Quartech Systems Ltd. Privacy Policy
Effective: April 1, 2026
Last Updated: April 29, 2026
On This Page
Your privacy is important to us. We are committed to protecting and ensuring the confidentiality of any Personal Information you provide to us.
This Privacy Policy (“Privacy Policy”) addresses how Quartech Systems Ltd. and its affiliates (“we,” “our,” “Quartech”) handle information we gather from third parties, including, but not limited to, visitors to www.quartech.com (the “Website”) and users of the Services (“Users”). This Privacy Policy describes the ways we collect, use, and share Personal Information. Our Privacy Policy applies whenever you visit the Website or use the Services.
Please read this Privacy Policy carefully. By using our Website or Services, or otherwise providing us with your Personal Information, you are hereby consenting to Quartech’s collection, use, disclosure, and communication of your Personal Information in accordance with this Privacy Policy. If you do not consent to the practices described in this Privacy Policy, you may not continue to use our Website or Services.
For the purposes of this Privacy Policy,
“Personal Information” means any information that relates to you and either identifies you directly or could be used to identify you with other information available. It includes your name, user ID, email address, phone number, IP address, and device identifiers.
“Services” means Quartech’s mobile applications and related digital services, including the Q-CMS Mobile Apps (Digital Personnel Jacket, Recruiting, Field Training, Bravo Zulu, Q6 Resiliency, and Policy Acknowledgment, and the Digital Trust (DTS) Apps and Services (Q-Wallet, Q-Trust Cloud, and Q-Verifier), as made available through the Apple App Store, Google Play Store, or otherwise, as well as Quartech’s public Website and business interactions.
Questions regarding this Privacy Policy should be directed to our Privacy Officer – Garth Strandberg, at [email protected], or by mail to Quartech Systems Ltd., 4211 Kingsway, Suite 710, Burnaby, BC V5H 1Z6 or Suite 200 – 1012 Douglas Street, Victoria, BC V8W 2C3. You may also call us at (604) 291-9686 (Burnaby) or (250) 380-9686 (Victoria).
Product-Specific Privacy Notices
Some Quartech products and apps have additional privacy details that apply specifically to those services. The following supplemental notices form part of this Privacy Policy:
If you are using a solution delivered for a Quartech client, that client may publish a client-branded privacy notice that governs the service. In those cases, Quartech typically acts as a service provider under contract.
Not Intended for Children
Our Website and Services are not intended for children under the age of 13, and we do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on our Website or through our Services. If we learn that we have collected or received Personal Information from a child under 13 without verification of parental consent, we will take steps to delete that information. If you believe we may have collected Personal Information from a child under 13, please contact us using the details in the Contact section below.
Agreement to Terms by Using this Website and Services
Please read this Privacy Policy so that you are aware of how and why we use your Personal Information. When you use our Website or Services, you consent to have your Personal Information collected, used, disclosed, and communicated in accordance with this Privacy Policy.
This Privacy Policy may change from time to time, as reflected in the revision date above, to reflect changing legal, regulatory, or operational requirements. Where required by law, Quartech will provide notification of material changes to this Privacy Policy through the Website at least thirty (30) business days prior to the change taking effect. Where appropriate, we may also notify Users who have opted to receive communications from us of changes to this Privacy Policy. If we are required by applicable data protection laws to obtain your consent to any material changes to this Privacy Policy, we will do so before such changes take effect.
We encourage you to review this Privacy Policy periodically to stay informed about how Quartech protects Personal Information. Your continued use of our Website or Services after we make changes indicates that you accept and consent to those changes, so please check the policy periodically for updates.
Third-Party Links
Our Website may contain links to third-party websites, app stores, plug-ins, social media pages, applications, and other resources that are not owned or controlled by Quartech. Clicking those links or enabling those connections may allow third parties to collect or share data about you in accordance with their own privacy policies and terms of use. We do not control these third-party websites, app stores, plug-ins, social media pages, applications and other resources and are not responsible for their privacy statements and practices. When you leave our Website, we encourage you to read the privacy policy of every website you visit.
How We Collect and Use Your Data
Information Gathered
We may collect, store, use and transfer different kinds of Personal Information about you, as described below:
Contact and Inquiry Information. You may provide us with contact and inquiry details such as your name, company, email address, phone number, and message content. We may also collect recruitment information, including your résumé or CV and application details, when you apply for a position with us. We may also collect event and marketing sign-up information (such as newsletter or webinar registration details) where you choose to provide it.
Account and Service Information. When you use our Services, we may collect information required to create, administer, secure, and support your account, such as your name, email address, username, role, organization, authentication details, access rights, user preferences, and service-related communications.
Client Solution Data. Where Quartech provides a solution or service on behalf of a client organization, Personal Information may be entered into, uploaded to, or processed through the applicable solution. In those circumstances, the client organization typically determines what Personal Information is collected and how it is used, and Quartech processes that information as a service provider under contract, in accordance with the client’s instructions, applicable agreements, and applicable law.
Mobile Application Information. If you use a Quartech mobile application, we may collect information necessary to operate, secure, and support the application, such as account information, device information, app usage data, crash logs, diagnostic information, and permissions-based information where enabled by you or your organization. Product-specific or app-specific privacy notices may provide additional details about the information collected by particular applications.
Log Data and Activity Tracking. When you use our Website or Services, we may automatically collect device and browser information (device type, operating system, and browser version), log data (pages viewed, time spent, and referring sources), and your IP address, which is commonly used for security, fraud prevention, and approximate location purposes.
Cookies. We may use cookies and similar technologies for essential website functions, analytics, and performance measurement. You may manage cookies by activating the appropriate setting on your browser, though doing so may affect access to certain parts of our Website. We use Google Analytics to measure engagement and site performance. Google Analytics sets cookies to store anonymized visitor and session data.
