QRK Tech/Privacy Policy

Privacy Policy

Last updated: February 21, 2026

1. Introduction

QRK Tech LLC ("QRK Tech," "we," "us," or "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your choices regarding your information when you use our products and services, including Profile Magician and the associated web portal.

2. What We Collect

Account Information

When you create an account on our web portal, we collect your name, email address, phone number, and organization name. Authentication is managed via Microsoft OAuth.

Machine Telemetry

When you run the Profile Magician client with the --send-telemetry flag or during a cloud-managed migration, the client submits the following:

  • Hardware ID — A SHA-256 hash derived from your machine's SMBIOS UUID, MAC address, and volume serial number.
  • System information — OS version, feature update level, storage usage (C: drive).
  • User profile metadata — Usernames and SIDs of local profiles (not file contents).
  • Browser profile metadata — Profile names, associated emails, active times, last synced times, and unsynced password counts for Chrome and Edge. We do not access passwords, browsing history, or file contents.
  • Outlook profile metadata — Profile names, primary mailboxes, last-use timestamps, and PST paths. We do not access email contents.
  • Migration status — Success or failure status of profile migrations and AppX repair.

Logs

During cloud-managed migrations, debug logs are uploaded to secure S3 storage via HTTPS using pre-signed URLs. Logs may contain file paths, registry key paths, and error details related to the migration process. Logs are accessible only by authenticated members of your organization.

What We Do Not Collect

  • Passwords or credentials
  • File contents or personal documents
  • Browsing history or bookmarks
  • Email contents
  • Configuration passwords (these are never transmitted)

3. How We Use Your Data

  • Service delivery — To provide migration management, licensing, telemetry dashboards, and log access.
  • License enforcement — Hardware IDs are used to track per-machine license consumption.
  • Troubleshooting — Logs and migration status help diagnose issues when you contact support.
  • Product improvement — Aggregate, anonymized usage data helps us understand common migration scenarios and improve the client.

4. Data Storage and Security

All data is transmitted over HTTPS. Cloud job configurations are encrypted client-side with AES-256-GCM — our servers process only the encrypted blob and never have access to the plaintext configuration or your password. Logs are stored in encrypted S3 buckets. Authentication uses industry-standard OAuth 2.0 via Microsoft.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties. Data may be disclosed only:

  • To comply with legal obligations or valid legal process.
  • To protect the rights, safety, or property of QRK Tech or our users.
  • With your explicit consent.

6. Data Retention

Account data is retained as long as your account is active. Machine telemetry and logs are retained for the duration of your organization's subscription. You may request deletion of your data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@qrktech.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or portal notification. Continued use of the services after changes constitutes acceptance.

9. Contact

For privacy-related inquiries, contact us at privacy@qrktech.com.