Trust & Safety

Privacy notice

This notice explains how Qubicbox, including Qubicweb, Qlutterbox, Qubictry, $Qubicbox Trust Badge, and E-Fraud Watch, collects, uses, stores, and protects personal data under NDPR, NDPA, and GDPR frameworks.

Qubicbox Trust Badge is a temporary placeholder pending final brand clearance.

Last updated: 29 January 2026

Who we are

Qubicbox Technologies Limited (“Qubicbox”, “we”, “our”) operates Qubicweb, Qlutterbox, Qubictry, Qubicbox Trust Badge, and related trust tooling. We are the primary data controller for these services except where we explicitly act as a processor for enterprise partners.
Operational headquarters are in Lagos, Nigeria with TrustOps and engineering teams distributed across the EU/EEA.

Information we collect

Identity and verification data (names, pronouns, government IDs, certificates) required to issue badges or onboard Curators.
Contact details (email, phone, messaging handles) for service updates, alerts, and double-opt-in flows.
Incident and listing context (narratives, artefacts, inspection logs, fraud evidence, TrustOps annotations) necessary for investigations.
Payment and protected-payment metadata (transaction IDs, payout accounts, invoice references) captured when operating Qlutterbox or Qubictry jobs.
Technical telemetry (IP, device fingerprints, session identifiers, moderation audit logs, MFA events) used to secure accounts and rate-limit abuse.

Purposes & lawful bases

Contract: fulfilling verification, protected-payment, dispute, or content distribution services requested by you or your organisation.
Legal obligation: complying with NDPR/NDPA, GDPR, AML/CFT, financial services, and consumer protection laws.
Legitimate interests: preventing fraud, monitoring platform health, improving moderation accuracy, and ensuring reliable communications. Legitimate Interest Assessments are reviewed annually.
Consent: optional marketing updates, waitlists, referrals, or community research programmes. Withdraw consent at any time via preferences or privacy@qubicbox.com.

Retention

Verification dossiers and TrustOps case files: active relationship plus 5 years to support appeals and regulatory audits.
Fraud reports and anonymised advisories: retained indefinitely after personal identifiers are removed.
Evidence uploads: 24 months unless a legal hold applies, then securely deleted from primary and backup storage.
Audit logs and access records: 36 months minimum for accountability.
Marketing preferences: until withdrawn; requests honoured within 72 hours.

International transfers

Primary hosting occurs in the European Union (Vercel EU region, AWS eu-west-1) with mirrored workloads in Nigeria/South Africa for latency. Transfers rely on Standard Contractual Clauses and NDPR adequacy requirements. Access is role-scoped and logged.

How we secure data

Encryption in transit (TLS 1.2+) and at rest (AES-256) across every storage layer.
Mandatory MFA for TrustOps, Curators, payout actors, and internal tooling.
Honeypots, adaptive rate limiting, and Cloudflare Turnstile on public forms.
Evidence sanitisation pipelines (EXIF stripping, malware scanning) before analysts review uploads.
Quarterly access reviews, vendor diligence, and rehearsed incident response playbooks.

Your rights

Access, rectification, deletion, restriction, portability, and objection to processing based on legitimate interests.
Withdrawal of consent without affecting prior lawful processing.
NDPR-compliant rights to lodge complaints with the Nigeria Data Protection Commission (NDPC).
EU/EEA residents may also contact their local supervisory authority.

Exercising rights

Submit a request via privacy@qubicbox.com with the subject “Data Subject Request”.
Include identifiers (account email, phone number, ticket ID) so we can verify ownership. Responses are issued within one working day and fulfilled within 30 days unless complexity requires an additional 15 days.
Postal address: Qubicbox Data Protection Office, 12B Adeola Odeku Street, Victoria Island, Lagos, Nigeria.

Product-specific notes

Qubicweb & E-Fraud Watch: community submissions are reviewed and anonymised before publication. Reporters can stay anonymous; personal contact details remain private.
Qlutterbox & Qubictry: protected-payment payouts and Guild member access require verified identity and payout details to comply with NDPR and financial regulations.
Qubicbox Trust Badge: biometric or document verification data is encrypted, access-logged, and deleted when verification expires unless retention is mandated by law.

Updates

We review this notice quarterly or whenever regulations, processors, or product scope changes. Updated versions appear here with a new revision date.
Latest revision: 29 January 2026.

Who we are

Information we collect

Purposes & lawful bases

Retention

International transfers

How we secure data

Sharing & processors

Your rights

Exercising rights

Product-specific notes

Updates

Who we are

Information we collect

Purposes & lawful bases

Retention

International transfers

How we secure data

Sharing & processors

Your rights

Exercising rights

Product-specific notes

Updates