User Data. We store and process User data in the context of providing the Services, which may include login data, browser type and version, location, operating system, and similar information, as well as User content uploaded to or created on the Services, and any Personal Information inadvertently provided to Quartech through use of the Services. For app-specific data collected through the Q-CMS Mobile Apps and the Digital Trust (DTS) Apps and Services, please refer to the relevant supplemental privacy notice linked above.
Aggregate Data. We also collect and use certain aggregate data that has been anonymized, such as statistical data regarding use of our Services, for lawful purposes. This type of data is not considered “Personal Information” subject to privacy laws because it cannot be used to identify a particular person.
We do not intentionally collect sensitive Personal Information unless it is necessary for a specific Service, required by law, provided by you, or processed on behalf of a client organization under applicable contractual instructions. Where sensitive Personal Information is required, we will handle it in accordance with applicable law, contractual requirements, and appropriate security safeguards. Quartech does not intentionally collect collect any of the following sensitive categories of Personal Information about you: information regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, health, genetic or biometric data. unless it is necessary for a specific Service, required or permitted by law, voluntarily provided, or processed on behalf of a client organization under applicable contractual instructions.
Information Use
We will only use your Personal Information when the law allows us to and as described below:
Providing Our Services and Service Communications. We use Personal Information to provide, administer, maintain, and operate our Services and to share service-related updates, security updates, support, and other service communications. This includes creating and managing accounts, authenticating users, enabling role-based access, providing requested functionality, responding to inquiries, delivering support, troubleshooting issues, and communicating service-related information.
Service Communications. We may use Personal Information to send administrative, technical, security, support, and service-related communications and notifications, including updates about the Website or Services, account notices, support responses, security alerts, maintenance notices, and changes to applicable terms, policies, or service features.
Client-Directed Services. Where Quartech provides Services on behalf of a client organization, we may use Personal Information as necessary to configure, deliver, administer, support, secure, and maintain the applicable client solution. In those circumstances, Quartech typically acts as a service provider under contract and processes Personal Information in accordance with the client’s instructions, applicable agreements, and applicable law.
Data Management and Support. User content may be viewed or accessed by Quartech for the purpose of investigating, responding and resolving a support issue. Users are responsible for maintaining the confidentiality and security of their login credentials.
Authentication, Access Control, and Account Administration. Quartech may use Personal Information to create, configure, administer, and manage user accounts for our Website, and Services. This may include using information such as your name, email address, organization, username, role, permissions, authentication status, access rights, and account activity to verify your identity, enable secure login, apply role-based access controls, manage user privileges, support account administration, and maintain the security and integrity of the Services. Where Quartech provides Services on behalf of a client organization, user access and permissions may be configured and managed in accordance with the client’s instructions, applicable agreements, and authorized administrative controls.
Security, Fraud Prevention, Misuse Prevention, and Incident Response. Quartech may use Personal Information to protect the security, confidentiality, integrity, and availability of our Website, Services, systems, and data. This may include using information such as account activity, login records, IP addresses, device information, audit logs, access history, and system activity to detect, prevent, investigate, and respond to unauthorized access, suspected misuse, fraud, harmful activity, security incidents, technical issues, or violations of applicable terms, policies, agreements, or security requirements. Where Quartech provides Services on behalf of a client organization, security monitoring and incident response activities may be performed in accordance with the applicable client agreement, client instructions, and legal or regulatory requirements.
Analytics, Reporting, and De-Identified or Aggregate Information. Quartech may use Personal Information, usage information, and service-related data to generate analytics, reports, performance measurements, operational insights, and service improvement information. Where appropriate, Quartech may aggregate, anonymize, or de-identify information so that it does not directly identify an individual. Quartech may use this aggregate, anonymized, or de-identified information for lawful business purposes, including monitoring service performance, improving functionality, evaluating usage trends, supporting security and reliability, developing service enhancements, and preparing internal or client-facing reports. Where Quartech provides Services on behalf of a client organization, analytics and reporting activities involving client solution data are performed in accordance with the applicable client agreement, client instructions, and legal or regulatory requirements. Quartech does not use client solution data for unrelated commercial purposes
Improvements. We use Personal Information to monitor performance, diagnose technical problems and to better administer and improve the quality of both the Website and the Services.
Marketing and Communications. We may use Personal Information to contact Users and visitors to further discuss their interest in our Website and Services, or to send information about new features and updates, in accordance with Users’ and visitors’ marketing preferences, consent choices, and applicable law, including Canada’s Anti-Spam Legislation (CASL). We may also email Users with service-related information concerning the Services or the Website to the extent allowed by law and in light of the commercial relationship between us. You may opt out of receiving marketing materials at any time by following the unsubscribe instructions included in each marketing communication or by contacting us.
Recruitment and Business Operations. We use Personal Information to support recruitment, hiring, and business operations where you have submitted an application or inquiry.
To Enforce Compliance with Our Policies. We may access User data and certain visitor information if necessary to investigate a suspected violation of our terms of use or acceptable use policies for the Services.
To Maintain Legal or Regulatory Compliance. We use Personal Information to meet our legal, regulatory, contractual, and security obligations, as required by law.
