Requalify Privacy Policy
Effective Date: April 24, 2026 Last Updated: May 4, 2026
This Privacy Policy explains how Requalify, LLC ("Requalify," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our websites at https://requalify.io and https://requalify.app (together, the "Site"), when you create an account, and when you use the Requalify cloud-based platform and related services (the "Service").
Requalify provides a business-to-business (B2B) recordkeeping and workflow platform for organizations that perform hydrostatic testing, visual inspection, and requalification of compressed gas cylinders in compliance with U.S. Department of Transportation regulations (49 CFR Parts 171–180). The Service is intended for commercial use only.
1. Summary
The table below summarizes the key points of this Privacy Policy. The rest of the Policy provides the details.
| Topic | Summary |
|---|---|
| Who is the controller? | Requalify, LLC — a Florida limited liability company. |
| What personal information do we collect? | Account and identifier data (names, emails, phone numbers, employer), authentication and session data, payment-method metadata (processed by Stripe), usage and device data, and any personal information our customers choose to put into the Service. |
| Why do we collect it? | To provide the Service, process payments, authenticate users, secure our systems, support customers, comply with law, and improve the Service. |
| Do we sell or share personal information for targeted advertising? | No. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. |
| Do we use analytics or advertising cookies? | The authenticated Service uses only essential session and authentication cookies. The public marketing site at requalify.io uses analytics cookies, which you can opt out of via the cookie banner. We do not run advertising or remarketing trackers on either. |
| Who do we disclose personal information to? | Our service providers (including Stripe for payments and Microsoft Azure for cloud hosting, storage, and email delivery), our customers (for their own users), and others as required by law. |
| What rights do you have? | Depending on where you live, you may have the right to access, correct, delete, port, or restrict our use of your personal information, to opt out of "sale" or "sharing," and to appeal our decisions. |
| How do you contact us? | By email to privacy@requalify.io or by mail to 7756 N. Kendall Drive, Suite 260, Miami, FL 33156. |
2. Scope
This Privacy Policy applies to personal information we collect:
- when you visit the Site;
- when you create or use a Requalify account;
- when you use the Service as an Authorized User of one of our customer organizations (your employer or another organization that invited you);
- when you interact with our marketing, sales, or support;
- when you respond to a survey, event, or research request; and
- when someone else (for example, our customer or a prospect) provides personal information about you in connection with the Service.
The Service is designed for, and marketed to, businesses located in the United States. It is not directed to individuals outside the United States, and it is not directed to children under 18. See Section 13.
3. Our Roles: Controller and Processor
In most cases, Requalify acts as the business / controller for the personal information described in this Privacy Policy — meaning Requalify determines the purposes and means of the processing.
When a Requalify customer uses the Service to process personal information about its own employees, contractors, inspectors, customers, or cylinder owners, Requalify acts as a service provider / processor on behalf of that customer. In that case, the customer is the business / controller for that data, and the customer's privacy practices (not this Privacy Policy) govern the collection and use of that data. We process it only on the customer's documented instructions and as described in our customer agreements.
If you are an employee, customer, or contact of a Requalify customer and you have questions about how your personal information is used in the Service, please contact that customer directly.
4. Categories of Personal Information We Collect
We collect the following categories of personal information (using the statutory categories in California Civil Code § 1798.140(v)(1)):
4.1 Identifiers (§ 1798.140(v)(1)(A))
- Full name, work email address, work phone number
- Employer or business name, job title or role
- Username, unique Requalify account ID
- Internet Protocol (IP) address, device identifiers
4.2 Customer-Records Data (§ 1798.140(v)(1)(B) / Cal. Civ. Code § 1798.80(e))
- Business mailing address
- Billing contact name and email
- Payment-method metadata (last four digits of card, card brand, expiration month — the full card number and CVV are handled directly by Stripe and are not stored by Requalify)
4.3 Commercial Information (§ 1798.140(v)(1)(D))
- Subscription plan and billing history
- Service usage and transaction records
- Support ticket history
4.4 Internet / Electronic Network Activity (§ 1798.140(v)(1)(F))
- Log data: pages visited, features used, API calls made, timestamps, referring URLs, and error messages
- Authentication events (logins, login failures, session activity, user agent, session IDs)
- Device and browser information (browser type and version, operating system, screen size, language preference)
4.5 Geolocation Data (§ 1798.140(v)(1)(G))
- Approximate location only, inferred from IP address (typically to the city or region level), used for security and audit logging
- We do not collect precise geolocation from your device
4.6 Professional or Employment-Related Information (§ 1798.140(v)(1)(I))
- Job title, role, department
- Professional certifications, inspector identifiers, and regulatory identifiers that our customers or Authorized Users provide (for example, names tied to inspection records in the Service)
4.7 Inferences (§ 1798.140(v)(1)(K))
- Very limited. We infer account activity and security risk from the information above (for example, flagging unusual login behavior). We do not build profiles for advertising.
