Privacy Policy

inviewr is an inspection management platform operated by Qapin.com. When we say "we", "our", or "inviewr" in this policy, we mean Qapin.com and its inviewr service.

For questions about this policy, contact us at: privacy@inviewr.com

Account data. When you sign up, we collect your name, email address, organisation name, and password (stored as a secure hash). If you sign in with Google or Microsoft, we receive your name, email, and a unique identifier from that provider.

Inspection data. We store data you enter into the platform: inspection schedules, inspector profiles, client information, NOI documents, flash reports, inspection reports, invoices, and related documents.

Usage data. We collect logs of actions within the platform (e.g. who created a schedule, when a report was submitted) to support audit trails and troubleshooting. We also collect standard server logs including IP addresses and browser type.

Payment data. Payments are handled by Stripe. We receive a payment confirmation and the last 4 digits of your card for display purposes only. We never see or store your full card number.

Email integration data. If you connect Microsoft Outlook, we access your email folders and messages solely to display them within the inviewr email panel. We do not store your emails on our servers beyond the session cache needed to display them.

Document content (AI features). If you use AI features, the content of uploaded documents (NOIs, reports) is sent to our AI provider for processing. This data is not retained by the AI provider beyond the processing request.

• To provide and operate the inviewr platform and its features
• To authenticate your identity and maintain your session
• To process payments and manage your subscription
• To send transactional emails (schedule confirmations, report notifications, invoice receipts)
• To send service-related announcements (maintenance, security alerts, plan changes)
• To generate AI-assisted content (NOI auto-fill, email drafts) when you request it
• To provide customer support and investigate reported issues
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not use your data for advertising, profiling, or selling to third parties.

We share your data only with service providers necessary to operate the platform. All sub-processors are contractually bound to protect your data and use it only for the specified purpose.

We may also disclose data if required by law, court order, or to protect the rights, property, or safety of inviewr, our users, or the public.

Active accounts. We retain your data for as long as your account is active.

After cancellation. If you cancel your subscription, we retain your data for 90 days to allow reactivation. After that, data is permanently deleted.

After trial expiry. Trial accounts that do not convert to a paid plan are retained for 90 days after trial expiry, then permanently deleted.

Audit logs. Activity logs may be retained for up to 2 years for security and compliance purposes.

Legal holds. If data is subject to a legal hold or dispute, we may retain it beyond the above periods until the matter is resolved.

We implement industry-standard security measures to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS 1.2+
• Passwords are hashed using bcrypt — we cannot recover your password
• Database access is restricted to application services only — no direct public access
• Authentication tokens are short-lived JWTs stored securely
• File storage uses access-controlled cloud storage with signed URLs

Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately at security@inviewr.com.

We use minimal, strictly-necessary cookies:

• Authentication token — stored in localStorage to keep you logged in
• UI preferences — sidebar state, column widths, filter presets (localStorage)

We do not use advertising cookies, tracking pixels, or third-party analytics. We do not use Google Analytics or Facebook Pixel.

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Update or correct inaccurate personal data (most data can be edited directly in Settings).
• Deletion. Request deletion of your personal data. We will delete it subject to any legal retention requirements.
• Portability. Request your data in a portable format (CSV/JSON export).
• Objection. Object to certain processing of your personal data.
• Withdrawal of consent. Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@inviewr.com. We will respond within 30 days.

inviewr is a professional B2B platform and is not directed to persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

Our infrastructure is primarily located in the United States and European Union. If you access inviewr from outside these regions, your data will be transferred to and processed in these jurisdictions. We rely on standard contractual clauses and other lawful transfer mechanisms where required.

We may update this Privacy Policy from time to time. We will notify you by email and in-app notice at least 14 days before material changes take effect. The "Last updated" date at the top of this page will always reflect the current version.

For privacy-related questions, data access requests, or to report a concern: