Privacy Policy for QMonitor

Last Updated: 2026/02/12

1. Introduction

This Privacy Policy explains how quantumdatis srl (P.IVA 05005580260), ("we", "us", "our") collects, uses, and protects your personal data when you use QMonitor (https://qmonitor.app), our SQL Server monitoring and compliance platform.

QMonitor is a database monitoring service that collects and analyzes performance metrics, configuration data, and compliance information from your SQL Server instances. This policy describes what data we collect, how we use it, and your rights regarding your data under the General Data Protection Regulation (GDPR) and Italian privacy law (D.Lgs. 196/2003).

2. Data Controller

quantumdatis srl
P.IVA: 05005580260
Website: https://quantumdatis.com
Contact: privacy@quantumdatis.com

3. Data We Collect

3.1 Account Information

  • Email address (used as username)
  • Password (stored as cryptographic hash)
  • Organization name and details
  • User preferences and settings

3.2 SQL Server Monitoring Data

  • SQL Server instance names and connection information
  • Database names and metadata
  • Performance metrics (CPU, memory, disk I/O, query execution times)
  • Database configuration settings
  • Query statistics and execution plans
  • Security and compliance audit data

3.3 Technical Data

  • IP addresses (for security and CAPTCHA validation)
  • Browser type and version
  • Session data and authentication tokens
  • Log data for troubleshooting and security

3.4 Payment Information (if applicable)

  • Billing information processed through third-party payment processors
  • License and subscription details

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract Performance: To provide the QMonitor monitoring service you subscribed to
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where you have explicitly consented (e.g., marketing communications)

5. How We Use Your Data

  • Provide SQL Server monitoring and alerting services
  • Perform compliance checks against your database instances
  • Send notifications and alerts about monitored systems
  • Manage your account, authentication, and authorization
  • Process payments and manage licenses
  • Improve our services and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations

6. Data Sharing and Third-Party Services

We use the following third-party services to operate QMonitor:

6.1 Essential Services

  • Cloudflare Turnstile: CAPTCHA service for security (collects IP address, browser fingerprint)
  • Email Service Provider: For sending notifications and account-related emails
  • Cloud Hosting: Infrastructure providers for hosting QMonitor services

6.2 Data Storage

  • InfluxDB: Time-series database for storing monitoring metrics
  • SQL Server: Relational database for application data

We do not sell or share your personal data with third parties for marketing purposes. Data is only shared with service providers necessary to operate QMonitor, under data processing agreements.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL)
  • Password hashing using industry-standard algorithms
  • Access controls and authentication mechanisms
  • Docker secrets management for sensitive configuration
  • Regular security updates and monitoring
  • Multi-tenant data isolation
  • Regular backups and disaster recovery procedures

8. Data Retention

  • Account Data: Retained while your account is active and for 30 days after closure
  • Monitoring Metrics: Retained according to your subscription plan (typically 30-730 days)
  • Compliance Data: Retained for regulatory requirements (varies by compliance framework)
  • Log Data: Typically retained for 90 days for security and troubleshooting

You can configure data retention periods within your QMonitor settings. Data deletion is permanent and cannot be recovered.

9. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us at privacy@quantumdatis.com. We will respond within 30 days.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection laws
  • Privacy Shield frameworks (where applicable)

11. Cookies and Tracking

QMonitor uses only essential cookies necessary for the service to function:

  • Authentication Cookies: To maintain your logged-in session
  • Security Cookies: For CAPTCHA validation and fraud prevention

We do not use analytics, advertising, or third-party tracking cookies. Essential cookies do not require consent under GDPR.

12. Children's Privacy

QMonitor is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you and relevant supervisory authorities within 72 hours, as required by GDPR Article 33.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a prominent notice in QMonitor. The "Last Updated" date at the top of this policy indicates when it was last revised.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

For Italy, the supervisory authority is:
Garante per la protezione dei dati personali
Website: https://www.garanteprivacy.it

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@quantumdatis.com
Website: https://quantumdatis.com

Note: For information about our company website (quantumdatis.com), please see our general privacy policy at https://quantumdatis.com/en/privacy/.