4.8 Categories We Do Not Intentionally Collect
We do not intentionally collect: biometric information, sensitive personal information (as defined in Cal. Civ. Code § 1798.140(ae)), protected-classification characteristics, sensory data (audio, visual, thermal), precise geolocation, genetic data, the contents of mail or text messages, or non-public education records.
If our customers' use of the Service incidentally results in such information being entered (for example, a customer uploads a photo that contains a face), the customer is the controller of that information.
5. Sources of Personal Information
We collect personal information from:
- You directly, when you create an account, request information, interact with support, or use the Service;
- Our customers, who may invite you to use the Service as their Authorized User or may enter information about you into the Service;
- Your device and browser, automatically, when you interact with the Site or Service (logs, cookies, IP address, session data);
- Authentication providers, if you sign in using Google or Microsoft (we receive your name, email, and a unique identifier from those providers, and only to the extent you authorize);
- Payment processors, who confirm transactions and provide card-metadata (we do not receive full card numbers); and
- Publicly available sources, including PHMSA's Requalifier Identification Number (RIN) verification data.
6. Purposes of Processing
We process personal information for the following business and commercial purposes:
- Providing the Service. Creating and maintaining accounts, provisioning tenants, routing requests to the correct tenant database, hosting Customer Data, and enabling the features Customer uses.
- Authentication and security. Verifying identity, managing sessions, preventing fraud, detecting and mitigating abuse, and protecting Requalify, customers, and their Authorized Users.
- Billing and payments. Processing Subscription Fees, sending invoices and receipts, preventing chargebacks, and complying with tax and accounting requirements.
- Customer support. Responding to inquiries and troubleshooting issues.
- Communications. Sending service-related messages (trial ending, renewal notices, password resets, security alerts, product updates). We send marketing messages only to business contacts who have opted in, and you can opt out at any time using the "unsubscribe" link in each message or by emailing privacy@requalify.io.
- Compliance, audit, and legal process. Maintaining audit trails, responding to subpoenas and government requests, and enforcing our terms.
- Operating and improving the Service. Monitoring reliability and performance, fixing bugs, improving features, and developing new functionality. For these purposes we primarily rely on aggregated and de-identified Usage Data (see Section 9).
- Business transactions. Evaluating, negotiating, and completing corporate transactions (mergers, acquisitions, financings).
Legal bases (for any individuals covered by European or similar laws): performance of a contract, legitimate interests (operating and securing the Service), compliance with legal obligations, and consent (where applicable and where we have asked for it).
7. Categories of Third Parties and Service Providers
We disclose personal information to the following categories of recipients. We have entered into contracts (and, where required, data-processing agreements) with our service providers that limit their use of personal information to providing services to us.
| Category | Examples of providers | What they receive |
|---|---|---|
| Cloud hosting and file storage | Microsoft Azure | Encrypted storage of uploaded files (PDF certificates, documents) and, for operational purposes, infrastructure logs |
| Email delivery | Microsoft Azure | Email addresses of recipients, message contents |
| Payment processing | Stripe, Inc. | Cardholder name, card number (direct to Stripe; not received by us), billing address, transaction details, and payment-form session data (cookies, IP address, page interactions on payment pages) used by Stripe for fraud prevention and to improve their services |
| Marketing site analytics | Google LLC — only on the public marketing site at requalify.io; not in the authenticated application | Anonymized IP address, device/browser metadata, pages viewed, session duration, referral source. Cross-device and demographic reporting features are enabled (see Section 7.4); advertising audience and remarketing features are disabled |
| Authentication | Google LLC and/or Microsoft Corporation — only if you sign in using those providers | Your name, email, and identifier on those providers |
| Database infrastructure | Microsoft Azure | All Customer Data and account data, encrypted at rest |
| Observability and monitoring (internal) | Self-hosted, operated by Requalify | Service telemetry — event timing, error traces, performance metrics. We configure this tooling to avoid capturing Customer Data; any personal information that incidentally appears is treated as confidential. |
| Professional advisors | Lawyers, accountants, auditors | As needed for their services, under confidentiality |
| Business transaction counterparties | Potential acquirers and investors | Under confidentiality, in diligence |
| Government and law enforcement | As required by subpoena, court order, or other legal process | Only what is legally required |
7.1 No Sale of Personal Information; Limited Analytics Sharing
Requalify does not sell personal information as defined under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") or similar U.S. state privacy laws.
