Privacy

Qualified respects your privacy and strives to protect your data. Qualified customers and their website visitors have rights under privacy laws, like GDPR, and we’ll work with you to exercise those rights on request.. 

• Data Privacy & Security
• Adding Qualified to Your Content Security Policy
• Cookies Required for the Qualified App

<span id="data-privacy-security"></span>

Data Privacy & Security

Customer Trust

Customer trust is Qualified’s top priority and we understand that safeguarding your data is essential. We follow best practices, like performing end-to-end encryption and third-party audits. With these rigorous standards, we achieved SOC 2 Type II compliance certification. Contact your Qualified representative for our report.

Learn more about how we protect your data to earn your trust.

• Our Privacy Policy explains how we handle you and your website visitors’ data.
• The Terms of Service describes the agreement between Qualified and those that use our service.
• Our Acceptable Use Policy outlines permissible uses of Qualified.

GDPR

Qualified is compliant with GDPR (General Data Protection Regulation), and our Privacy Policy outlines the privacy rights GDPR grants our customers in the EU and UK. These rights relate to personally identifiable information.

We work with third parties, subprocessors, that process personal data to assist us in delivering service for you. Qualified offers a Data Processing Agreement (DPA) and a full list of our subprocessors is available.

Handling Data Deletion Requests 

GDPR grants EU and UK consumers the Right to be Forgotten, meaning they can request that their personal information is deleted. When a website visitor wants to exercise their Right to be Forgotten, you can either:

1. Email our technical support team the following details:
   • Subject: [Your company’s name] GDPR Deletion Request
   • Email body: Visitor email(s) and date of request
   • If you want an email confirmation when Qualified deletes the visitor’s data, ask our support team in your initial request email.
     
2. Connect with Qualified API to request GDPR deletion automatically. Contact your Success Architect to enable the GDPR Deletion API for your account. 

<span id="add-qualified-to-csp"></span>

Adding Qualified to Your Content Security Policy

A Content Security Policy (CSP) is a web standard that grants websites additional control over what locations a client browser is permitted to load resources from and what other sites are allowed to interact with a company's site. For example, a company could specify that any content is safe to load from their own domain, but that JavaScript libraries and scripts may only be loaded from separate trusted, verified third-party domains. Content Security Policies are a security mechanism that helps protect against content injection attacks, such as Cross Site Scripting (XSS).

How to Tell if Your Company Has a CSP

Usually the person who is responsible for placing the Qualified JavaScript on your website will know if your company has a Content Security Policy in place already. If you install the Qualified Javascript snippet on your site and it appears to not function, odds are that you have a CSP in place. If you were to load your web page after the Qualified Javascript is installed and look at the developer console, you'd see something like this:

Configure your CSP to Allow Qualified

If your site has a Content Security Policy in place already, you'll need to update your CSP in the following ways to allow Qualified to successfully run on your site.

There is no need to add new directives to your CSP. The sources for each directive only need to be added if your current CSP defines that directive.

Directive: connect-src
Sources:
     https://*.qualified.com
     wss://*.qualified.com
Directive: media-src
‍Sources:
     mediastream:
     https://*.qualified.com‍
Directive: style-src
‍Sources:
     'unsafe-inline'
      https://*.qualified.com‍
Directive: child-src
‍Sources:
     https://*.qualified.com
Directive: frame-src
‍Sources:
     https://*.qualified.com
Directive: image-src
Sources:
	https://*.qualified.com

<span id="cookies-required"></span>

Cookies Required for the Qualified App

Qualified uses a number of cookies in our websites and our Qualified Messenger.

For optimum experience on the Qualified platform the Qualified Messenger sets three specific cookies: 

• qualified_session
• _q_state 
• __q_domainTest

Qualified has the ability to respect any pre-existing cookie opt-ins on our customers' websites. Please contact your Success Architect to get this set up. You can also add Qualified to your content security policy provider.

Cookies set by Qualified for website visitor logging:

Cookies set by Qualified on employee end-points:

This cookie is only set on app.qualified.com for our customer’s employees when they log into Qualified.  Customers do not need to include this cookie in their own Cookie policy. 

Reading Third-Party Cookies

Every time someone lands on your website Qualified will read the cookies available and attached to that visitor. Most commonly we’ll look for Pardot, Marketo, HubSpot, or other marketing automation cookies that have already been associated with this visitor. We’ll then take that information and surface that within Qualified.

Consent 

Qualified has the ability to respect any pre-existing cookie opt-ins/opt-outs on our customers' websites. Please contact support for the ability to do this. You can also add Qualified to your content security policy provider.