How We Share Your Data
Sharing of Information
We do not sell or rent Personal Information. Quartech will not copy, distribute, or share any User or visitor Personal Information except as set out in this Privacy Policy:
Third-Party Service Providers. We may partner with third-party service providers to assist in hosting, infrastructure, data storage, authentication, customer support, email delivery, operating, monitoring, and supporting our Services, such as cloud hosting providers, analytics providers, and crash reporting services. These service providers are subject to confidentiality and security obligations and are required to use Personal Information only for the purpose of providing services under Quartech’s instructions, to keep it secure, and to handle it consistently with this Privacy Policy, as required by applicable law. The providers used may vary depending on the applicable Website, Service, client solution, hosting environment, and contractual requirements.
| Provider / Platform | Privacy Policy Category |
| Microsoft Azure | Cloud hosting, infrastructure, application services, data storage, security, monitoring |
| Microsoft technology stack / Microsoft Solutions Partner / Dynamics 365 | Cloud platform, enterprise applications, identity/productivity/business systems, implementation services |
| GitHub | Source code management, development operations, deployment workflows |
| Amazon Web Services (AWS) | Cloud hosting, infrastructure, storage, deployment, backup, or client-specific hosting, if actually used |
| Oracle | Cloud hosting, Database, enterprise systems, legacy/application support, client-specific platforms |
| Google Analytics | Website analytics and performance measurement |
| Social media, business communications, recruiting, marketing presence | |
| HubSpot | Marketing, CRM, Website Forms, and Communications |
| BambooHR | Human Resources and Employee Administration |
| Lever | Recruitment, Applicant Tracking, and Hiring Administration |
| Microsoft Entra ID / Certificate Providers (LetsEncrypt) / Keycloak | Security, Authentication, and Certificate Management |
| Apple App Store | Mobile Application Distribution and Platform Services |
| Google Play | Mobile Application Distribution and Platform Services |
| Google Maps | Mapping, Location, and Geospatial Services |
| Google Single Sign-On / Google Identity Services | Identity and access management, authentication, single sign-on, access tokens, user session management, and account verification, where used for a Website, Service, client solution, or hosting environment |
| Google Cloud Platform (GCP) | Cloud hosting, infrastructure, application services, data storage, security, monitoring, backup, analytics, and client-specific hosting or processing, where used for a Website, Service, client solution, or hosting environment |
| Azure DevOps | Software Development, Source Control, Deployment, and Project Delivery Tools |
| Twilio Messaging | Quartech may use Twilio, SendGrid or similar communications providers to send SMS messages, verification codes, reminders, alerts, or other service-related communications |
| Keycloak | Identity and access management, authentication, single sign-on, access tokens, user session management, and role-based access controls, where used for a Website, Service, client solution, or hosting environment |
Customer Organizations. Where our Services are delivered for a specific client organization, that client may act as the data controller, and Quartech typically acts as a service provider under contract. Personal Information may be shared with the customer organization where required to deliver the Service, and the customer’s privacy notice may govern in those circumstances.
Potential Acquirers. If Quartech is involved in a merger, acquisition, or asset sale, some or all of a User or visitor’s Personal Information may be disclosed or communicated for the purposes of evaluating or carrying out the transaction. In such a case, the other party will be instructed to handle the Personal Information in the same manner as provided in this Privacy Policy, and Users or visitors will be notified to the extent required by applicable law.
Third-Party Integrations, SDKs, App Stores, and Platform Providers. Our Website, applications, and Services may include or interact with third-party integrations, software development kits, application stores, identity providers, mapping services, notification services, analytics tools, or other platform providers. These third parties may process Personal Information or technical information as necessary to provide their functionality, support authentication, deliver mobile app services, monitor performance, or support security. Where a third party processes information for its own purposes, its own privacy policy and terms may apply.
Events, Webinars, and Co-Marketing Activities. If you register for or participate in a Quartech event, webinar, demonstration, survey, or co-marketing activity, we may share limited Personal Information with event platforms, registration providers, communications providers, or co-sponsors where necessary to administer the activity, communicate with participants, or provide related materials. Where a co-sponsor or partner will use your Personal Information for its own purposes, we will provide notice and obtain consent where required by applicable law.
Law Enforcement. We may be required in certain circumstances to disclose or communicate Personal Information in response to a lawful request by public authorities, courts, or law enforcement, or to comply with national security requirements, or as otherwise required by applicable law. To the extent permitted by law, we will notify you before such a disclosure or communication is made.
With Your Consent. We may disclose or communicate Users’ and visitors’ Personal Information to third parties where we have your consent to do so, except as otherwise prohibited by law.
Data Location and Data Transfers
Quartech is a Canadian IT services and solutions company. The location where Personal Information is stored or processed may depend on the applicable Website, Service, client solution, hosting environment, product-specific notice, and contractual requirements.
Visitors’ and Users’ Personal Information may be transferred to, and processed in, countries outside of Canada. If you live in Quebec, your personal data may be communicated to entities outside of Quebec. Our third-party service providers may operate around the world, and accordingly, Personal Information may be accessible to courts, law enforcement, and national security authorities of those countries.
If you have any questions or wish to obtain further written information about Quartech’s policies and practices with respect to the collection, use, disclosure, or storage of your Personal Information by service providers or affiliates outside of Canada, or if you have any questions regarding our cross-border data transfer practices, please contact our Privacy Contact using the details in the Contact section below.
How We Protect and Manage Your Data
Security
We apply reasonable technical, administrative, and organizational safeguards designed to protect Personal Information against loss, theft, and unauthorized access, disclosure, copying, use, or modification. We have procedures in place to address any suspected Personal Information breach and will notify you and any applicable regulator of a breach as required by law. Security safeguards may include access controls, role-based permissions, authentication controls, encryption in transit and at rest, logging and monitoring, secure development and testing practices, network and infrastructure security controls, backup and recovery processes, and confidentiality obligations for personnel and service providers.
The safeguards used may vary depending on the Website, Service, client solution, hosting environment, deployment model, data sensitivity, and applicable legal or contractual requirements. Where Quartech provides Services on behalf of a client organization, Quartech applies the security requirements set out in the applicable client agreement and processes Personal Information in accordance with the client’s instructions, applicable agreements, and applicable law.
The transmission of information via the Internet is not completely secure, and any transmission of Personal Information is at your own risk.