On the public marketing site (requalify.io) we use Google Analytics 4 with Google Signals and Demographics & Interest Reports enabled. Because these features involve Google receiving and processing analytics data in conjunction with its account-level services, the broadest reading of CCPA/CPRA may treat this as "sharing of personal information for cross-context behavioral advertising." We do not run remarketing campaigns, place advertising trackers (Meta Pixel, LinkedIn Insight Tag, Google Ads conversion pixels), or use session-replay tools on the Site or Service. To honor your control, we provide three opt-out mechanisms for analytics on the marketing site:
- Cookie banner at
https://requalify.io("Essential only"); - Browser-level Global Privacy Control (GPC) signal, which we honor as an analytics opt-out;
- Google Analytics Opt-out Browser Add-on — a universal opt-out that works across all sites.
Google Analytics is not loaded in the authenticated application (*.requalify.app) where Customer Data lives.
7.2 Aggregated and De-Identified Data
We may create, use, and commercialize aggregated, anonymized, and de-identified data derived from personal information or Customer Data, including for purposes such as benchmarking inspection workflows across our customer base, generating industry insights, improving the Service, and developing new products and services.
Such data will be processed in a manner that does not identify, and cannot reasonably be used to identify, any individual, Customer, Authorized User, or specific asset.
To the extent such data qualifies as de-identified or anonymized under applicable law, it will not be treated as personal information under this Privacy Policy. We commit not to attempt to re-identify such data, except as necessary to validate our de-identification processes.
We also require that any third parties to whom we disclose such data are contractually prohibited from attempting to re-identify it.
7.3 Payment Page Data Collection (Stripe)
When you visit a Requalify page that displays a payment form (signup checkout, billing settings, plan changes), Stripe automatically collects information about your interaction with the form, including cookies and IP address, to identify which payment-form elements you saw during a single session. Stripe uses this data to provide payment services, prevent fraud, and improve their services. Stripe is the data controller for this collection; their use is governed by the Stripe Privacy Policy and Stripe Privacy Center. For an overview of the cookies Stripe sets, see our Cookie Notice Section 3.2.
7.4 Marketing Site Analytics (Google Analytics 4)
On the public marketing site requalify.io, we use Google Analytics 4 to understand visitor traffic and improve the site. Google Analytics 4 is not loaded in the authenticated application (*.requalify.app) where Customer Data lives.
Our Google Analytics 4 configuration:
- IP anonymization is enabled — Google removes the last octet of your IP address before storing or processing.
- Google Signals is enabled — for visitors who are signed into a Google account with ad personalization on, Google may correlate the analytics data with your Google account to provide cross-device measurement. We use this only for aggregate reporting; we do not receive or store your individual Google identity.
- Demographics and Interest Reports are enabled — we receive aggregated, estimated age range, gender, and interest-category data for our visitor population. No individual visitor is identified.
- Google Ads remarketing and advertising audiences are disabled — we do not retarget visitors with ads or build advertising audiences from this data.
- Data retention is set to the shortest available retention period.
Why Signals and Demographics are enabled. These features help us understand the audience of our marketing site so we can tailor messaging and content. They do not result in personal advertising follow-up — we run no advertising campaigns and have no remarketing tags. The data is used inside Google Analytics and inside our internal review of the marketing site only.
CCPA/CPRA "sharing" disclosure. Because Google Signals and Demographics features involve Google processing analytics data alongside its account-level services, the broadest reading of CCPA/CPRA may treat this as "sharing of personal information for cross-context behavioral advertising." We provide multiple opt-out mechanisms (below) so you can disable analytics on the marketing site at any time. Sending a Global Privacy Control signal from your browser is treated by us as an opt-out of analytics on requalify.io.
You can opt out of Google Analytics 4 at any time by:
- Clicking "Essential only" in the cookie banner on
requalify.io; - Installing the Google Analytics Opt-out Browser Add-on; or
- Sending a Global Privacy Control signal from your browser (we honor GPC as an analytics opt-out on the marketing site).
Google is the data controller for the data it receives. Their use is governed by Google's Privacy & Terms.
