Privacy Policy

Last updated: March 30, 2026

Privacy Policy

Last updated: March 30, 2026

This Privacy Policy explains how Kodever DOOEL Tetovo, operating SampleHQ (“SampleHQ,” “we,” “our,” or “us”), collects, uses, discloses, and protects personal data in connection with the SampleHQ website, platform, web application, and related services (collectively, the “Service”).

Company details

Kodever DOOEL Tetovo

Ljubo Bozinovski Pish 105, 1200 Tetovo

Republic of North Macedonia

Email: [email protected]

This Privacy Policy applies to personal data we process:

  • when you visit our website;

  • when you create an account, start a trial, or use the Service;

  • when you contact us;

  • when you connect third-party integrations to the Service; and

  • when we process personal data to operate, secure, support, and improve the Service.

1. Who We Are

SampleHQ is a cloud-based software platform designed to help businesses manage samples, sample workflows, sample orders, shipping-related workflows, CRM-connected processes, reporting, and related operational activities.

2. Our Role: Controller or Processor

Our role depends on the type of personal data and why it is being processed.

When we act as a controller

We act as a controller or equivalent role for personal data we process for our own business purposes, such as:

  • account registration and authentication;

  • billing, subscriptions, invoicing, refunds, and payment administration;

  • support, communications, and account management;

  • website analytics, security, fraud prevention, and abuse monitoring;

  • service administration and legal compliance;

  • direct business communications, where permitted by law.

When we act as a processor or service provider

We generally act as a processor, service provider, or equivalent role for personal data contained in customer workspace data that customers submit to or process through SampleHQ, such as:

  • CRM contact and company data;

  • deal, order, and shipment-related data;

  • sample request and form submission data;

  • attribution and workflow records;

  • other business data processed through the customer’s use of the Service.

In those cases, the customer controls the purposes of processing, and we process that data on the customer’s behalf in order to provide the Service.

3. Personal Data We Collect

The categories of personal data we collect depend on how you interact with SampleHQ.

A. Information you provide directly

This may include:

  • name, email address, phone number, job title, company name, and business contact details;

  • account profile information;

  • workspace details, branding details, and user role information;

  • billing name, billing address, tax details, and subscription information;

  • communications you send to us by email, forms, chat, or other channels;

  • feedback, demo requests, survey responses, and other information you choose to provide.

B. Account, authentication, and access data

Depending on how you sign in or are invited to a workspace, we may collect:

  • login and account verification data;

  • authentication and session data;

  • SSO and OAuth connection data;

  • passwordless login or magic-link related data;

  • access-control and security-related data.

C. Workspace and customer data

When customers use SampleHQ, we may process data stored in the platform, including:

  • user and team information;

  • sample, product, SKU, image, and category data;

  • order, request, workflow, and status data;

  • customer, contact, and company data;

  • CRM-linked records and deal-related information;

  • shipping and tracking-related information;

  • form submissions and request data;

  • notification records, reports, dashboards, and operational logs.

D. Integration data

If you or your organization connect third-party systems to SampleHQ, we may receive or access data from those systems to enable the integration and provide the requested functionality.

This may include data from:

  • CRM systems such as HubSpot and Salesforce;

  • shipping and logistics providers;

  • billing providers such as Paddle;

  • ERP or other connected systems;

  • authentication providers;

  • analytics and marketing tools.

The data received depends on the integration and the permissions granted.

E. Usage, device, and technical data

We automatically collect certain technical and usage data, such as:

  • IP address;

  • browser type and version;

  • device and operating system information;

  • approximate geolocation derived from IP;

  • log data and timestamps;

  • pages viewed and features used;

  • interaction events and referring URLs;

  • error, audit, and security event information.

F. Cookies and similar technologies

We use cookies and similar technologies for website and service functionality, security, preferences, measurement, analytics, and, where permitted, marketing.

G. AI-related inputs and outputs

If you use AI-enabled features, we may process:

  • prompts, inputs, attached context, and related metadata;

  • generated outputs;

  • usage logs and technical information needed to operate, secure, support, and improve AI functionality.

4. How We Use Personal Data

We use personal data to:

  • provide, operate, maintain, and support the Service;

  • create and manage accounts, workspaces, and user access;

  • authenticate users and secure accounts;

  • process subscriptions, billing, invoices, refunds, and payments;

  • enable integrations and connected workflows;

  • process orders, forms, notifications, and reports;

  • respond to support requests and communicate with you;

  • improve product functionality, performance, reliability, and security;

  • monitor usage, troubleshoot issues, and prevent abuse, fraud, and unauthorized activity;

  • send service-related notices, onboarding emails, product updates, and administrative messages;

  • send marketing communications where permitted by law and subject to your choices;

  • comply with legal obligations and enforce our agreements and rights.

