Back to Quat

Legal

Privacy Policy

This Policy explains how Quat handles account data, Customer Content, storage-console metadata, essential cookies, support records, and service-operation information.

Last updated: May 13, 2026Effective for website and account-portal use

Operator

VP Solutions and ZERGAW Technologies

Account portal

myaccount.quat.et

1. Scope of This Policy

This Privacy Policy explains how Quat, also written as ቋት, handles personal data and related information when you visit the Quat website, use the account portal, use the storage console, create buckets, upload or manage objects, configure access controls, generate API keys, request support, renew subscriptions, or otherwise interact with Quat.

Quat is an S3-style object storage console operated by VP Solutions and ZERGAW Technologies. This Policy applies to Quat's website, account portal at https://myaccount.quat.et, storage-console workflows, support channels, billing and subscription workflows, and related services.

This Policy should be read together with the Terms & Conditions at /terms. Capitalized terms not defined here have the meaning given in the Terms.

2. Operators and Contact Details

Quat is operated by VP Solutions and ZERGAW Technologies. Public contact addresses for the operators are: VP Solutions, Ras Mekonnen Ave, ORDA Building, Addis Ababa, Ethiopia; and ZERGAW Technologies, HQ, ICT Park ZERGAW Building, Addis Ababa, Ethiopia; Leghar, ORDA Bldg, 15th Floor, Addis Ababa, Ethiopia.

For privacy, account, billing, support, or legal questions, contact Quat at hello@quat.et or +251991222444.

If you make a privacy request, Quat may need to verify your identity, authority, account relationship, or organization role before responding.

3. Quat's Role: Controller and Processor

For account registration, administrator profiles, billing records, support communications, website visits, service-operation records, security logs, and direct communications with Quat, Quat generally acts as a data controller because Quat determines why and how that information is used.

For Customer Content stored in buckets, including files, objects, archives, backups, and personal data that a customer chooses to upload, Quat generally acts as a processor or service provider for the customer. In that role, Quat handles Customer Content to provide, secure, support, meter, and maintain the service, and the customer remains responsible for the content, privacy notices, consents, lawful basis, and end-user obligations that apply to that Customer Content.

Some information may fall into both roles. For example, object metadata, access logs, security events, abuse reports, and support records may be processed to serve the customer and also used by Quat to secure the service, investigate incidents, meet legal obligations, and enforce the Terms.

4. Information You Provide

Quat may collect information you provide directly, including names, email addresses, phone numbers, organization names, job roles, account credentials, administrator and user details, billing contacts, tax or invoice details, account preferences, support messages, sales inquiries, renewal requests, and legal or privacy requests.

If you invite users, assign administrators, configure teams, or connect applications, Quat may process the details needed to identify those users, manage permissions, show account activity, and keep the service secure.

Do not submit sensitive personal data, payment credentials, passwords, national identifiers, or confidential business secrets in support ticket titles, bucket names, object names, CORS labels, metadata fields, public URLs, or other places not designed for sensitive information.

5. Customer Content and Storage-Console Data

Customer Content means files, objects, data, text, images, media, software, backups, archives, and other materials that you or your users upload, store, process, retrieve, publish, or make available through Quat. You control what Customer Content is uploaded to Quat and who may access it.

Quat may process Customer Content only as needed to provide the service, including storage, retrieval, transmission, replication, backup, deletion, support, security, abuse prevention, compliance, billing, and service reliability.

Quat also processes storage-console data and metadata such as bucket names, object names, object metadata, folder or path structures, access settings, public/private state, CORS rules, API key state, usage summaries, transfer activity, request counts, errors, object delivery events, and subscription status.

Quat does not use Customer Content for advertising and does not sell Customer Content or personal data.

6. Website, Device, Cookie, and Log Data

When you visit the Quat website or use the account portal or console, Quat may collect device, browser, network, and log information, including IP address, approximate location derived from network data, browser type, operating system, device identifiers, pages viewed, links clicked, timestamps, referring pages, session events, error logs, authentication events, and security events.