8. Cookies and Tracking Technologies
Our cookie practices differ by surface:
- Authenticated Service (
*.requalify.app): we use only strictly necessary cookies — primarily to keep you signed in (session cookies) and to remember basic preferences. We do not use analytics, advertising, or retargeting cookies in the authenticated Service. - Public marketing site (
requalify.io): we use analytics cookies (Google Analytics 4 — see Section 7.4) to understand how visitors use the site. These run by default under our opt-out model — choose "Essential only" in the cookie banner or send a Global Privacy Control signal, and we honor that choice for future visits. Dismissing the banner (closing it or continuing to scroll) leaves analytics enabled; you can opt out at any time via the Cookie Notice.
We do not use cookies for advertising, retargeting, or cross-context behavioral advertising on either surface. See our Cookie Notice for details.
We honor browser-based Global Privacy Control (GPC) signals. You can control cookies through your browser settings.
9. How Long We Keep Personal Information
We retain personal information only as long as necessary for the purposes described in this Privacy Policy and to comply with legal obligations. The table below describes our general retention practices.
| Category of data | Retention period | Criteria / legal basis |
|---|---|---|
| Account profile data (name, email, employer) | Term of account plus 3 years after closure | Contract, audit, legal-defense windows |
| Authentication logs (logins, session events) | 12 months | Security monitoring and incident investigation |
| Customer Data entered by customers | Term of the customer's subscription — inspection records are retained for up to ten (10) years from record creation while the subscription is active — plus the 90-day export window described in the Terms of Service, after which data is deleted from active systems (with backup persistence as described) | Contract, regulatory recordkeeping by the customer |
| Billing records (invoices, payment history) | 7 years | IRS and other tax / accounting rules |
| Support ticket history | 3 years | Service improvement, dispute resolution |
| System and application logs | 12 months | Security, troubleshooting, abuse investigation |
| Marketing contact information | Until opt-out, plus 6 months | Legitimate-interest communications with business contacts |
| Aggregated / de-identified data | Indefinitely | No longer personal information |
When we no longer need personal information, we delete it or de-identify it. Limited copies may persist in routine backups, logs, and archives for a commercially reasonable period consistent with our backup retention schedules, after which they are overwritten or destroyed.
Regulatory recordkeeping note. Customers using the Service for hydrostatic testing records may have statutory retention obligations under 49 CFR §180.215 and other laws. Customers are responsible for exporting and independently retaining their regulatory records before the end of the export window described in the Terms of Service.
10. Your Privacy Rights
10.1 Summary of Rights
Depending on where you live, you may have the following rights with respect to personal information about you that Requalify processes as a business / controller:
- Right to know / access. To confirm whether we process your personal information and to receive a copy of it.
- Right to delete. To request that we delete personal information about you.
- Right to correct. To request that we correct inaccurate personal information about you.
- Right to data portability. To receive a copy of your personal information in a structured, commonly used, and machine-readable format.
- Right to opt out of "sale" or "sharing." We do not sell or share personal information for cross-context behavioral advertising, so this right has no practical effect at Requalify; however, you may still submit a request and we will confirm our no-sale / no-share practice.
- Right to limit use of sensitive personal information. We do not use sensitive personal information beyond what is necessary to provide the Service, so this right also has no practical effect at Requalify.
- Right to opt out of profiling / automated decision-making that produces legal or similarly significant effects. We do not engage in such profiling.
- Right to appeal. In states that require it (including Virginia, Colorado, Connecticut, Oregon, Montana, Delaware, New Hampshire, New Jersey, and others), you may appeal our denial of a rights request.
- Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
10.2 How to Exercise Your Rights
You may submit a privacy-rights request by email to privacy@requalify.io (please put "Privacy Rights Request" in the subject line).
We may also provide additional methods in the Service.
10.3 Authorized Agents
You may designate an authorized agent to submit a request on your behalf. We will require written proof of your authorization (such as a signed permission, a copy of a power of attorney, or other evidence acceptable under applicable law) and may require you to verify your identity directly with us.
10.4 Verification
To protect your personal information, we will verify your identity before acting on a request. The verification process depends on the sensitivity of the request and usually requires you to confirm information we already have on file (such as your account email, recent account activity, or a one-time code).
10.5 Timing
We will acknowledge your request within ten (10) business days and respond substantively within forty-five (45) days. If we need more time (up to another forty-five (45) days), we will tell you why and when to expect our response.