Mobile Applications and SaaS Security
For Quartech mobile applications and SaaS services, Personal Information may be protected through application-level security controls, user authentication, role-based access, session management, audit logging, device-level security features, and secure communication between the application and Quartech or client-hosted services.
Some mobile applications may store limited information locally on the user’s device, such as user preferences, cached data, credentials, cryptographic keys, or activity history, depending on the application and configuration. Where supported, locally stored information may be protected using operating-system security features, such as secure key storage, device encryption, secure enclave or keystore functionality, biometric unlock controls managed by the operating system, and device access controls.
Mobile applications may request device permissions, such as camera, photos/files, notifications, Bluetooth/NFC, or location, only where required for the relevant application functionality or client-enabled feature. Quartech does not receive or store biometric templates when biometric unlock is managed by the user’s device operating system. Users can manage certain device permissions through their device settings; however, disabling required permissions may affect the availability or functionality of some features.
Security Monitoring and Response
Quartech may use Personal Information, account activity, login records, IP addresses, device information, audit logs, access history, diagnostic information, and system activity to monitor, secure, troubleshoot, and support the Website, applications, Services, and client solutions. This may include detecting, preventing, investigating, and responding to unauthorized access, suspected misuse, fraud, harmful activity, security incidents, technical issues, or violations of applicable terms, policies, agreements, or security requirements.
Quartech maintains procedures to assess and respond to suspected privacy or security incidents involving Personal Information. Where required by applicable law or contract, Quartech will notify affected individuals, client organizations, regulators, or other appropriate parties of a breach involving Personal Information.
Data Transmission
Although Quartech uses safeguards designed to protect Personal Information, no method of transmission over the Internet or method of electronic storage is completely secure. Users are responsible for maintaining the confidentiality of their login credentials, protecting their devices, and using the Website, applications, and Services in accordance with applicable terms, policies, and client security requirements.
Data Retention
We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (e.g. to provide you with the Services you have requested, to comply with applicable legal, contractual, tax, or accounting requirements, or to defend ourselves from possible legal actions). When we have no ongoing legitimate business need to retain your Personal Information, we will destroy it or anonymize it in accordance with applicable laws.
Where Quartech provides Services on behalf of a client organization, retention of Personal Information within the applicable solution is generally governed by the client agreement, deployment model, configuration, retention requirements, and lawful instructions of the client organization. In those circumstances, the client organization is generally responsible for determining applicable retention periods for client solution data, and Quartech retains or deletes such information in accordance with the applicable agreement and client instructions.
For mobile applications, certain information may be stored locally on the user’s device until the user deletes it, removes the relevant credential or content, clears local data, or uninstalls the application. Server-side logs, audit records, diagnostic information, support records, backups, and security records may be retained for the period required for service operation, security, troubleshooting, compliance, contractual obligations, or client program
requirements.
Your Choices to Control Your Data
Your Data Protection Rights
You can exercise any of the following data protection rights as may be available to you under applicable law by contacting us using the details in the Contact section below. In certain jurisdictions, we may need to verify your identity before responding to your request. Depending on your jurisdiction, you may have the following data protection rights:
– The right to access, correct, update, or request deletion of the Personal Information we hold about you. To request access to, correction, update, or deletion of Personal Information held by Quartech, you may contact Quartech’s Privacy Contact using the details in the Contact section below. Your request should include your name, contact information, the Service or application involved, the nature of your request, and enough information for Quartech to verify your identity and locate the relevant records. Quartech will review and respond to requests in accordance with applicable privacy laws, contractual requirements, and internal privacy procedures.
Where the request relates to Personal Information processed through a Quartech SaaS solution or mobile application provided on behalf of a client organization, the client organization may be responsible for determining whether the information can be accessed, corrected, updated, or deleted. In those circumstances, Quartech typically acts as a service provider under contract and may refer the request to the client organization or respond in accordance with the client’s instructions, applicable agreements, and applicable law. Certain records may not be deleted or modified where retention is required for audit history, workflow integrity, legal compliance, security, dispute resolution, contractual obligations, or client records-management requirements.
– Where Quartech provides Services on behalf of a client organization, the client organization may be responsible for determining how Personal Information is collected, used, retained, accessed, corrected, or deleted within the applicable solution. In those circumstances, Quartech typically acts as a service provider under contract. If your Personal Information is processed through a client-administered solution, you may need to contact the client organization directly to exercise your rights. If Quartech receives a request that relates to Personal Information controlled by a client organization, we may refer the request to that client or respond in accordance with the client’s instructions, applicable agreements, and applicable law.
– Where available, you may access, update, or correct certain account or profile information directly through the applicable Website, application, portal, or mobile app, or by contacting your organization’s authorized administrator. Some records within client-administered SaaS or mobile applications may not be editable or deletable by individual users after submission where required to preserve record integrity, audit history, legal compliance, workflow controls, or client retention requirements.
– For mobile applications, you may manage certain device permissions through your device settings, such as camera, photos or files, notifications, Bluetooth/NFC, or location permissions. Disabling certain permissions may limit or prevent the operation of features that depend on those permissions.
– The right to opt out of marketing communications, even if you have previously consented to receiving them. You may opt out at any time by following the unsubscribe instructions in any marketing communication or by contacting us directly.
– If we rely on your consent to collect, use, or disclose your Personal Information, you may withdraw that consent at any time by contacting us. If you withdraw your consent, we may not be able to provide you with a particular product or service, and we will explain the impact to you at the time.
We have procedures in place to receive and respond to complaints or inquiries about our handling of Personal Information and our compliance with this Privacy Policy and applicable privacy laws.
Contact
In order to exercise your data protection rights, or should you have any questions, concerns, or complaints regarding this Privacy Policy or the collection or processing of your Personal Information, please contact our Privacy Contact:
Quartech Systems Ltd.