For the MVP release, Quat uses essential cookies, local storage, session identifiers, and operational logs where needed for login, account security, session management, fraud and abuse prevention, diagnostics, support, service reliability, remembering basic preferences, and protecting Quat and its customers.

Quat does not use advertising cookies, remarketing pixels, or behavioral advertising cookies in the MVP. If Quat later introduces optional analytics, advertising, or marketing cookies, Quat will update this Policy and provide notice or choice where required by law.

7. Billing, Subscription, and Payment Data

Quat may process billing and subscription information such as plan type, quota limits, usage, renewal status, invoices, payment status, account balance, tax details, payment references, transaction records, and communications about manual renewal.

Quat's MVP renewal flow is manually triggered by the customer. Quat does not automatically charge renewal fees unless a future automatic-billing feature is clearly offered, expressly accepted, and supported by updated terms or notices.

Payment details may be processed by banks, payment processors, mobile money providers, or other payment partners. Quat should not be treated as storing full card, bank, or mobile-money credentials unless Quat expressly says so in the payment flow.

8. How Quat Uses Information

Quat uses information to provide, maintain, secure, monitor, troubleshoot, support, bill for, and improve the service; create and manage accounts; authenticate users; enforce permissions; process manual renewals; show usage and plan limits; send service notices; respond to requests; prevent fraud, abuse, and security incidents; comply with law; and enforce the Terms.

Quat may also use information to understand service performance, diagnose errors, improve reliability, develop new features, review product quality, train support staff, keep internal records, and communicate important product, security, legal, billing, or operational updates.

Where applicable law requires a legal basis, Quat relies on one or more lawful bases such as performing a contract, taking steps before entering a contract, complying with legal obligations, protecting legitimate business and security interests, obtaining consent where required, protecting vital interests, or handling legal claims.

9. Sharing and Subprocessors

Quat does not sell personal data. Quat may share information only where needed to operate, secure, support, bill for, improve, or comply with obligations relating to the service.

Recipients may include hosting and infrastructure providers, storage and backup providers, payment and banking partners, communications providers, support and ticketing tools, analytics or diagnostic providers limited to essential service operations, professional advisers, auditors, insurers, regulators, law enforcement, courts, and other parties where required or permitted by law.

Where Quat uses service providers or subprocessors to handle personal data or Customer Content, Quat will take reasonable steps to require them to protect the information, use it only for authorized purposes, and support Quat's privacy and security obligations.

Quat may disclose information if reasonably necessary to respond to lawful requests, protect rights or safety, investigate abuse, prevent fraud, enforce the Terms, collect amounts due, protect service integrity, or complete a merger, financing, restructuring, acquisition, partnership change, or transfer of the Quat service.

10. Ethiopia-Hosted Data and Cross-Border Transfers

Quat is designed for Ethiopia-hosted storage of locally collected personal data. Customer Content and account information may be hosted, stored, backed up, accessed, or supported from Ethiopia where Quat's production architecture allows.

Some processing may involve cross-border access or transfer where needed for support, security, disaster recovery, infrastructure operations, payment processing, communications, legal compliance, or use of trusted service providers. Quat will handle cross-border transfers only where Quat reasonably believes they are lawful and supported by appropriate safeguards, permissions, approvals, contractual protections, or other mechanisms recognized by applicable law.

Customers are responsible for choosing lawful storage and access configurations for their own Customer Content and for ensuring their use of Quat complies with any sector-specific, employment, professional secrecy, data localization, or cross-border transfer rules that apply to their data.

11. Security Measures

Quat uses reasonable technical and organizational measures designed to protect personal data, Customer Content, accounts, credentials, logs, and service infrastructure against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

Security measures may include access controls, authentication, encryption or secure transmission where appropriate, logging, monitoring, backups, vulnerability management, credential controls, role-based permissions, incident review, and restrictions on personnel and service-provider access.

No online service can guarantee absolute security. You are responsible for using strong passwords, protecting devices, limiting administrator access, rotating API keys, configuring bucket permissions carefully, securing CORS settings, and promptly telling Quat about suspected unauthorized access or compromised credentials.

