Privacy Policy

The moment you register for qestryonvia, we receive basic identifying elements. Your name appears on the account. An email address becomes the channel through which we communicate updates, alerts about budget thresholds, and operational notifications. If you're representing an organization, the company designation gets recorded alongside individual credentials.

Financial project management demands numerical specifics. Budget figures you input, spending categories you establish, allocation percentages you define—these operational parameters flow into our database because the platform cannot function as a calculation engine without them. Transaction histories accumulate as you track expenditures. Project timelines get stored when you set milestones. Team member permissions exist in records when you grant access to colleagues.

Technical interaction generates its own information trail. When your browser connects to our servers, IP addresses get logged automatically—not because we're watching you specifically, but because that's how internet infrastructure operates. Device characteristics show up in connection metadata. Session durations get recorded. Error logs capture malfunction details when something breaks, which helps our engineers identify what went wrong and where.

Your authentication credentials verify identity during login attempts. Without name and email records, the system cannot distinguish between legitimate account owners and unauthorized access attempts. This isn't abstract security theater—someone tries accessing your budget data, we need a reference point to confirm whether they should be allowed through.

Financial figures you enter drive calculation engines. Budget variance algorithms compare planned allocations against actual expenditures because those numbers exist in retrievable format. Forecasting models project future spending based on historical patterns recorded in transaction logs. Reporting tools generate summaries by querying stored financial parameters. Remove that data foundation, and these analytical capabilities collapse entirely.

Communication channels depend on contact information. When a budget threshold gets breached, the alert mechanism needs an email address to target. When system maintenance approaches, notification procedures require valid recipient lists. Support teams responding to your inquiry pull up account details and interaction history to understand context before crafting replies.

Infrastructure providers host our platform. Australian data centers physically house the servers where your information resides. Cloud service partners supply computational resources, storage capacity, and network connectivity. These entities gain technical access to underlying systems because they manage the hardware and foundational software layers—but contractual arrangements impose strict limitations on what they can do with any information passing through their infrastructure.

Payment processors handle subscription transactions when you purchase service tiers. They receive billing details, transaction amounts, and payment method information necessary to complete financial exchanges. We deliberately avoid storing complete credit card numbers ourselves; that sensitive financial data flows directly between you and the payment gateway, with our systems receiving only confirmation tokens and transaction references.

Communication service providers deliver emails we send. When you get a password reset message or budget alert notification, that content passes through email infrastructure operated by third-party specialists. They see recipient addresses and message contents during transmission because that's inherent to how email delivery functions—messages must route through external servers to reach your inbox.

Legal demands occasionally compel disclosure. Court orders specifying particular account information, properly executed search warrants from Australian law enforcement, regulatory investigations with statutory authority—these create obligations that override general privacy protections. We don't volunteer information to authorities speculatively, but legitimate legal process backed by appropriate judicial authorization does trigger disclosure requirements.

Encryption covers data transmission. When your browser connects to our platform, TLS protocols establish encrypted channels that prevent eavesdropping during transit. Someone intercepting network traffic between your device and our servers encounters scrambled data rather than readable content. This protection applies automatically—you don't need to activate it manually.

Access controls limit internal exposure. Engineers maintaining infrastructure can reach system components necessary for their roles, but not unrelated data segments. Support staff assisting with account issues view only the minimum details required to address specific problems. Database administrators managing storage systems operate under strict access protocols with activity logging that creates accountability trails.

Regular security assessments probe for weaknesses. Penetration testing simulates attack scenarios to identify vulnerabilities before hostile actors exploit them. Code reviews examine application logic for security flaws. Dependency scanning catches known vulnerabilities in third-party libraries. These practices reduce risk but cannot eliminate it entirely—determined adversaries with sufficient resources sometimes succeed despite defensive measures.

Backup systems provide recovery capability when data loss occurs through technical failure or malicious action. Redundant storage maintains copies across geographically separated facilities. Disaster recovery procedures outline restoration processes. These mechanisms protect against certain loss scenarios while introducing additional locations where information resides, which slightly expands the potential exposure surface.

Account settings provide direct editing capability for most profile details. You can update your name, change email addresses, modify organizational affiliations, and adjust communication preferences through the platform interface. These changes take effect immediately for ongoing operations, though backup systems might retain previous versions temporarily as part of disaster recovery provisions.

Data export functions let you retrieve complete records. Budget histories, project configurations, transaction logs, and other operational information download in structured formats suitable for external analysis or migration to alternative platforms. This extraction mechanism exists specifically to prevent vendor lock-in—you should be able to take your information elsewhere if you choose to switch services.

Deletion requests trigger removal procedures, though some complexity exists here. Active account deletion removes your profile and associated operational data from production systems within reasonable timeframes—usually days, occasionally weeks for complex accounts with extensive histories. However, certain information persists in backup archives until routine rotation cycles expire, and legal requirements sometimes mandate retention of specific records beyond your preferred deletion timeline.

We don't knowingly accept registrations from individuals under 18 years old. The service addresses business financial management requirements that typically fall outside youth activities. If we discover an account belongs to someone underage, closure procedures activate and associated information gets deleted following the same protocols that apply to adult account terminations.

Parents or guardians discovering their child created an account without authorization should contact help@qestryonvia.com immediately. We'll verify the relationship, close the account, and remove associated details promptly. Though the registration process requests age confirmation, we acknowledge that determined minors sometimes bypass these checks, making parental vigilance an important complementary safeguard.

When material changes occur, email notifications go to all active accounts at registered addresses. Significant alterations—particularly those affecting how information gets used or shared—trigger prominent dashboard announcements visible immediately upon login. Minor clarifications or technical corrections might appear without individual notification, though the "Last Updated" date at the top always reflects the most recent modification.

Continued use following policy updates constitutes acceptance under most circumstances. If changes fundamentally alter the relationship in ways you find unacceptable, account closure remains available. We can't offer personalized policy variations for individual users—the terms apply uniformly—but you retain the option to discontinue service rather than accept revised conditions.

This privacy policy intentionally avoids detailed discussion of cookies and similar tracking mechanisms. Those topics receive thorough treatment in a dedicated document specifically addressing browser storage, session management, analytics implementation, and third-party tracking pixels. Visit qestryonvia.com/cookie-policy for complete technical details about how these systems function and the choices available regarding their operation.