We may also use aggregated and de-identified data for analytics, benchmarking, security, service improvement, and business operations, provided that such data does not identify you or any individual.

5. Legal Bases for Processing

If the GDPR or similar laws apply, our legal bases for processing include:

  • performance of a contract: to provide the Service and fulfill our obligations;

  • legitimate interests: to secure, maintain, improve, support, and administer the Service and communicate with business users;

  • consent: where required, such as for certain cookies or marketing communications;

  • legal obligation: where processing is necessary to comply with applicable law, tax, accounting, or enforcement requirements.

If we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

6. How We Share Personal Data

We do not sell your personal data.

We may share personal data with the following categories of recipients, as necessary:

A. Service providers and subprocessors

We use trusted vendors and infrastructure providers to help us operate the Service, such as providers for:

  • hosting and cloud infrastructure;

  • authentication;

  • billing and payments;

  • email delivery;

  • analytics;

  • support tooling;

  • security and logging;

  • file and image storage;

  • AI processing;

  • shipping and integration services.

B. Third-party integrations you enable

If you connect an integration, data may be shared with or retrieved from that third-party provider based on your instructions and configuration.

C. Within your organization

Workspace owners, administrators, and authorized users may access personal data in the workspace according to role, permissions, settings, and workflows enabled by your organization.

D. Legal and compliance disclosures

We may disclose personal data where required to:

  • comply with law, regulation, court order, or lawful request;

  • protect the rights, property, or safety of SampleHQ, our users, or others;

  • investigate fraud, security incidents, or policy violations;

  • enforce our agreements and legal rights.

E. Corporate transactions

We may disclose or transfer data in connection with a merger, acquisition, financing, restructuring, reorganization, sale of assets, or similar transaction, subject to appropriate confidentiality and legal safeguards.

7. International Transfers

Your personal data may be processed in countries other than the country where it was collected, including in the European Union, the United States, and other jurisdictions where we or our service providers operate.

Where required by law, we use appropriate safeguards for cross-border transfers, which may include contractual safeguards or other recognized transfer mechanisms.

8. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide and maintain the Service;

  • manage subscriptions and accounts;

  • support customers and users;

  • maintain security, logs, and audit records;

  • comply with legal, tax, accounting, and regulatory obligations;

  • resolve disputes and enforce agreements.

Retention periods may vary depending on the type of data, your relationship with us, your organization’s configuration, legal requirements, and whether the data is part of active workspace data, backups, or security logs.

When personal data is no longer needed, we will delete it, anonymize it, or securely retain it only where legally required.

9. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, and destruction.

These measures may include:

  • encrypted transmission;

  • access controls and role-based permissions;

  • audit logging and monitoring;

  • credential and token safeguards;

  • rate limiting and abuse prevention;

  • infrastructure and environment controls;

  • backup and operational resilience measures.

No method of transmission, storage, or security control is completely secure, and we cannot guarantee absolute security.

10. Your Rights and Choices

Depending on your location and applicable law, you may have rights regarding your personal data, including the right to:

  • access your personal data;

  • request correction of inaccurate data;

  • request deletion of your personal data;

  • request restriction of certain processing;

  • object to certain processing;

  • request portability of certain personal data;

  • withdraw consent where processing is based on consent;

  • opt out of marketing communications.

You can exercise rights by contacting [email protected].

If we process personal data as a processor on behalf of a customer, we may need to direct your request to the relevant customer, since that customer controls the data and the purposes of processing.

You may also have the right to lodge a complaint with your local data protection authority where applicable.

11. Marketing Communications

We may send you product, company, or service-related communications where permitted by law.

You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us at [email protected].

Even if you opt out of marketing, we may still send essential service and account-related communications.

12. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and, where relevant, in the Service for purposes such as:

  • essential site and login functionality;

  • security and fraud prevention;

  • remembering user preferences;

  • measuring usage and performance;

  • analytics and attribution;

  • improving content, user experience, and marketing effectiveness.

Depending on your location, we may ask for consent before placing non-essential cookies.

You can manage cookies through your browser settings and, where available, through cookie preference tools on our website.

13. Third-Party Sites and Services

The Service may link to or rely on third-party websites, applications, or services. We are not responsible for the privacy, security, or content practices of those third parties. Their own terms and privacy policies apply.

14. Children’s Privacy

SampleHQ is intended for business use and is not directed to children. We do not knowingly collect personal data directly from children.

If you believe a child has provided personal data to us unlawfully, contact us at [email protected], and we will take appropriate steps.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, operational practices, or product features.

When we do, we will update the “Last updated” date above. If changes are material, we may provide additional notice through the website, the Service, or by email where appropriate.

16. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact us at:

[email protected]

Kodever DOOEL Tetovo

Ljubo Bozinovski Pish 105, 1200 Tetovo

Republic of North Macedonia