Email: [email protected]
Mailing Address (Burnaby): 4211 Kingsway, Suite 710, Burnaby, BC V5H 1Z6
Mailing Address (Victoria): Suite 200 – 1012 Douglas Street, Victoria, BC V8W 2C3
Telephone: (604) 291-9686 (Burnaby) | (250) 380-9686 (Victoria)
Supplemental Privacy Notice – Q-CMS Mobile Apps
Effective: April 1, 2026
Last Updated: April 29, 2026
Applies to: Q-CMS mobile application suite, including Digital Personnel Jacket (DPJ), Recruiting, Field Training (FTO), Bravo Zulu (BZ), Policy Acknowledgment, and Q6 Resiliency mobile applications and any other Q-CMS mobile applications that link to or reference this Supplemental Privacy Notice.
Q-CMS Mobile Apps covered by this Supplemental Privacy Notice may include the applications listed below. The specific information collected, accessed, generated, or processed by each app depends on the app, user role, enabled features, device permissions, client configuration, and applicable client agreement. Not every app collects every category of information described in this notice.
| Q-CMS Mobile App | Primary Purpose | Typical Users | Examples of Information or Workflows Supported |
| Digital Personnel Jacket (DPJ) | Provides secure mobile access to personnel records and related workforce information. | Officers, supervisors, HR staff, command staff, authorized agency personnel. | Personnel profile information, assignments, certifications, training records, commendations, supervisor notes, performance history, inventory records, and other client-configured personnel data. |
| Recruiting | Supports a mobile-first applicant and recruiting workflow. | Applicants, recruiters, file managers, supervisors, recruiting administrators. | Applicant registration, qualification questions, application submissions, supporting documents, workflow tasks, testing reminders, file ownership, applicant status, and recruiting communications. |
| Field Training (FTO) | Supports field training documentation, evaluations, and workflow tasks. | Recruits, new officers, Field Training Officers, supervisors, training administrators. | Shift activity, checklists, call documentation, competency assessments, daily evaluations, feedback, pending reviews, required assessments, and training progress. |
| Bravo Zulu (BZ) | Enables timely recognition, commendations, and positive feedback. | Officers, supervisors, peers, command staff, authorized agency users. | Recognition submissions, commendation categories, notes of appreciation, sender and recipient information, timestamps, and related reporting or personnel record updates. |
| Q6 Resiliency | Supports agency-configured resiliency, wellness, or workforce support workflows. | Officers, supervisors, wellness/resiliency personnel, authorized agency users. | Resiliency resources, wellness-related interactions, support workflows, notifications, and other client-configured resiliency information. |
| Policy Acknowledgement | Supports mobile policy review, acknowledgement, certification, and audit tracking. | Officers, supervisors, policy administrators, professional standards staff, command staff. | Policy distribution, version tracking, digital acknowledgements, attestations, completion status, overdue acknowledgements, timestamps, and audit history. |
| Other Q-CMS Mobile Apps | Supports additional mobile-enabled Q-CMS workflows made available by Quartech or configured for a client organization. | Authorized users based on the applicable app and client configuration. | Data and workflows depend on the app, enabled features, user role, permissions granted, and client configuration. |
This notice explains how Personal Information is handled when you use Q-CMS mobile applications operated by Quartech (“Q-CMS Mobile Apps”). It supplements and should be read together with the Quartech Systems Ltd. Privacy Policy which contains Quartech’s general privacy practices, including information on data sharing, cross-border transfers, security, data retention, your rights, and contact details. Capitalized terms used but not defined in this notice have the meanings given to them in the main Privacy Policy.
Q-CMS Mobile Apps are designed to support secure, role-based access to Quartech’s Q-CMS platform and related client-configured solutions. Depending on the application and the configuration selected by the applicable client organization, the apps may support functions such as viewing personnel information, submitting or reviewing workflow tasks, documenting training activities, completing field training evaluations, submitting recognition or commendations, receiving notifications, accessing assigned records, and supporting other mobile-enabled operational workflows.
Where a Q-CMS Mobile App is provided on behalf of a client organization, that client organization may determine what Personal Information is collected, how it is used, who may access it, how long it is retained, and which features or permissions are enabled. In those circumstances, Quartech typically acts as a service provider under contract and processes Personal Information in accordance with the client organization’s instructions, applicable agreements, and applicable law.
Where a client-specific or product-specific privacy notice applies, that notice should be read together with this Supplemental Privacy Notice and the main Quartech Privacy Policy.
What Information the Q-CMS Mobile Apps Collect
In addition to the information described in the main Quartech Privacy Policy, the Q-CMS Mobile Apps may collect, generate, access, or process the following categories of Personal Information, depending on the specific mobile application, the user’s role, the features enabled, the permissions granted, and the configuration selected by the applicable client organization.
Account, Identity, and Access Information. This may include your name, username, email address, user ID, date of birth, employee or applicant identifier, organization, role, permissions, claims, authentication status, access rights, and other information required to verify your identity, enable secure login, support single sign-on or other authentication methods, and apply role-based access controls.
App Usage and Activity Information. This may include information about how you use the app, such as features accessed, screens viewed, actions taken, workflow events, submission dates and times, timestamps, session information, task status, acknowledgement history, review activity, and other interaction events.
Device and Technical Information. This may include device type, device model, operating system and version, app version, browser or webview information, IP address, general network information, language settings, time zone, device identifiers, and similar technical information used to operate, secure, monitor, support, and troubleshoot the app.
Diagnostics, Logs, and Performance Information. This may include crash logs, error reports, diagnostic events, performance metrics, system logs, connection information, and similar information used to identify technical issues, improve app stability, support service reliability, and investigate security or operational concerns.
