Privacy Policy

Querri, a product of Allison Labs (Pty) Ltd
Last updated: 6 July 2026

Querri helps accounting and audit firms collect documents from their clients. This policy explains what information we collect, why we collect it, and how we protect it. We have written it in plain language, because privacy policies should be readable.

Who we are

Querri is operated by Allison Labs (Pty) Ltd, a company registered in South Africa. For the purposes of the Protection of Personal Information Act, 4 of 2013 (POPIA), Allison Labs is the responsible party for account data, and processes documents on behalf of the firms who use Querri.

Information Officer: Pete Mugasa (privacy@querri.co.za)

The two kinds of people who use Querri

Firm users create accounts, manage engagements, and send document requests. Clients of firms receive a secure link and upload documents. Clients never create accounts, and we treat their information differently, as described below.

What we collect

From firm users:

  • Name, email address, and password (stored hashed)
  • Firm details you provide (firm name, VAT status)
  • Billing information, processed by Paystack. We never see or store full card numbers
  • Usage information needed to operate the service (log data, IP addresses for security and rate limiting)

From clients of firms:

  • The email address the firm used to send the request
  • The files they upload
  • Technical logs of their actions (uploads, downloads, submissions), including IP address, kept as part of the engagement audit trail

We do not collect more than we need, and we do not buy, sell, or trade personal information. Ever.

The documents themselves

Documents uploaded through Querri frequently contain confidential financial information. We treat them accordingly:

  • Files are stored encrypted at rest with our storage provider (Cloudflare R2) and transferred only over encrypted connections (HTTPS/TLS).
  • Uploaded files are accessible only to authenticated members of the firm that requested them. They can never be viewed, listed, or downloaded through the client's upload link: the link is write-only by design.
  • Upload links are unique, unguessable, and expire automatically.
  • We do not open, read, analyse, or use the contents of uploaded documents for any purpose. They are your clients' documents, collected for your firm. Full stop.

Emails

We send transactional emails only (document requests, reminders, and account notifications) through our email provider (Resend). We do not send marketing email to your clients, and we never will. Their email addresses exist in Querri solely so your firm can reach them.

Who else touches the data

We use a small number of service providers to run Querri, each bound by their own security and privacy obligations:

  • Cloudflare R2: encrypted file storage
  • Fly.io: application hosting
  • Neon: database hosting
  • Resend: transactional email delivery
  • Paystack: payment processing

Some of these providers store data outside South Africa. Where personal information is transferred across borders, we do so in accordance with section 72 of POPIA, using providers that uphold protections substantially similar to POPIA.

We disclose information to no one else, unless required by law.

How long we keep it

  • Account data: for as long as your account is active.
  • Engagement data and documents: under your firm's control. You can delete engagements, requests, and files at any time.
  • After cancellation: your data remains accessible for 30 days, after which it is deleted from our production systems. Backups are purged on a rolling basis thereafter.
  • Audit trail records are retained with their engagement, because an audit trail that can be quietly edited or truncated is not an audit trail.

Your rights under POPIA

You may request access to, correction of, or deletion of your personal information at any time by emailing privacy@querri.co.za. We will respond within a reasonable time and in accordance with POPIA. If you believe we have mishandled your information, you may lodge a complaint with the Information Regulator of South Africa (inforeg.org.za).

If you are a client of a firm using Querri and have questions about documents requested from you, your first point of contact is the firm that sent the request: they control that engagement. We will assist them in honouring your rights.

Breach notification

If a data breach occurs that affects your personal information, we will notify the Information Regulator and affected users as required by section 22 of POPIA, without undue delay.

Cookies

Querri uses only the cookies necessary to keep you signed in and to protect the service (session and security cookies). We do not use advertising or cross-site tracking cookies.

Changes to this policy

If we change this policy in a way that matters, we will notify firm users by email before the change takes effect. The latest version always lives at querri.co.za/privacy.

Contact

privacy@querri.co.za
Allison Labs (Pty) Ltd, South Africa