Privacy Policy

Last Updated: January 23, 2025

QuROI, Inc. ("Company," "we," "us," or "our"), a Delaware corporation, operates the QuROI Platform, Wisepanel, DiamondMCP, and the QuROI Context Engine API (collectively, the "Services").

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use the Services.

Global Policy with Jurisdiction-Specific Addenda

This Global Privacy Policy applies to all users. It is supplemented by jurisdiction-specific addenda for users in the EU/EEA, UK, California, Brazil, India, Canada, Australia, Singapore, and New Zealand.

If any addendum conflicts with this master policy, the addendum controls for users in that jurisdiction.

1. Information We Collect

A. Information You Provide

  • Account Details: Name, email address, password (hashed)
  • Payment Information: Processed by Stripe (we do not store full card numbers)
  • User Content: Prompts, queries, instructions, topics, or other inputs submitted to AI services
  • Communications: Feedback, support requests, survey responses
  • Organization Data: If using enterprise features, organization name, business contact details

B. Automatically Collected Information

  • Device & Browser Info: IP address, device identifiers, browser type, operating system
  • Usage Data: Pages visited, features used, time spent, orchestrator runs, agent cycles
  • Log Data: Timestamps, API requests, response metadata, error logs
  • Cookies & Similar Technologies: See our Cookie Policy

C. Derived AI Data

To deliver multi-agent reasoning services, we generate:

  • Agent role assignments and debate transcripts
  • Analytical metadata and performance metrics
  • Output synthesis data

This derived data is not used to train foundation models unless you explicitly opt-in to improvement programs (if offered).

2. How We Use Information

We use your information to:

A. Provide and Operate the Services

  • Authenticate your account and manage sessions
  • Process your prompts through the QuROI Context Engine API
  • Coordinate multi-agent orchestration and debate
  • Generate and deliver AI outputs
  • Process billing, subscriptions, and credit purchases
  • Provide customer support

B. Ensure Security and Prevent Abuse

  • Detect violations of our Acceptable Use Policy
  • Identify harmful, illegal, or fraudulent use
  • Monitor system integrity and prevent attacks
  • Investigate security incidents

C. Improve Performance

  • Optimize agent orchestration and debate quality
  • Debug errors and resolve technical issues
  • Analyze usage patterns, demand, and capacity
  • Enhance product features and user experience

D. Comply with Legal Obligations

  • Export control screening
  • Respond to lawful requests from authorities
  • Enforce our Terms of Use
  • Protect our rights and property

E. Optional Improvements (Opt-In Only)

  • Model refinement and training (if you consent)
  • Feature development based on aggregated usage data
  • Enterprise-requested custom improvements

We Do Not Sell Your Personal Information

QuROI does not sell, rent, or share your personal information for advertising or marketing purposes.

3. Legal Bases for Processing (Non-U.S. Users)

Where required by law (EU/EEA, UK, Brazil, etc.), our processing is based on:

  • Contract Performance: Providing the Services you requested
  • Legitimate Interests: Security, fraud prevention, service improvement
  • Consent: Marketing communications, optional training programs
  • Legal Obligations: Compliance with applicable laws

4. Sharing Your Information

We may share information with:

A. Service Providers (Processors)

  • Cloud Hosting: Infrastructure providers (US-based data centers)
  • AI Model Providers: Third-party LLM services (industry-leading AI model providers)
  • Payment Processing: Stripe (for credit card processing)
  • Authentication: Clerk (for identity management)
  • Email Delivery: Transactional email services
  • Support Tools: Customer support and ticketing systems

All service providers are contractually obligated to protect your data and may only use it to provide services to us.

B. Enterprise Customers

If you use the Services under an employer or business account, your organization may access or control your usage information, activity logs, and account settings. Contact your organization's administrator for details.

C. Legal Authorities

We may disclose information when required by law, such as:

  • In response to valid legal process (subpoenas, court orders)
  • To protect our rights, property, or safety
  • To prevent fraud or security threats
  • To comply with export control or sanctions laws

D. Business Transfers

If QuROI is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice before your information is transferred and becomes subject to a different privacy policy.

No Advertising or Marketing Sharing

We do not sell or share personal data with third parties for their advertising or marketing purposes.

5. Data Storage & