LET’S TAKE A CLOSER LOOK

Tell us how your business operates today. We’ll help you move it forward.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Graphic Icon
Noble Privacy Policy

Quantum Lead Inc. (“Quantum Lead,” “we,” “us,” or “our”) is committed to protecting personal information. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with Noble, our point-of-sale application for Shopify covering repair, custom order, and service workflows (the “Application”), our website located at qlead.io (the “Site”),
and related services (collectively, the “Services”).

By installing the Application, using the Services, or providing us with personal information, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

1. Our Two Roles: Merchants and Their Customers
It is important to understand the two capacities in which we handle personal information:

  1. Merchant Information. When a merchant, prospective merchant, or its staff interacts with us directly — for example by creating an account, installing the Application, contacting support, or visiting the Site — we are responsible for that personal information and this Privacy Policy applies in full.
  2. Customer Information. When the Application processes personal information about a merchant’s customers (for example, the name and contact details attached to a repair ticket or custom order), we process that information solely on the merchant’s behalf and on its instructions, as a service provider. The merchant is responsible for that information, including for obtaining any consents required by law from its customers. Customers of a merchant should direct privacy requests to the merchant; we will assist the merchant in responding as required by law.


2. Information We Collect
(i) Merchant Information we collect directly:

  1. Account and contact information: name, business name, business address, email address, phone number, and role, when you create an account, sign an agreement, request a demo, or contact us.
  2. Billing information: plan selection and billing history. Payment card details are collected and processed by our payment processor (or, following App Store listing, by Shopify) and are not stored on our systems.
  3. Communications: the contents of emails, support requests, and feedback you send us.

(ii) Information we receive from Shopify when you install the Application:

  1. Store and staff information: store name, store configuration, locations, and staff account identifiers, as authorized through the Shopify API permissions you approve at installation.
  2. Operational store data: products, orders, customers, and related records, only to the extent required for the Application’s repair, custom order, and service workflows to function. Shopify remains the system of record for transaction and customer data; the Application does not process payments.

(iii) Information collected automatically:

  1. Usage and device data: log data, IP address, browser and device type, pages viewed, features used, and similar diagnostic information, collected through cookies and similar technologies on the Site and through standard logging within the Application.

Merchants should not use the Application to store highly sensitive personal information unless expressly authorized by Quantum Lead. The Application is intended for repair, custom order, and service workflow management and is not designed for the storage of medical information, government-issued identification numbers, payment card data, or other categories of sensitive information requiring specialized regulatory controls.

(iv) California Categories of Personal Information We Collect (from Merchants). We collect:

  1. Identifiers (e.g., name, business name, business address, email address, phone number)
  2. Commercial information (e.g., plan selection and billing history)
  3. Internet or other electronic network activity information (e.g., IP address, device and browser type, pages viewed, features used)
  4. Professional or employment-related information (e.g., role; staff account identifiers from Shopify)
  5. Inferences: We do not create inferences to profile individuals beyond improving and promoting the Application using anonymized/aggregated data.
  6. Sensitive personal information: The Services are not designed to collect or process sensitive personal information of California consumers; merchants should not store highly sensitive information in the Application.

(v) California Categories of Personal Information We Process on Behalf of Merchants (from Customers). We process customer information as a service provider/contractor only, and categories may include identifiers and commercial information as needed for workflows, consistent with Shopify permissions; merchants control the categories collected from their customers.


3. How We Use Personal Information

  1. To provide, operate, maintain, and support the Application and the Services;
  2. To set up and administer merchant accounts, billing, and agreements;
  3. To send service communications, such as onboarding, security, billing, and support notices;
  4. To send marketing communications to merchants where permitted by law, with the ability to opt out at any time;
  5. To monitor, analyze, and improve the performance, reliability, and usability of the Services;
  6. To detect, investigate, and prevent fraud, abuse, and security incidents;
  7. To comply with legal obligations and enforce our agreements.

We may create anonymized and aggregated data from information processed through the Services. Anonymized data does not identify any merchant or individual, and we may use it for any lawful purpose, including improving and promoting the Application.