Content Submitted Through the App. Depending on the Q-CMS Mobile App and client configuration, this may include information you enter, upload, review, acknowledge, or submit through the app, such as forms, workflow responses, notes, comments, evaluations, checklists, policy acknowledgements, commendations, attachments, photos, documents, training information, recruiting information, personnel information, or other records associated with the applicable client solution.
Personnel, Training, Recognition, and Operational Records. Depending on the app and client configuration, Q-CMS Mobile Apps may display or process records related to personnel profiles, training completions, certifications, assignments, commendations, supervisor notes, performance history, field training evaluations, policy acknowledgements, equipment or inventory records, recruiting workflows, applicant submissions, or other public-safety operational workflows. This aligns with Quartech Justice materials describing mobile and web-based solutions for personnel, training, policy, compliance, recruiting, and professional standards workflows.
Location Information. The Q-CMS Mobile Apps may collect or process location information only where location-based functionality is enabled and necessary for the relevant app feature or client configuration. Location information may include general location derived from IP address or device/network information and, where enabled and permitted, more precise location information from the device. You may manage location permissions through your device settings; however, disabling location permissions may limit or prevent certain app features from working.
Photos, Camera, Files, and Attachments. Certain Q-CMS Mobile Apps may request access to the camera, photo library, files, or document storage where needed to upload attachments, capture images, submit documentation, attach supporting records, or complete a workflow. The app only accesses these permissions where enabled by the user, required by the feature, and permitted by the applicable device settings and client configuration.
Notifications and Communication Information. The Q-CMS Mobile Apps may process notification tokens, device notification settings, message delivery status, and related information to send service, workflow, security, administrative, or task-related notifications. For example, the FTO mobile app materials describe notifications for pending reviews, required assessments, and workflow tasks.
De-Identified, Aggregate, or Statistical Information. Quartech may generate de-identified, anonymized, or aggregate information from Q-CMS Mobile App usage and operational data for lawful purposes, such as service monitoring, reporting, analytics, security, performance measurement, and service improvement. This information does not directly identify an individual.
The Q-CMS Mobile Apps do not collect all of the categories listed above in every case. The information collected depends on the specific app, the user’s role, the device permissions granted, the features enabled, and the configuration selected by the applicable client organization.
How We Use This Information
Quartech may use information collected, generated, accessed, or processed through the Q-CMS Mobile Apps to:
Provide, Operate, and Support the Apps. We use information to provide app functionality, enable workflows, display authorized records, process submissions, support offline or mobile-enabled activities where applicable, and maintain the connection between the mobile app and the applicable Q-CMS environment.
Authenticate Users and Enforce Access Controls. We use account, identity, role, claims, permissions, and access information to verify users, support secure login, apply role-based access controls, and ensure users can access only the information and functions authorized for their role.
Support Client-Configured Workflows. Where Q-CMS Mobile Apps are provided on behalf of a client organization, information may be used to support workflows configured by that client, such as recruiting, training, field training, personnel records, policy acknowledgements, commendations, resiliency, supervisor review, or other agency-specific business processes.
Maintain Security and Prevent Misuse. We may use account activity, device information, IP addresses, logs, access history, and diagnostic information to monitor security, detect unauthorized access, prevent misuse, investigate suspicious activity, respond to incidents, and protect the confidentiality, integrity, and availability of the apps and related services.
Provide Support and Troubleshooting. We may use technical, diagnostic, usage, and submitted information to respond to support requests, investigate issues, correct errors, improve app stability, and maintain service reliability.
Improve Performance and Reliability. We may use usage, diagnostic, performance, and aggregate information to improve app performance, identify trends, enhance features, resolve defects, and support service planning.
Meet Legal, Contractual, Audit, and Compliance Requirements. We may use information to maintain audit trails, support record integrity, comply with applicable laws, meet contractual obligations, respond to lawful requests, enforce applicable terms or policies, and assist client organizations with their compliance obligations where required by contract.
Where the Q-CMS Mobile Apps are provided on behalf of a client organization, Quartech typically processes Personal Information as a service provider under contract and in accordance with the client organization’s instructions, applicable agreements, and applicable law.
App Permissions
The Q-CMS Mobile Apps may request access to certain device permissions only where required for the relevant app functionality, user role, client configuration, or enabled feature. You may manage device permissions through your device settings; however, disabling certain permissions may limit or prevent some app features from working:
Camera. Used where required to capture photos, scan documents, attach supporting images, or complete app-enabled workflow steps.
Photos, Media, and Files. Used where required to upload attachments, select documents, attach images, submit evidence or supporting materials, or complete forms and workflow submissions.
Notifications. Used to send service, security, administrative, workflow, task, reminder, or operational alerts related to the applicable Q-CMS Mobile App.
Location. Used only where location-based functionality is enabled and necessary for the relevant app feature or client configuration. Location permissions may be disabled through device settings, but doing so may affect functionality that depends on location.
Biometric Unlock / Device Authentication. Where supported by the device operating system and enabled for the applicable app, users may be able to use device-based authentication features such as Face ID, Touch ID, fingerprint, facial recognition, or device passcode to unlock or access the app. These biometric features are managed by the user’s device operating system. Quartech does not receive or store biometric templates or biometric identifiers used by the device operating system for biometric authentication.
Bluetooth, NFC, or Other Device Capabilities. Certain Q-CMS Mobile Apps may request additional permissions, such as Bluetooth, NFC, or similar device capabilities, only where required for a specific app feature, credential, integration, or client-enabled workflow.
Apple App Store. Quartech reviews the device permissions, data categories, and third-party SDKs used by each published Q-CMS Mobile App and aligns the applicable App Store privacy disclosures with the data collected, generated, accessed, or processed by that app version.
