Privacy Policy

1. Introduction

This Privacy Policy explains how Quillnex ("we", "us", "our") collects, uses, stores, and protects the personal data you provide when accessing our writing tools, APIs, and companion services. We follow GDPR, CCPA, PIPEDA, and other applicable data-protection laws in every region where we operate.

2. Data we collect

We collect data in three primary categories:

• Account data: name, email, password, organization, billing contact, and role.
• Workspace content: text, files, assets, prompts, and metadata you intentionally upload or generate using Quillnex.
• Product analytics: IP address, device/browser fingerprints, usage events, and diagnostics necessary to secure and improve our infrastructure. This data is aggregated and pseudonymized whenever possible.

3. How we use personal data

• Authenticate and provision your account, subscription tier, and usage limits.
• Operate core product features (drafting, paraphrasing, summarizing, exporting, etc.).
• Provide customer support, incident response, and security notifications.
• Improve model performance, UX, and reliability using de-identified analytics.
• Comply with legal requests, financial auditing, and trust & safety reviews.

4. Legal bases for processing (GDPR)

We process your data based on contract performance (providing the service), legitimate interest (securing the platform, combating abuse, improving product functionality), consent (marketing communications, optional beta programs), and legal obligations (record keeping, compliance, tax).

5. Content handling & retention

Project content stays in the region specified by your workspace administrators. Unless you opt into shared libraries, we do not use your drafts to train public AI models. Content you delete is purged from our primary systems within 30 days and from encrypted backups within 90 days.

Customer support transcripts, consent forms, and billing records are retained for the minimum period required by law (typically 7 years in the United States).

6. Cookies & tracking technologies

We use strictly necessary cookies for authentication, preference cookies for UI settings, performance cookies (Amplitude, PostHog) for anonymized analytics, and optional marketing cookies (HubSpot) where consent is granted. You can manage cookie preferences via your browser or the banner presented at first login.

7. Third-party processors

We partner with cloud hosting (AWS, Vercel), payments (Stripe), and support tools (Zendesk, Linear). Each vendor signs a data-processing agreement and only receives information needed to fulfill their contracted obligations. We publish an up-to-date subprocessors list in the Quillnex security center.

International transfers use Standard Contractual Clauses (SCCs) or other recognized safeguards.

8. Security

Quillnex encrypts data in transit (TLS 1.2+) and at rest (AES‑256). Access to production systems is gated by SSO + MFA, least privilege, and continuous monitoring. We conduct annual SOC 2 Type II audits and third-party penetration tests. Breach notifications are issued within 72 hours of confirmation.

9. Your rights & choices

Depending on your jurisdiction, you may exercise the following rights by emailing quillnex.mailer@gmail.com:

• Request access, export, or deletion of your personal data.
• Correct inaccurate, incomplete, or outdated information.
• Withdraw marketing consent or object to specific processing.
• Designate an authorized agent for CCPA requests.
• Appeal a decision if we decline to fulfill your request.

We may ask for additional verification to protect your account from unauthorized changes.

10. Children's privacy

Quillnex does not knowingly collect data from children under 13 (or the equivalent minimum age in your region). If you believe a minor has provided us data, please contact quillnex.mailer@gmail.com so we can remove it promptly.

11. Updates to this notice

We revise this policy whenever we add features or change data practices. Material updates will be shared via email or in-app banner at least 14 days before they take effect.