10.6 Appeals
If we deny your request and you are a resident of a state with appeal rights, you may appeal by replying to our response email or by writing to privacy@requalify.io with "Privacy Rights Appeal" in the subject line. We will respond to your appeal within sixty (60) days. If we deny the appeal, you may contact your state attorney general or privacy regulator.
10.7 Global Privacy Control (GPC)
We treat a valid GPC signal from your browser as a request to opt out of "sale" and "sharing" of your personal information. Because we do not sell or share personal information, a GPC signal does not change our practices; however, we acknowledge receipt of the signal in accordance with California regulations.
10.8 Request by Requalify Customers' Authorized Users
If you are an Authorized User (for example, an inspector using the Service on behalf of your employer), and your request concerns personal information processed by Requalify on behalf of that customer, we will refer you to that customer, who is the business / controller of that data.
11. Security
Requalify uses reasonable and appropriate administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our safeguards include:
- Encryption in transit (TLS) and at rest where supported;
- Multi-tenant isolation using per-tenant databases;
- Role-based access controls and least-privilege for Requalify personnel;
- Multi-factor authentication for privileged access;
- Regular patching and vulnerability management;
- Audit logs of significant actions;
- Background checks on Requalify personnel with access to personal information;
- Contracts with service providers that require them to maintain appropriate security; and
- Incident response procedures.
No security program is perfect. If we ever experience a security incident that affects your personal information, we will notify affected individuals and organizations without undue delay after confirming the incident and, where required by law, no later than seventy-two (72) hours after that confirmation. Notifications will describe, to the extent known, the nature of the incident, the categories of personal information involved, the steps we have taken, and what you can do to protect yourself.
12. International Data Transfers
Requalify and our service providers operate primarily in the United States. When you use the Service, personal information about you may be transferred to, stored in, and processed in the United States. U.S. laws may differ from the laws of your home country and may provide less protection in some respects.
Requalify does not currently offer the Service to individuals or businesses located in the European Economic Area, the United Kingdom, or Switzerland. If you are located in those regions, please do not use the Service.
13. Children
The Service is not directed to individuals under 18 years of age, and Requalify does not knowingly collect personal information from anyone under 18. If you believe we have collected personal information from someone under 18, please contact us at privacy@requalify.io and we will delete it.
14. California-Specific Disclosures ("Notice at Collection")
This section is provided to comply with CCPA/CPRA. For California residents:
- Categories of personal information we collect: as described in Section 4.
- Categories of sensitive personal information we collect: we do not intentionally collect sensitive personal information as defined in Cal. Civ. Code § 1798.140(ae).
- Purposes for which we collect: as described in Section 6.
- Whether we sell or share: we do not sell personal information and we do not share personal information for cross-context behavioral advertising.
- Retention: as described in Section 9.
- Your rights: as described in Section 10.
- Notice of financial incentive: we do not offer financial incentives for the collection, sale, or retention of personal information.
- Metrics: California regulations (11 CCR § 7102) require certain large businesses — those that buy, receive for commercial purposes, sell, or share the personal information of 10,000,000 or more consumers in a calendar year — to publish annual metrics about privacy-rights requests. Requalify does not meet this threshold and is not currently required to publish these metrics. If that ever changes, we will publish the required metrics and update this Privacy Policy.
15. Other U.S. State Privacy Laws
Depending on your state of residence, laws such as the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, Iowa Consumer Data Protection Act, Delaware Personal Data Privacy Act, New Hampshire SB 255, New Jersey Data Privacy Act, Tennessee Information Protection Act, Minnesota Consumer Data Privacy Act, Maryland Online Data Privacy Act, Indiana Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Rhode Island Data Transparency and Privacy Protection Act, and similar state laws may give you additional rights. The rights described in Section 10 are intended to satisfy those laws where they apply, and we will honor valid requests submitted by residents of those states.
16. Do Not Track
Some browsers offer a "Do Not Track" signal. Because there is no industry consensus on how to interpret this signal, Requalify does not currently respond to it. We honor Global Privacy Control signals as described in Section 10.7.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make a material change, we will provide notice (such as by email or in-Service notification) before the change takes effect. The "Last Updated" date at the top of this Policy shows when it was last revised. Your continued use of the Service after the updated Privacy Policy takes effect constitutes acceptance.
18. Contact Us
If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your rights, please contact us:
Requalify, LLC — Privacy Team 7756 N. Kendall Drive, Suite 260 Miami, FL 33156 Email: privacy@requalify.io General contact: hello@requalify.io Website: https://requalify.io