Quartech reviews the device permissions, data categories, data safety practices, and third-party SDKs used by each published Q-CMS Mobile App and aligns the applicable Google Play Data Safety disclosures for the Google Play Store with the data collected, shared, generated, accessed, or processed by that app version.
Third-Party SDKs
The Q-CMS Mobile Apps may use third-party service providers or SDKs, such as Google Maps SDK and communications providers such as Twilio, where required to support mapping, location-based functionality, SMS messaging, verification codes, service alerts, reminders, notifications, or other app-enabled communications. Whether a provider is treated as a third-party SDK depends on whether its software is embedded in the mobile app or used through Quartech’s backend services.
Twilio Messaging. Quartech may use Twilio or similar communications providers to send SMS messages, verification codes, reminders, alerts, or other service-related communications. Twilio may process information such as phone numbers, email addresses, message content, delivery status, timestamps, and related technical or routing information as necessary to provide messaging services.
Google Maps. Quartech may use Google Maps or similar mapping and geospatial service providers in Q-CMS Mobile Apps where required to support location-based features, mapping functionality, address lookup, routing, resource location, or other client-enabled geospatial functions. Google Maps may process information such as IP address, device information, app activity, location data where enabled, map interaction data, search or address information, timestamps, and related technical or diagnostic information as necessary to provide mapping and location-based services.
Per-App Differences
The table below summarizes key differences between the individual apps covered by this notice.
| App Name | Platforms | Auth Method | Data Collected | Sensitive permissions | Third-‑party SDKs | Data stored where | Notes |
| Digital Personnel Jacket (DPJ) | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Account and identity data; user ID; role/permissions; personnel profile data; assignments; certifications; training records; commendations; supervisor notes; performance history; inventory records; app usage; device/technical data; diagnostics; submitted content or attachments where enabled | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | DPJ may display sensitive personnel/workforce records. Access should be role-based and governed by the client organization’s configuration and agreement. |
| Recruiting | iOS Android | Username/password; Client identity provider or SSO where configured; 2FA; Device authentication where enabled | Applicant contact information; account and identity data; applicant ID; qualification responses; application form entries; supporting documents; attachments/photos; workflow status; testing reminders; file ownership; recruiter/reviewer activity; app usage; device/technical data; diagnostics | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | May process applicant PII and potentially sensitive information depending on client-configured forms, questions, and attachments. Do not disclose “biometric data collected” unless Quartech receives or stores biometric identifiers. |
| Field Training (FTO) | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Account and identity data; trainee/recruit/officer information; FTO information; shift records; checklists; call documentation; competency assessments; daily evaluations; feedback; training progress; pending reviews; workflow tasks; app usage; device/technical data; diagnostics; attachments where enabled | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | FTO records may be sensitive because they involve performance, competency, evaluation, and training documentation. Retention and access should follow client records-management requirements. |
| Bravo Zulu (BZ) | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Account and identity data; sender and recipient information; recognition submissions; commendation categories; notes of appreciation; timestamps; related reporting data; app usage; device/technical data; diagnostics; attachments/photos where enabled | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | BZ information may become part of the employee/personnel record or Digital Personnel Jacket depending on client configuration. |
| Q6 Resiliency | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Account and identity data; user profile information; resiliency or wellness-related interactions where configured; support workflow information; service communications; app usage; device/technical data; diagnostics; submitted content or attachments where enabled; location-related data where enabled | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Google Maps or similar mapping/geospatial provider where enabled; Twilio or similar communications provider for SMS verification, reminders, alerts, or service messages where enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | Validate carefully because identifiable resiliency, wellness, peer support, or crisis-related information may be sensitive. Confirm whether any health or wellness information is collected, displayed, or stored. |
| Policy Acknowledgement | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Account and identity data; policy review activity; acknowledgement history; attestations; certification records; timestamps; version history; completion status; overdue acknowledgement status; audit trail; app usage; device/technical data; diagnostics; attachments where enabled | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | Policy acknowledgements may be audit, accreditation, legal, or compliance records. Records may not be editable or deletable by users after submission where required for audit integrity. |
| Other Q-CMS Mobile Apps | iOS Android | Username/password; Client identity provider or SSO where configured; Device authentication where enabled | Data depends on the app, enabled features, user role, permissions granted, and client configuration. May include account data, role/permissions, workflow data, submitted content, app usage, device/technical data, diagnostics, and client solution data | Camera; Photos/Files; Notifications; Device Authentication; Location only where Google Maps or another location-based feature is enabled | Twilio or similar communications provider where service alerts or SMS notifications are enabled; | Applicable Q-CMS client environment / Quartech-hosted or client-hosted environment, subject to client agreement and deployment model | Each new Q-CMS mobile app should be reviewed separately before publication to confirm permissions, SDKs, data categories, Apple App Privacy disclosures, and Google Play Data Safety disclosures. |
Your Rights and Contact
Depending on the deployment and your jurisdiction, you may be able to request access, correction, or deletion of Personal Information collected through the Q-CMS Mobile Apps. If the app is delivered for a specific client environment, requests may need to be directed to the relevant customer organization. For all other requests, please refer to the Your Data Protection Rights and Contact sections of the main Privacy Policy.
Supplemental Privacy Notice – Digital Trust (DTS) Apps & Services
Effective: April 1, 2026
Last Updated: April 29, 2026
Applies to: Q-Wallet, Q-Trust Cloud, Q-Verifier
This notice explains how Personal Information is handled when you use Quartech Digital Trust Services (“DTS”), which may be used to issue, hold, and verify digital credentials (for example, ISO/IEC 18013-5 mobile driver’s licenses (mDL), W3C Verifiable Credentials, and AnonCreds). It supplements and should be read together with the Quartech Systems Ltd. Privacy Policy, which contains Quartech’s general privacy practices, including information on data sharing, cross-border transfers, security, data retention, your rights, and contact details. Capitalized terms used but not defined in this notice have the meanings given to them in the main Privacy Policy.