12. Retention, Export, and Deletion

Quat keeps personal data and service records for as long as reasonably needed to provide the service, maintain accounts, support subscriptions, comply with legal and tax obligations, resolve disputes, enforce agreements, investigate abuse, protect security, and maintain ordinary business records.

Customer Content remains available subject to the customer's account status, plan limits, renewal status, suspension or termination lifecycle, technical limits, and the Terms. Customers should export Customer Content before cancellation, expiry, suspension, termination, or deletion windows end.

After account closure, plan termination, or deletion requests, Quat may delete or anonymize Customer Content and account data where appropriate. Backup copies, logs, invoices, security records, and legal records may remain for a limited period under ordinary retention cycles or as required by law.

Deleted Customer Content may be unrecoverable. If a deletion request conflicts with legal, security, abuse-prevention, billing, dispute, or backup-retention obligations, Quat may retain the limited information needed for those purposes.

13. Data-Subject Rights and Choices

Subject to applicable law and verification, you may request access to personal data about you, correction of inaccurate data, deletion, restriction, objection, portability where applicable, withdrawal of consent where processing is based on consent, or information about how your data is handled.

You can update some account information through the account portal where available. You may also contact Quat at hello@quat.et or +251991222444 for privacy requests.

If your personal data is included in Customer Content controlled by a Quat customer, Quat may direct your request to that customer or help the customer respond, because the customer determines the purpose and means of processing that Customer Content.

Quat may decline or limit requests where allowed by law, including where a request cannot be verified, affects another person's rights, conflicts with legal obligations, concerns confidential security information, is technically impossible, or relates to records Quat must retain.

14. Customer Responsibilities for End-User Data

Customers decide what Customer Content to upload, what personal data to store, which users and applications may access it, and how buckets, API keys, CORS rules, links, public access, and permissions are configured.

If you upload or process personal data about employees, contractors, customers, users, patients, students, citizens, or other individuals, you are responsible for providing privacy notices, obtaining consent or another lawful basis, honoring data-subject rights, setting lawful retention periods, limiting access, and complying with all applicable privacy, consumer, employment, sector, and professional secrecy obligations.

Quat is not responsible for the legality, accuracy, completeness, sensitivity, retention, disclosure, or access configuration of Customer Content chosen by customers, except to the extent Quat is legally responsible for its own processing activities.

15. Breach and Incident Notification

If Quat becomes aware of a personal data breach or security incident affecting personal data or Customer Content, Quat will investigate and take steps it considers appropriate based on the nature and risk of the incident.

Where required by applicable law, Quat will notify the relevant authority, affected customers, or affected individuals within the required timeframe and provide information reasonably available to help assess and respond to the incident.

Customers must promptly notify Quat of suspected unauthorized access, exposed API keys, misconfigured public access, account compromise, or incidents involving their users, applications, or Customer Content.

16. Children

Quat is intended for business, developer, organization, and adult consumer use. Quat is not directed to children and does not knowingly collect personal data from children without appropriate authorization.

If you believe a child has provided personal data to Quat without appropriate authorization, contact Quat so the issue can be reviewed.

17. Third-Party Links and Integrations

Quat may link to third-party websites, payment providers, support tools, documentation, SDKs, APIs, integrations, or partner services. Their privacy practices are governed by their own policies and agreements, not this Policy.

If you connect Quat to third-party applications, API clients, domains, websites, or services, you are responsible for reviewing their privacy and security practices and for configuring permissions appropriately.

18. Changes to This Policy

Quat may update this Privacy Policy to reflect changes in the service, legal requirements, security practices, data handling, service providers, or business operations.

Material updates will be posted at /privacy or communicated by another reasonable method. Continued use of Quat after an updated Policy becomes effective means the updated Policy applies to your use of the service from that point forward.

19. Contact Quat

For privacy requests, questions, or concerns, contact Quat at hello@quat.et or +251991222444.

Public contact addresses for the operators: VP Solutions, Ras Mekonnen Ave, ORDA Building, Addis Ababa, Ethiopia; and ZERGAW Technologies, HQ, ICT Park ZERGAW Building, Addis Ababa, Ethiopia; Leghar, ORDA Bldg, 15th Floor, Addis Ababa, Ethiopia.