4. Customer Notifications (SMS and Email)

The Application may enable merchants to send transactional notifications to their customers, such as repair status or order pickup notifications, by SMS or email through third-party communication providers (for example, Twilio). These notifications are sent on the merchant’s behalf and at the merchant’s direction. The merchant is responsible for obtaining any consents required from its customers to receive such communications and for complying with applicable anti-spam and telecommunications laws, including Canada’s Anti-Spam Legislation (CASL) and the U.S. Telephone Consumer Protection Act (TCPA), as applicable. Quantum Lead does not determine the recipients, content, timing, or purpose of customer communications sent through the Application. Such communications are initiated solely by the merchant. Merchants are solely responsible for ensuring that all SMS and email communications comply with applicable laws and regulations, including obtaining any required consent before sending messages.


5. How We Disclose Personal Information

We do not sell personal information, and we do not share personal information for cross-context behavioural advertising. We disclose personal information only as follows:

  1. Service providers: trusted third parties that perform services on our behalf, such as cloud hosting and infrastructure providers, communication providers, payment processors, analytics providers, and customer support tools. These providers are bound by contractual obligations to protect personal information and to use it only to provide services to us. We require our service providers and contractors to use personal information only to provide services to us, to implement appropriate security measures, and to refrain from combining personal information with other data or processing it for their own purposes, except as permitted by law for service provision, security, and legal compliance.
  2. Shopify: information is exchanged with the Shopify platform as necessary for the Application to function, in accordance with the permissions you approve and Shopify’s own terms and privacy policy.
  3. Business transactions: in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, personal information may be disclosed or transferred as a business asset, subject to confidentiality protections and applicable law, including notification requirements under Quebec law.
  4. Legal requirements: where required or permitted by law, such as to comply with a subpoena, warrant, court order, or other lawful request, or to protect our rights, our users, or the public.


6. International Transfers

We are based in Montreal, Quebec, Canada. Personal information may be stored and processed in Canada and in other jurisdictions, including the United States, where our service providers operate. Where personal information is communicated outside Quebec, we first assess the privacy protections applicable in the destination jurisdiction, as required by Quebec law, and we implement contractual and other safeguards designed to ensure a level of protection consistent with this Privacy Policy and applicable law. By using the Services, you acknowledge that personal information may be subject to the laws of the jurisdictions in which it is processed.


7. Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, to provide the Services, and to comply with our legal, accounting, and contractual obligations. When a merchant’s subscription ends, we will, upon written request, provide a commercially reasonable export of the merchant’s data held by the Application, after which we delete or irreversibly anonymize it, within a commercially reasonable period, subject to legal, regulatory, fraud-prevention, dispute-resolution and backup retention requirements. Records that reside in the merchant’s Shopify account ar not affected by uninstallation of the Application.


8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, use, disclosure, or modification, including encryption in transit, access controls, and the principle of least privilege for Shopify API permissions. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a confidentiality incident involving personal information that presents a risk of serious injury, we will notify the affected individuals and the Commission d’accès à l’information du Québec, and any other parties required by applicable law.


9. Your Rights

Eligible individuals may submit requests to access, correct, or delete personal information by contacting our Privacy Officer at the contact information below or by emailing privacy@qlead.io. We will verify your identity using information we already hold (for example, matching your business email address or requesting additional information) and will respond within the timelines required by law. If you are a customer of a merchant using the Application, please direct your request to that merchant, who controls your information; we will assist the merchant as its service provider. California residents: we act as a “service provider” under the California Consumer Privacy Act with respect to customer information processed through the Application, and we do not sell or share that information.

If you are not satisfied with our response to a privacy request, you may contact our Privacy Officer (below) or file a complaint with the Commission d’accès à l’information du Québec or the Office of the Privacy Commissioner of Canada.

We will not discriminate against you for exercising your privacy rights, including by denying


10. California Notice at Collection

This Notice at Collection applies to personal information we collect in connection with merchant accounts, prospective merchant accounts, website visitors, and business contacts.

Categories of personal information we collect may include: identifiers (e.g., name, business name, business address, email address, phone number), commercial information (e.g., plan selection and billing history), internet or other electronic network activity information (e.g., IP address, device and browser type, pages viewed, features used), and professional or employment-related information (e.g., role).


We do not intentionally collect sensitive personal information from California consumers in this context. We collect the above from you directly, from Shopify upon app installation consistent with permissions you approve, and automatically through cookies and similar technologies.


