PRIVACY POLICY
Last Updated: March 1, 2026
1. Introduction and Scope
1.1. Transparency
This Privacy Policy explains how SynoptiCons GmbH dba PAQR (“PAQR”, “we”, “us”) collects, uses, and shares your personal information. It applies to our websites, mobile/desktop apps, APIs, cloud products, software, and support services that link to this Privacy Policy (collectively, our “Services”), engage with us on social media, or otherwise interact with us.
1.2. Our Role
For website visitors and marketing leads, PAQR acts as the Data Controller. For information we process on behalf of our business customers, we act as a Data Processor (governed by our Data Processing Addendum). Where you use the Services to process data of your own customers or vendors (collectively “Business Partners”), you are the Data Controller and we are the Data Processor.
1.3. What is Personal Data?
“Personal Data” refers to any information that identifies or can be used to identify you. This includes direct identifiers like your name and email, as well as indirect data like your IP address or device ID.
1.4. B2B Context
Our Services are designed for businesses. We do not knowingly collect information from children under 18 or individuals using the platform for personal/household purposes.
2. The Data We Collect
2.1. General
We collect information to provide and improve our Services.
The information we collect from you varies depending on our relationship with you, which Services you use, and the way in which you use them. When you simply browse our public website as a consumer (“Consumer”) to explore our Services or to learn more about us, we do not request that you provide us your information.
If you use our Services and become a PAQR business user who has licensed and/or purchased one of our Services or contact us to learn more about using our Services in connection with your business (“Business User”), we collect information from you as described below. Our Services, even if free, are offered to Business Users and are only intended for commercial, not personal, use.
Our Business Users may also collect and provide us information about their authorized users to whom they provide access to PAQR through their Business User account (“Authorized User”) or their Business Partners. Below, we describe the ways in which we may collect information in these different situations.
We may derive information or draw inferences about you based on the information we collect. However, we do not use these inferences to subject you to solely automated decision-making, including profiling, that produces legal or similarly significant effects.
2.2. Business Users
If you are a Business User, we collect certain personal information about you in order to facilitate our business relationship with you and provide you with our Services.
The Business User personal information we collect from you includes:
– Account information: name, account username and password, communications you provide, and any other information you choose to provide.
– Professional information: work contact details, title, employer and job title.
– Commercial information: purchase or subscription history and type, invoices, payment details where applicable
We may also collect information a Business User chooses to provide relating to its Business Partners. Business Users must provide their Business Partners any required notices and collect any necessary consents before providing or disclosing any such information to us.
PAQR does not directly collect or control Business Partner personal information, but rather the Business Users determine what Business Partner personal information they collect, and to the extent PAQR receives that information, we do so on behalf of our Business Users.
2.3. Authorized Users
We collect information from Authorized Users of our Business Users. As an Authorized User, you share information directly with us when you create an account, use our Services, submit or post content through our Services, sign up for our newsletter, fill out a form, communicate with us via third-party platforms, request customer support, or otherwise communicate with us. However, while we may directly collect your personal information, we do so on behalf of your company, the Business User who provided you access to our Services, and not for our own purposes. PAQR does not directly control the processing of Authorized User personal information, but rather Business Users are responsible for providing their Authorized Users any required notices and collecting any necessary consents before requesting that we collect or disclose the personal information of their Authorized Users.
The types of Authorized User personal information that we collect for Business Users depends on the Services selected, and directions and permissions given to us by the Business User, but could generally include:
– Account information: your name, account username, user identification, and password, email, language, time zone, phone number, photograph, birthday, anniversary, personal API key, role on our Services, correspondence on our Services, any communications you provide, and any other information you choose to provide.
– Professional information: work contact details, title, employer, job title.
– Data entries: data, files, requests, tasks, custom fields, comments, audit log, and any other information you wish to input.
Not providing certain personal information may prevent PAQR from providing Services to you (e.g., without your email, we may not be able to create an account for you).
2.4. Information We Collect Automatically When You Interact with Us (“Tech Data”)
When you access or use our Services or otherwise transact business with us, we automatically collect certain information, including:
– Device and usage information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, device time zone, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.
– Information collected by cookies and similar tracking technologies: We (and our service providers) use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our Services and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see our Cookies Policy.
2.5. Information We Collect from Other Sources
We obtain information from third-party sources. For example, we may collect information about you from your connected apps, when you interact with us through our Social Media pages, through third-party advertisers, or third-party sources, and publicly available sources. Additionally, if you create or log into your PAQR account through a third-party platform (such as Apple, Google, or Azure), we will have access to certain information from that platform in accordance with the authorization procedures determined by such platform.
PAQR’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
3. How and Why We Use Your Data
We only process your data when we have a valid legal reason. If you are an Authorized User, we only process your personal information in accordance with the instructions, and on behalf, of your company to provide our Services, to the extent we have the permission of your company.