What Personal Information is processed depends on the product role (issuer, holder or wallet, or verifier) and the deployment (public cloud, private cloud, on-premises, or customer-managed). Where Quartech delivers Digital Trust Services for a specific customer organization, that customer may act as the controller, and Quartech typically acts as a service provider under contract.
What Information the Digital Trust Services Collect or Process
Holder/Wallet Apps (Q-Wallet)
Credentials stored on device: Wallet apps may store issued credentials and related cryptographic keys on the user’s device. Where supported, keys may be protected using OS provided secure storage (e.g. secure enclave/keystore).
Local history/settings: Wallet apps may store user preferences and optional local activity history on the device.
No biometric collection: If biometric unlocking is enabled, biometric templates are handled by the operating system; the app does not receive or store biometric data.
Network data: When a wallet communicates with an issuer or verification service, network information such as IP address and timestamps may be processed for routing and security.
Issuance Services (Q-Trust Cloud)
Identity attributes provided by the issuer/customer: Depending on the program, issuance workflows may process attributes required to create a credential (e.g., name, date of birth, licence/entitlement attributes, identifiers assigned by the issuer).
Credential and transaction metadata: Such as credential type, issuance status, timestamps, and technical identifiers needed for lifecycle management.
Fraud prevention and security logs: We may process logs (e.g., IP address, device/technical signals, administrator actions) to secure the service, prevent abuse, and support auditing required by the customer or law.
Verification Services (Q-Verifier)
Presentations and proofs: Verification may involve processing user-presented credential data, selective disclosure data elements, and/or cryptographic proofs (including privacy-preserving proofs such as AnonCreds, where applicable).
Verification outcomes: Such as valid/invalid results, revocation and integrity checks, and timestamps.
Operational and audit logging: Depending on deployment, we may process logs to support troubleshooting, security monitoring, and customer audit requirements.
Administration Portals
Portal account information: Administrator usernames, roles, and authentication information (as provided by the customer’s identity provider) may be processed to provide role-based access control.
Session and security data: Including login events and administrative actions for security and audit purposes.
Cookies and similar technologies: Portals may use essential cookies for sign-in and session management. Analytics or session replay tools (if any) must be enabled and documented per deployment.
How We Use This Information
We use Personal Information collected through the Digital Trust Services to:
– Provide and operate the Digital Trust Services (issuance, wallet, verification, administration, and support functions)
– Authenticate users and enforce role-based access, including integration with customer identity providers
– Maintain security and prevent fraud or misuse (monitoring, abuse prevention, incident response, and audit logging)
– Support customers and troubleshoot (diagnostics, support ticket handling, and service communications)
– Improve reliability and performance (service monitoring, error analysis, and product improvement)
– Meet legal, regulatory, and contractual requirements (including customer-required audits and retention where applicable)
App Permissions
Digital Trust mobile apps may request the following device permissions, to the extent required for the relevant app’s functionality:
– Camera (to scan QR codes for verification, or to capture documents or photos if required by an issuance workflow)
– Photos/Files (to upload attachments where supported)
– Notifications (for credential status updates, expiry reminders, and operational alerts)
– Bluetooth/NFC (only where the specific verifier or wallet workflow uses proximity-based presentation or device-to-device exchange)
– Location (only where required for a customer program feature – if not required, it is not collected)
Third-Party SDKs
Third-party SDKs and tools used across the DTS product family are identified in the per-product matrix below.
Per-Product Differences
The table below summarizes key differences between the individual products covered by this notice.
| Product name | Role | Platform | Data processed (high level) | Sensitive permissions | Third-‑party SDKs/tools | Data stored where |
| Q-Wallet | Holder | iOS/Android | Credentials on device; minimal telemetry if enabled | Camera/NFC/location | [ ] | On device |
| Q-Trust Cloud | Issuer | Cloud/On‑prem | Attributes required to issue, audit/security logs | [N/A] | [ ] | Customer tenant/region |
| Q-Verifier | Verifier | iOS/Android/Cloud | Presented data/proofs; verification results; logs as configured | Camera/NFC/Location/etc. | [ ] | Customer tenant/region and on-device |
Security
In addition to the safeguards described in the main Privacy Policy, we apply technical and organizational safeguards appropriate to the sensitivity of Digital Trust Services data, which may include encryption in transit and at rest, secure key storage on supported devices, access controls, logging/monitoring, and secure development and testing practices. For more information, see the Security section of the main Privacy Policy.
Data Retention
Personal Information is retained only as long as necessary for service operation, security, customer support, and compliance with legal and contractual requirements. Wallet apps typically store credentials locally on the device until the user removes them or uninstalls the app. Server-side logs and records, if any, are retained according to the customer program’s retention requirements and applicable law.
Your Rights and Contact
Depending on the deployment and your jurisdiction, you may be able to request access, correction, or deletion of Personal Information processed by the Digital Trust Services. Where supported, you may also be able to disable optional analytics or telemetry within the Digital Trust Services. If you are using a customer-branded program, requests may need to be directed to the relevant customer organization. For all other requests, please refer to the Your Data Protection Rights and Contact sections of the main Privacy Policy.
Locations
We have deep expertise in leading technology platforms. Our proven processes deliver dependeable solutions with impactful results.
Burnaby, BC, Canada
4211 Kingsway, #710
Burnaby, BC
V5H 1Z6
604-291-9686
Victoria, BC, Canada
1012 Douglas St. #200
Victoria, BC
V8W 2C3
250-380-9686
Seattle, WA, USA
Suite 970
5608 17th Avenue NW
Seattle, WA 98107