Privacy Policy
Effective July 2026
Who we are
QBR Studio ("we", "us") provides client-reporting and QBR software for managed service providers. This policy explains what we collect and why. Questions: support@qbrstudio.com.
Data you give us directly
Account data (name, work email, hashed password or Google sign-in identifier), organization and team details, and billing information. Payments are processed by Stripe; we never see or store full card numbers.
Data we read from your connected tools
When you connect a PSA or RMM (ConnectWise, Autotask, HaloPSA, NinjaOne) or import a CSV, we read the data needed to build reports — clients, tickets, SLA metrics, assets and warranty dates. These integrations are read-only. We do not write back to your systems. Connection credentials are encrypted at rest.
How we use data
To generate the reports and client pages you create, deliver them by email (via our email provider, Resend), operate scheduling, provide support, process billing, and keep the service secure. We do not sell your data or your clients' data, and we do not use it to train public AI models. Executive summaries are generated by a third-party LLM provider from the figures in your report; the provider processes that text under a zero-retention arrangement and does not train on it.
Sharing
We share data only with the sub-processors that run the service — payment (Stripe), email delivery (Resend), the LLM provider used for summaries, and our hosting provider — each only as needed to perform their function. We disclose data if required by law.
Published report links
Reports and client pages you publish are reachable by anyone who has the share link. The links are unguessable, are excluded from search-engine indexing, and you can unpublish a report at any time — but treat a published link as public to whoever you send it to.
Retention & deletion
We keep your data for as long as your account is active. You can delete individual clients or reports in the app, and you can request full account deletion by emailing us — we remove your data within 30 days, except records we must retain for legal or accounting reasons.
Security
Passwords are hashed, integration credentials are encrypted at rest, and access is restricted to what the service needs to run. No system is perfectly secure, but we design for least privilege — starting with read-only integrations.
Your rights
Depending on where you are, you may have the right to access, correct, export or delete your personal data. Email support@qbrstudio.com and we'll action it.
Changes
If we make a material change to this policy we'll update the effective date and, for significant changes, notify account owners by email.
See also our Terms of Service.