Privacy Policy

Data Type	Description	Retained?
Inputs	Text, files, and other content you submit to the Service	Session
Outputs	Results and synthesis returned to you by the Service	Session
Operational Data	Content-free metrics: timestamps, error codes, model identifiers, latency	Anonymized
Account Data	Email, authentication tokens, billing identifiers (if applicable)	Account life

We use the data we process for two purposes only:

• Provide the Service: Your Inputs are routed to AI models to generate Outputs. This processing is ephemeral — it exists to serve your session.
• Maintain reliability and security: Aggregated, anonymized operational metrics (no content) are used to monitor uptime, detect errors, and improve performance.

We do not use your data for advertising, profiling, behavioral targeting, or any purpose beyond the two listed above.

Practice	Our Commitment
AI training on your content	Never
Cross-user learning from content	Never
Human review of content by default	Never
Sale of content or personal data	Never
Sharing content with third parties	Without consent
Advertising or behavioral targeting	Never

Third-party AI model providers (Groq, OpenRouter) process your Inputs to generate model responses. These providers operate under their own terms and privacy policies, which we evaluate for alignment with our commitments before use.

• Encryption in transit: All data transmitted between your device and our servers uses TLS encryption.
• Encryption at rest: Stored data is encrypted at the database level.
• Least-privilege access controls: Internal access to data is scoped to what each system component needs to function. No person has standing access to user content.
• Row-level security: Our database enforces access controls at the row level — your data is only queryable by your authenticated session.

Support personnel have no standing access to your content. If diagnosing an issue requires content access, the following controls apply:

• Access requires your explicit, informed consent
• Consent is time-boxed — access expires automatically
• All access events are written to an immutable audit log
• You may revoke consent at any time, after which access terminates immediately

You control deletion of your content. You may delete individual sessions or your entire account at any time through the Settings page. Deletion removes your content from our active database.

Operational logs (which contain no content) are retained in anonymized form for reliability monitoring. Backup copies of deleted content may persist for up to 30 days before permanent removal from backup systems.

If you close your account, we will delete your content and account data within 30 days, except where retention is required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Export: Download your conversation history and account data
• Correction: Update inaccurate account information
• Deletion: Delete your content and close your account
• Restriction: Limit how we process your data in certain circumstances
• Portability: Receive your data in a structured, machine-readable format

To exercise any of these rights, use the Settings page or contact us at privacy@quorum.com. We will respond within 30 days.

We will notify you of material changes to this policy by email and by displaying a notice on the Service before the change takes effect. Each version of this policy is dated and archived. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

We will not retroactively apply material policy changes to data collected under a prior version without separate consent.

Questions about this policy? Contact us at privacy@quorum.com