority requests.
For any sensitive data (Article 9), we would rely on explicit consent or another valid GDPR exception. We do not intentionally collect such data in Q-Sales; if it occurs (through the customer), it is handled under their instructions and lawful basis.
Retention periods: Personal data is kept only as long as needed for the purposes above or as legally required. Account data remains while active and may be retained afterward for support or legal needs. Logs are generally kept up to 12 months unless needed longer.
Customer data in Q-Sales: Data such as transcripts, email summaries, or contract analyses are stored per customer instructions/configurations. Customers can set retention policies (e.g., auto-delete transcripts after X months). After contract termination or when data is no longer needed, we delete or anonymize within a reasonable time (typically 30–90 days after removal from active systems).
Legal requirements and disputes: Some data may be retained longer for legal compliance (e.g., 7 years for accounting records) or ongoing legal processes.
When the retention period ends or upon request, data is securely deleted or irreversibly anonymized.
To deliver Q-Sales effectively, we use external service providers (subprocessors). They process data only on our behalf and under our instructions.
Categories of subprocessors include:
Hosting/infrastructure (e.g., EU-based data centers, Azure)
Transcription/AI services (voice-to-text, language understanding)
Email and calendar integrations (Microsoft Graph, Google APIs)
Analytics and monitoring (Google Analytics, Hotjar)
Support and communication tools (ticketing, CRM, newsletters, chat)
Others (e.g., payment providers, marketing tools, consultants)
All subprocessors are bound by Data Processing Agreements (Article 28 GDPR) and must follow our security requirements. A current list of major subprocessors is available on request and in customer agreements. Customers are notified if we add or change subprocessors affecting their data.
Your information may be transferred or stored outside Sweden or the EU/EEA.
Within EU/EEA: We aim to process/store data in the EU/EEA whenever possible.
Outside EU/EEA: If transferred to a “third country” without an EU adequacy decision, we use safeguards such as EU Standard Contractual Clauses (SCCs), additional security measures, or certified frameworks (e.g., EU–US Data Privacy Framework). In some cases, transfers may rely on your explicit consent.
We do not sell your personal information. We may disclose data in these cases:
Legal obligations/authorities – e.g., court orders, regulator requests (such as IMY in Sweden).
Protecting rights/safety – To protect Qbim, our customers, or the public (e.g., fraud prevention).
Business transfers – In case of merger, acquisition, or sale of Q-Sales-related business.
Customer companies (as controllers) may also have obligations to disclose data stored in Q-Sales (e.g., subject access requests). Qbim assists customers under our processor agreement.
We use appropriate technical and organizational measures, including:
Encryption (TLS/SSL in transit; encryption at rest for sensitive data)
Access controls and “least privilege” access for Qbim staff and subprocessors
Logging and monitoring, with alerts for anomalies or intrusions
Regular reviews, vulnerability scans, and risk assessments
Internal policies aligned with GDPR and security frameworks (e.g., NIS2)
No method is 100% secure. In case of an incident, we act quickly to limit damage and notify affected parties in accordance with GDPR (Articles 33/34) and other laws.
You can also protect your data by using strong, unique passwords and notifying us of suspected unauthorized account use.
We use cookies and similar technologies on q-sales.app for functionality, analytics, and marketing.
Types of cookies:
Necessary cookies (required for login, security, preferences). Cannot be disabled.
Cloudflare (stores cookie consent choice)
Webflow (site delivery)
Analytics cookies (with consent):
Google Analytics (site traffic and usage analysis)
Hotjar (behavioral analytics and usability insights)
Marketing cookies (with consent):
Google Ads/DoubleClick (personalized ads, conversion tracking)
Meta Pixel (Facebook/Instagram ads)
LinkedIn Insights (ads and analytics for LinkedIn campaigns)
Ortto (email/marketing automation, engagement tracking)
On your first visit, we ask for consent to non-essential cookies. You can change preferences or withdraw consent anytime via our cookie banner/settings or by clearing cookies.
See our Cookie Overview in the site settings for full details.
The Q-Sales website may contain links to external sites or services not operated by Qbim. Once you click such a link, this policy no longer applies. We encourage you to read the privacy policy of each site you visit.
Qbim is not responsible for the content or privacy practices of external sites.
Our service and website are not directed to children under 18. We do not knowingly collect personal data from children under 18. If you are a guardian and believe your child has provided personal data, contact us so we can remove it promptly.
We may update this policy to reflect practices or legal changes. The “Last updated” date shows the current version. Updates take effect once we notify users, e.g., via a revised policy on the website.
Please review this policy regularly. Stored electronic or other valid copies are considered the authentic, enforceable version at the time of access.
As a data subject, you have the following rights:
Access – Confirmation whether we process your data, and access to it.
Rectification – Correct inaccurate or incomplete data.
Erasure – Request deletion when data is no longer needed or lawfully processed.
Restriction – Request temporary restriction of processing in certain cases.
Portability – Obtain data you provided in a structured, machine-readable format, or request direct transfer to another provider.
Objection – Object to processing based on legitimate interest, or to direct marketing (in which case it will always stop).
Withdraw consent – At any time, for processing based on consent (e.g., newsletters, cookies).
Requests are answered within one month, unless exceptions apply (e.g., legal obligations or rights of others).
You also have the right to lodge a complaint with the supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY). We encourage you to contact us first so we can address concerns.
If you have questions or concerns about this privacy policy or our data use, please contact us:
Qbim Aktiebolag
V:a Torggatan 18
652 24 Karlstad
Sweden
For questions regarding:
Account or support
Privacy policy or GDPR inquiries
Use of data and related systems
Exercising your data protection rights
Contact QBIM by email: niklas.forsberg@qbim.se