Governance & Trust

qbrin Privacy Policy

Last Updated: June 15, 2026. This policy outlines how qbrin, Inc. ("qbrin", "we", "us", or "our") processes, secures, and protects enterprise information, including data from connected workspace tools and our mobile applications.

1. Introduction

At qbrin, trust and security are foundational to our platform. qbrin operates as an enterprise intelligence layer that synthesizes corporate knowledge from connected communication channels, file vaults, and developer tools into a living knowledge graph.

We serve as a Data Processor under GDPR and other global data protection regulations, processing enterprise data strictly on behalf of and in accordance with the instructions of our enterprise customers (the "Customer" or "Data Controller").

Our AI Non-Training Commitment: We explicitly warrant that Customer Data (including connected communications, tickets, files, and search queries) is never used to train public or third-party Large Language Models (LLMs) or shared with unverified external AI service APIs.

2. Connected Integrations

The platform relies on API integrations with Customer-authorized third-party applications (e.g., Slack, Google Drive, Confluence, Jira, Salesforce, Benchling, Veeva Vault).

Granular Permission Mirroring

qbrin respects source-system access control lists (ACLs) dynamically. The platform index is mapped to replicate active roles and permissions of the querying user in real time. An individual user using qbrin will never see answers, citations, or search results extracted from source files or chats to which they do not have active reading permissions in the primary source system.

OAuth Tokens & Credentials

Integration authorization credentials and OAuth tokens are encrypted in transit and at rest using AES-256 encryption. They are strictly utilized to sync index files, maintain knowledge graph freshness, and pull context chunks required for user queries.

3. Google User Data & Connected Services

When a Customer connects a Google Workspace account, qbrin accesses Google user data through Google's official APIs, strictly within the OAuth scopes the connecting user explicitly grants on the Google consent screen. We request the minimum scopes needed to provide qbrin's user-facing features: searching and answering questions over your Gmail, Drive, and Calendar, and (where enabled) letting you approve agent actions such as sending a reply or creating an event.

Google OAuth Scopes We Request & Why

We deliberately do not request the restrictive gmail.metadata or drive.metadata.readonlyscopes. The read-only scopes above are requested with offline access so qbrin can keep the index fresh on the Customer's behalf; tokens are encrypted in transit and at rest using AES-256 and are used only to provide the Service.

Limited Use Commitments

qbrin's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we commit that Google user data is:

  • Used only to provide or improve user-facing features that are prominent in qbrin's interface (search, question-answering with citations, and user-approved assistant actions).
  • Not used for advertising of any kind.
  • Not sold, rented, or traded to anyone, and not transferred to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger/acquisition with adequate notice.
  • Not used to train, fine-tune, or develop generalized or third-party AI/ML models.
  • Not read by humans, unless: (a) you have given explicit consent for specific data; (b) it is necessary for security purposes (such as investigating abuse or an incident); (c) it is necessary to comply with applicable law; or (d) the data is aggregated and anonymized and used for internal operations in line with applicable policy.

How to Revoke Access & Delete Your Data

You remain in control of Google data at all times:

  • Disconnect in qbrin: an administrator can disconnect the Google integration from the qbrin Admin Portal, which stops further synchronization.
  • Revoke at Google: you can revoke qbrin's access to your Google Account at any time from your Google Account permissions page.
  • Delete indexed data: to delete content qbrin has already indexed, use the account & data deletion flow. Revoking access stops future syncing; deletion permanently and securely erases previously cached indexes and synchronization data within 30 days.

4. Data We Collect

We collect information to provide, maintain, and secure our services. This includes:

  • Account Credentials: Corporate email address, full name, role description, profile photo (if synchronized via Single Sign-On (SSO)), and authentication logs.
  • Workspace Meta-information: Connectors configured, sync success logs, file name indexes, document owner IDs, and connection status.
  • Usage & Telemetry: Logins, search queries, active features, interface interactions, and client IP addresses (solely for security logging and performance optimization).
  • Connected Text Content: Text segments, metadata, and citation references extracted from integrated workspace documents and chats, used to build the local semantic graph.

5. Data Usage & Sharing

We do not sell, rent, or trade your personal or enterprise data. We use collected data strictly to:

  • Synthesize and return answers with verified citations in response to user-initiated prompts.
  • Maintain compliance audits, security reporting logs, and system performance metrics.
  • Provide user support, address security vulnerabilities, and authenticate authorized users.

Third-Party Service Providers (Subprocessors)

We only share data with subprocessors (such as cloud hosting providers and secure infrastructure logs monitoring tools) who are bound by strict contract terms that mirror our data security and privacy requirements.

6. Security & Data Safety

We protect your data using comprehensive administrative, technical, and physical safeguards:

  • Encryption: All data is encrypted in transit using TLS 1.3 (or TLS 1.2 minimum fallback) and at rest using industry-standard AES-256.
  • Infrastructure Control: We offer a local-first / on-premise deployment option allowing enterprises to run the qbrin engine wholly within their private VPC cloud boundaries.
  • Compliance Alignments: qbrin is aligned with GDPR; our controls are designed for security-sensitive and regulated workflows.

7. Mobile App Declarations

In alignment with mobile distribution requirements (including Google Play Store App Content standards), we declare the following policies:

App Access and Sign-in Details

The qbrin mobile app requires active credentials provided by your corporate administrator. We support secure enterprise Single Sign-On (SSO) systems (such as Okta, Microsoft Entra ID, Google Workspace) and passwordless corporate email login. No public user registration is enabled.

No Ads Policy

The qbrin application is a premium, ad-free B2B enterprise tool. The mobile app contains no advertisement SDKs, tracker engines, behavioral profiling systems, or marketing outreach frameworks. We do not display ads or track your usage for third-party marketing.

Content & Rating Standards

Because qbrin serves as a professional business search utility, it does not host user-to-user public communication rooms or direct public messaging boards. The content displayed is restricted to your company's own secure files and documents.

No Government, Direct Financial, or Primary Clinical App Status

We confirm that the qbrin mobile app is not a government-owned app and does not perform regulatory government services. The app does not facilitate direct financial transactions (e.g. loans, banking, credit checks) nor does it perform primary medical diagnostics or clinical treatments, serving strictly as an information retrieval utility for professional enterprise use.

8. Your Rights & Retention

We retain user account info for the duration of the enterprise contract. If you wish to delete your mobile access account, request the deletion of account history, or restrict processing, please reach out to your company's system administrator.

Administrators can trigger immediate workspace disconnects and delete index graphs through the Admin Portal, resulting in permanent, secure erasure of all cached indexes and synchronization databases within 30 days.

9. Contact Us

For any questions or compliance inquiries regarding this Privacy Policy or our security standards, please contact us at:

hello@qbrin.com

qbrin, Inc.
Security and Data Privacy Office

See it answer

See it answer your hardest question.

Bring one real question your team keeps re-asking. We'll connect a source, read-only, and show you the answer, sourced, in seconds, in a 20-minute walkthrough. Nothing changes in your tools.

20-minute walkthrough
  • One source connected, read-only
  • Your real question answered, with sources
  • Nothing changes in your tools
Pick a timeor email hello@qbrin.com