Legal

Privacy policy

Last updated: 26 March 2026

1. Data controller

obqo is based in Amsterdam, the Netherlands. For privacy questions contact us at info@obqo.co.

2. What data we process

We process the following personal data:

Name and email address (on account creation and during coaching)
Organisation data (institution name, role)
Coaching session records and trajectory information
Flow responses and assessment results
Career data (applications, placements)
Contact form submissions

3. Purpose of processing

We process personal data solely to:

Deliver the coaching services
Manage user accounts
Generate reports and analytics for the institution
Respond to contact requests
Improve our services

4. Storage and security

All data is stored within the European Union (Frankfurt, Germany) via Supabase EU. No data is processed or stored outside the EU. We do not use delegated access to mailboxes or calendars, inbox scraping, or calendar integrations.

5. Retention period

Personal data is retained for the duration of the active agreement with the institution. After termination, data is deleted within 90 days, unless a longer retention period is legally required.

6. Sharing with third parties

We share personal data only with:

Supabase (EU) — database hosting
Vercel — application hosting
Truncus — transactional email
Stripe — payment processing (billing data only)

We do not sell personal data to third parties.

7. Your rights

Under the GDPR you have the right to:

Access your personal data
Rectify inaccurate data
Erasure of your data
Restriction of processing
Data portability
Object to processing

8. Cookies

obqo uses only functional cookies required for the application to work (session authentication). We do not use tracking cookies, advertising cookies, or third-party analytics.

9. Complaints

If you have a complaint about the processing of your personal data, contact us at info@obqo.co. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).