We use this information to provide, operate, maintain, and support the Services; administer accounts and billing; send service communications; send marketing where permitted by law; monitor and improve the Services; detect, investigate, and prevent fraud and security incidents; and comply with legal obligations.

We disclose personal information to service providers and contractors that perform services for us, to Shopify as necessary for the Application to function, in connection with business transactions, and as required by law.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising.

We retain personal information for the periods described in Retention below, including for as long as
reasonably necessary to fulfill the purposes disclosed in this policy or as required by law, including:

  1. Identifiers and professional information: for the duration of the merchant relationship and a reasonable period thereafter for contract administration, support, and legal obligations.
  2. Commercial information (billing history): for periods required by tax and accounting laws.
  3. Internet or network activity information: for a limited period needed for security, troubleshooting, and analytics. Actual retention periods vary based on the category and purpose and are subject to legal holds, fraud prevention, dispute resolution, and backup retention.


11. California Privacy Rights

If we collect personal information directly from California residents in connection with merchant accounts, prospective merchant accounts, website visitors, or business contacts, California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to:

  1. Know/access the categories and specific pieces of personal information we collected about them; the categories of sources; the business or commercial purposes; the categories of third parties to whom we disclosed personal information; and the categories of personal information disclosed.
  2. Request correction of inaccurate personal information. Request deletion of personal information, subject to applicable exceptions.
  3. Opt-out of sale or sharing of personal information (we do not sell or share personal information).
  4. Limit the use and disclosure of sensitive personal information (not applicable because we do not process sensitive personal information of California consumers in this context).
  5. Be free from discrimination for exercising these rights.

We use the categories of information described above for: providing and supporting the Services; account administration and billing; service communications; permitted marketing; analytics and service improvement; security and fraud prevention; and legal compliance.


We do not sell personal information and we do not share personal information for cross-context behavioural advertising as those terms are defined under California law. Where required by law, we recognize browser- or device-based opt-out preference signals (such as Global Privacy Control) as a valid request to opt out of any sale or sharing of personal information.

Where we process customer information through the Application on behalf of a merchant, we do so solely as a service provider or contractor, and requests relating to that information should be directed to the merchant that collected it.

The Services are not designed to collect or process sensitive personal information related to consumers in California. We instruct merchants not to store highly sensitive information in the Application. If we incidentally process any sensitive personal information in connection with merchant accounts or website use, we do so only for the limited purposes permitted by law (e.g., to provide the Services, maintain security and integrity, prevent fraud, and comply with legal obligations) and we do not use it to infer characteristics about individuals.

You may submit requests under this Section by:

  1. Emailing privacy@qlead.io; and
  2. Mailing our Privacy Officer at the address in Contact Us below.

You may authorize an agent to make a request on your behalf. We require proof of the agent’s authority (e.g., a signed authorization) and may also require you to verify your identity directly with us. If we deny your request, you may appeal by replying to our response and indicating ‘Appeal’ in the subject line or by writing to our Privacy Officer. We will inform you in writing of any action taken or not taken in response to the appeal and the reasons.


12. Cookies and Analytics

The Site uses cookies and similar technologies for essential functionality, preferences, and analytics. You can configure your browser to refuse cookies or alert you when cookies are being sent; some features of the Site may not function properly without them. Where required by law, we will obtain consent for non-essential cookies on the Site. You may also use browser-based opt-out preference signals as described above. We use third-party analytics services (for example, Google Analytics) to understand how the Site and Services are used; these providers process usage data under their own terms and privacy policies.


13. Children

The Services are intended for businesses and are not directed to consumers under 18 years of age. We do not knowingly collect, sell or share personal information from consumers under 18 years of age. If we learn that we have collected such information, we will delete it.


14. Changes to This Privacy Policy


We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates the most recent revision. Material changes will be communicated through the Site, the Application, or by email. Your continued use of the Services after the effective date of an updated policy constitutes acknowledgement of the revised terms.

15. Contact Us — Privacy Officer
Quantum Lead Inc. has designated a person in charge of the protection of personal information (Privacy Officer) in accordance with Quebec law. For questions, requests, or complaints regarding this Privacy Policy or our handling of personal information, contact:


Privacy Officer, Quantum Lead Inc.
Address: 1111 Bd Dr.-Frederik-Philips, Suite 600,

St-Laurent, QC, H4M 2X6, Canada,
Email: privacy@qlead.io