The table below outlines our primary purposes:
| Purpose | Data Category | Legal Basis (GDPR/nFADP) | Notes |
| Service Delivery: Providing account access, support, and core platform functionality. | Account & Professional Information | Contractual Necessity | Required to fulfill our agreement with you. |
| Security & Integrity: Preventing fraud, detecting “back door” threats, and monitoring system health. | Tech Data (IPs, Logs) | Legitimate Interest | Legitimate interest in detecting and preventing fraud, unauthorised access and abuse of our Services. Processing is limited to what is necessary for this purpose. You have the right to object to this processing at any time – see Section 5.2. |
| Communication: Sending product updates, security alerts, and administrative notices. | Account & Professional Information | Contractual Necessity (for service-related notices) / Legitimate Interest (for product updates and announcements) | Legitimate interest in maintaining an ongoing business relationship and informing customers of relevant product developments. Limited to professional contact details. You have the right to object at any time – see Section 5.2. |
| Growth & Marketing: Sending newsletters or invitations to webinars (where permitted). | Account & Professional Information | Consent: You can opt-out at any time. | You may withdraw your consent at any time via the unsubscribe link in any marketing email or by contacting privacy@paqr.com. Withdrawal will not affect the lawfulness of processing prior to withdrawal. |
| Compliance: Responding to legal requests or maintaining tax/audit records. | All relevant data | Legal Obligation | Meeting Swiss, EU or any other applicable law. |
4. Data Sharing and Transfers
4.1. Who We Share With
We do not sell your data. When we process data on behalf of a Business User, we share Information relating to Authorized Users only in accordance with the Business User’s explicit instructions and our agreement with them. Otherwise, we share information only with:
Service Providers (Subprocessors): Third-party vendors who help us run our business (e.g., cloud hosting or payment processors). These partners are contractually bound to process data only under our instructions.
Professional Advisors: Lawyers or other professional service providers, to obtain advice or otherwise protect and manage our business interests.
Affiliates: Our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership. This includes sharing in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
Law Enforcement and Affected Parties: With appropriate authorities or relevant third parties if we believe your actions are inconsistent with our user agreements, policies, or violate the law, or if we believe it is necessary to protect the rights, property, and safety of PAQR, our users, the public, or others.
Legal Necessity: Authorities or third parties when required by law.
Consent: With third parties with whom you have directed us to share information.
4.2. International Transfers
PAQR is based in Austria. We may transfer data to countries outside the EEA or Switzerland (such as the US).
Safeguards: We only transfer data to countries that have been recognized as providing an equivalent level of protection (an “Adequacy Decision”), or we use Standard Contractual Clauses (SCCs) – pre-approved legal contracts – to ensure your data remains protected to European and Swiss standards.
5. Data Retention and Your Rights
5.1. How Long We Keep Data
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy.
Active Accounts: Data is kept while your account is active.
Legal Requirements: We may retain certain data longer (typically 10 years in Austria) to comply with tax, audit, or legal hold requirements.
Marketing: We keep contact data until you unsubscribe or request deletion.
Tech Data and Analytics: Server logs and analytics data collected for security and system monitoring are retained for a maximum of 14 months before being automatically deleted or irreversibly anonymized.
5.2. Your Rights
Depending on your location (e.g., EU, UK, or Switzerland), you have the following rights regarding your data:
Access & Portability: Request a copy of your data in a readable format.
Correction: Ask us to fix inaccurate or incomplete information.
Deletion (“Right to be Forgotten”): Request that we erase your data, subject to legal retention limits.
Objection & Restriction: Object to processing based on “Legitimate Interests” or request that we “freeze” data processing.
Withdraw Consent: If we process data based on your consent (like newsletters), you can withdraw it at any time.
5.3. How to Exercise Your Rights
To make a request, please contact us at privacy@paqr.com. We will respond within 30 days. Please note that if your data was provided to us by a Business User, we may redirect your request to them as the “Controller”.
6. Security and Administration
6.1. Data Security
We implement industry-standard technical and organizational measures – including encryption, firewalls, and secure access controls – to protect your data from unauthorized access, loss, or alteration. While we strive for maximum protection, no system is 100% secure; we encourage you to use strong passwords and secure networks.
6.2. Data Breach Notification
In the event of a personal data breach, we will notify the competent supervisory authority (e.g. the FDPIC or relevant EU DPA) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR and the equivalent provisions of the Swiss nFADP.
6.3. Policy Changes
We may update this Privacy Policy to reflect changes in our practices or the law. We will notify you of material changes by posting a notice on our website or sending an email before the changes take effect.
Your continued use of the Services after an update constitutes acknowledgement of the new terms. Where any such changes require your consent (e.g., a new processing purpose), we will seek that consent separately before the change takes effect. Continued use of the Services following notification of a non-consent-based change will constitute acknowledgement of those updated terms.
6.4. Contact Us & Supervisory Authorities:
Direct Contact: For privacy questions or to exercise your rights, contact us at privacy@paqr.com.
Company Address: SynoptiCons GmbH dba PAQR, Lessinggasse 2, 9020 Klagenfurt am Wörthersee, Austria.
EU Representative: According to Article 27 GDPR, PAQR has appointed an EU representative. Contact details are available upon request at privacy@paqr.com.
Right to Complain: You have the right to lodge a complaint with a supervisory authority, such as the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local EU Data Protection Authority.
APPENDIX 1
List of Sub-Processors
PAQR uses the third-party entities below to process personal data on behalf of PAQR customers:
| Processor/Sub-Processor | Role | Seat | Processing Location | Transfer Mechanism |
| Google Voice Ltd | Business phone system | Ireland | EEA | N/A |
| Google Cloud EMEA Ltd | Cloud infrastructure (GCP) Internal communication & collaboration (Google Workspace) | Ireland | EEA / USA | US operations: EU SCC + EU-US DPF |
| Google LLC | Analytics | USA | USA | EU SCC + EU-US DPF |
| Stripe Payments Europe Ltd | Payment provider | Ireland | EEA / USA | EU SCC |