Privacy policy.

Quire is a document-intelligence service. This policy explains, in plain terms, what we collect, why, and the controls you have over your information.

This Privacy Policy describes how Loïc Rico ("Quire", "we", "us") collects, uses, and shares personal information when you create an account, upload documents, or otherwise interact with the Quire service (the "Service").

When your organization uses Quire under a subscription agreement, your organization is the controller of personal information in the documents you upload, and Quire acts as the processor. This policy applies to Quire’s role as a controller — for our role as a processor, please refer to our Data Processing Addendum.

We try to collect as little as possible to deliver the Service well.

Information you provide

• Account information. Your name, work email address, profile photo, and password hash when you create an account.
• Workspace information. The name of your organization, billing contact, payment method (handled by Stripe — we never see your card number), and the email addresses of teammates you invite.
• Documents and prompts. Files you upload to the Service and the questions you ask Quire about them. We treat document contents as confidential — see §3.
• Support correspondence. Messages you send to our support team, including any attachments.

Information collected automatically

• Device and log data. IP address, browser type, operating system, the pages and features you use, and approximate timestamps. We use this to keep the Service running and detect abuse.
• Cookies and similar. A first-party session cookie (required) and, with consent, a small set of analytics cookies. We do not use third-party advertising cookies.
• Inferred information. Aggregate signals like “how many users opened the Inbox view this week”. This is never tied back to a person outside our internal aggregates.

We do not collect sensitive categories of personal information (such as health, biometric, or precise geolocation data) for our own purposes. Customers may upload documents that contain such information — see §3 for how we handle document contents.

Your uploaded documents are the heart of Quire — and the part we are most careful about.

• We never train models on your documents. Quire’s AI features are powered by foundation models we run inside our own infrastructure. Document contents are passed to the model at inference time and discarded; they are never used to update model weights.
• Documents are encrypted at rest using AES-256, with keys managed in AWS KMS (Canada region). Enterprise customers may bring their own keys.
• Documents are encrypted in transit using TLS 1.3.
• Access is least-privilege. Only a small number of authorized engineers have production access, and that access is logged, requires multi-factor authentication, and is audited quarterly.
• Documents stay in your workspace. We do not share document contents with other Quire customers or third parties, except sub-processors strictly necessary to deliver the Service (see §6).

We use the information we collect to operate, secure, and improve the Service — nothing else.

We do not sell personal information and we do not engage in cross-context behavioural advertising, as those terms are defined by the California Consumer Privacy Act and similar laws.

We share personal information only in the limited circumstances below.

• With sub-processors who help us deliver the Service — for example our cloud-hosting and email-delivery providers. A current list is published at quire.cloud/sub-processors and we give customers 30 days’ notice before adding a new one that processes document contents.
• With other members of your workspace, when you choose to share a document, thread, or workspace with them.
• With authorities, when required by a valid legal request. We challenge overbroad requests and notify customers unless legally prohibited.
• In the context of a corporate transaction, such as a merger or acquisition, with the same protections that apply under this policy.

You may request earlier deletion at any time — see §8.

Quire’s primary data centres are in Canada (Montréal). We replicate encrypted backups to a secondary region in Canada (Toronto). For customers on the EU plan, primary storage is in Frankfurt.

A small amount of operational data — such as support-ticket metadata or aggregate analytics — may be processed by our service providers in the United States. When that happens we rely on the European Commission’s Standard Contractual Clauses and the EU–U.S. Data Privacy Framework as our transfer mechanism.

Depending on where you live, you may have one or more of the rights below. We extend most of these globally regardless of the law that applies.

• Access — get a copy of the personal information we hold about you.
• Correction — ask us to fix information that is wrong.
• Deletion — ask us to delete your information. Limited exceptions apply (e.g. tax records).
• Portability — export your documents in their original format at any time, from Settings → Data & export.
• Object / restrict — object to processing based on our legitimate interests.
• Withdraw consent — for any processing we do based on consent, such as marketing emails.

To exercise any of these rights, email privacy@quire.cloud or use the in-app form at Settings → AI & privacy → Submit a request. We’ll respond within 30 days. If you’re in the EU and unsatisfied with our response, you may complain to your local data-protection authority.

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental loss, unauthorized access, and misuse — including SOC 2 Type II and ISO/IEC 27001 certifications, annual penetration testing, single sign-on, and granular workspace roles.

No system is perfectly secure. If we ever experience a breach affecting your information, we will notify you and the relevant authorities as required by law.

Quire is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will delete it.

We may update this policy from time to time. When we make material changes we will notify you by email at least 30 days before the change takes effect, and will publish a redline at quire.cloud/legal/privacy/changelog. The "Effective" date at the top of this page always shows the version currently in force.

Loïc Rico, 4200 boul. Saint-Laurent, Suite 800, Montréal, QC, Canada H2W 2R2. Privacy office: privacy@quire.cloud. Our Québec privacy officer is the Chief Privacy Officer (CPO).

For EU users, our EU representative under Article 27 of the GDPR is Loïc Rico, c/o Privacy Department, Mittelstrasse 12, 10117 Berlin, Germany.