GDPR · Belgian law

Privacy Policy.

How Codelines BV (the company behind QlearView) handles your personal data, on what legal basis, where it's stored, and what rights you have over it.

Last updated: 13 May 2026 · Effective immediately

1. Who we are

QlearView is a project-management SaaS operated by Codelines BV, a company registered in Belgium.

  • Legal name: Codelines BV
  • Registered office: Oudebaan 67, 2610 Wilrijk, Belgium
  • Company number (KBO) / VAT: BE 1001.702.172
  • Contact: info@codelines.be

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), Codelines BV is the data controller for personal data we collect through this website and for account/contact data in QlearView. For workspace content that customers add to QlearView (tasks, comments, attachments and similar), Codelines BV acts as a data processor on behalf of the customer.

2. What personal data we process

2.1 Marketing website (qlearview.be)

  • Early-access / contact form submissions: name, email address, optional company name, team size, currently used tool, area of interest and any message you write.
  • Server logs: IP address, user-agent string, requested URL and timestamp, kept for a short period for abuse prevention and basic operational diagnostics.

2.2 QlearView application (workspace.qlearview.app and tenant subdomains)

  • Account data: username, email, first and last name, hashed password, assigned role, account status (active / inactive), date joined, last login.
  • Workspace data your team creates: projects, tasks, comments, time entries, tags, file attachments, integration configuration and the audit history of those records.
  • Integration tokens: if you connect a third-party service (e.g. an accounting or CRM tool), we store its OAuth refresh token encrypted with Fernet so we can keep the connection alive.
  • Technical and session data: a session cookie that keeps you logged in, plus server logs containing IP, user-agent, timestamp and the API endpoint called.

2.3 What we do not do

  • No third-party advertising or marketing trackers on either the marketing site or the application.
  • No analytics SDKs (Google Analytics, Hotjar, Mixpanel, etc.).
  • No selling of personal data, ever.

We rely on the following bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)): creating and operating your QlearView workspace, authenticating users, delivering the features you sign up for, and providing support.
  • Legitimate interests (Art. 6(1)(f)): securing the service against abuse (rate limiting, brute-force lockout, server logs), basic operational analytics on aggregate usage, and limited service emails (e.g. account, billing, security notices). Our interests are balanced against your rights and you can object at any time — see Section 9.
  • Consent (Art. 6(1)(a)): when you submit the early-access contact form so that we can reply to you about QlearView. You can withdraw this consent at any time by emailing info@codelines.be.
  • Legal obligation (Art. 6(1)(c)): retaining invoicing and accounting records for the period Belgian law requires (currently seven years).

4. Where your data is stored

All production data — databases, file storage, email queues, caches — is hosted with Scaleway SAS in their Paris (fr-par) region, inside the European Union. Backups and replicas remain in the same region. We do not transfer personal data outside the European Economic Area in the ordinary course of running the service.

Per-customer workspace data is isolated at the PostgreSQL schema level (django-tenants), so one workspace's queries cannot reach another's rows.

5. Sub-processors

We rely on a small, audited set of sub-processors. Each one only sees the data they need to perform their function, and each is bound by appropriate data-protection terms.

  • Scaleway SAS (France, EU) — managed PostgreSQL, S3-compatible object storage, managed Redis, transactional email (TEM), Kubernetes hosting.
  • Web3Forms (EU-compliant form delivery) — used only to deliver submissions from the marketing-site contact form to our inbox. Not used inside the QlearView application.
  • Let's Encrypt (ISRG) — TLS certificate issuance for our domains.

An up-to-date sub-processor list and our standard Data Processing Agreement (DPA) are available on request via info@codelines.be.

6. Cookies

The marketing site (qlearview.be) sets no tracking cookies. Optionally, a single non-tracking preference cookie may be set if you dismiss the pre-launch banner, so we don't show it to you again on the same device.

The application (*.qlearview.app) sets a small number of strictly necessary cookies — a session cookie that keeps you logged in, a CSRF token, and a "remember me" cookie if you opt in at login. These are exempt from prior-consent requirements under EU ePrivacy guidance because they are essential to providing the service you've asked for.

7. How long we keep it

  • Account and workspace data: kept for as long as your workspace is active.
  • Inactive workspaces: Free workspaces with no login activity are suspended and ultimately deleted per the inactivity policy published on our pricing page.
  • Audit history: retained per the term of your plan (see pricing).
  • Backups: rolling, retained for up to 30 days, then overwritten.
  • Server logs: retained for up to 30 days for security and diagnostics.
  • Early-access form submissions: kept for up to 24 months from your last interaction, then deleted.
  • Invoicing / accounting records: 7 years, as required by Belgian law.

8. Security

We treat security as a feature, not a checklist. Details are on our security page; the short version:

  • TLS 1.2+ for all network traffic, certificates issued by Let's Encrypt.
  • Schema-per-tenant isolation in PostgreSQL.
  • Passwords hashed with Argon2; brute-force lockout via django-axes; 6-digit OTP for password reset.
  • Integration OAuth tokens and signup payloads encrypted at rest with Fernet (AES-128-CBC + HMAC-SHA256), keys held outside the database.
  • RBAC enforced server-side on every protected endpoint.
  • Full audit trail (django-simple-history) on every record that matters.

9. Your rights under the GDPR

If you are in the EU/EEA (and in practice anywhere we hold your data), you have the right to:

  • Access — get a copy of the personal data we hold about you.
  • Rectify — have inaccurate or incomplete data corrected.
  • Erase ("right to be forgotten") — request deletion of your data, subject to legal retention obligations.
  • Restrict — limit how we process your data while a dispute is resolved.
  • Port — receive your data in a structured, machine-readable format (CSV/JSON).
  • Object — to processing based on legitimate interests, including any direct-marketing activity.
  • Withdraw consent — at any time, for processing we do on the basis of your consent.

To exercise any of these, email info@codelines.be. We will respond within 30 days. If we hold the data as a processor on behalf of a customer (your employer's workspace, for example), we will forward the request to the workspace administrator who acts as controller.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données): www.dataprotectionauthority.be.

10. International transfers

We do not, under normal operations, transfer personal data outside the European Economic Area. Should that ever change, we will only do so under one of the safeguards listed in Chapter V of the GDPR (e.g. Standard Contractual Clauses) and will update this policy first.

11. Children

QlearView is a business product and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact info@codelines.be and we will delete it.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page always reflects the most recent revision. Material changes will be communicated to workspace administrators via email before they take effect.

13. Contact

Questions, requests, or anything in between — write to us at info@codelines.be or by post to:

Codelines BV
Oudebaan 67
2610 Wilrijk
Belgium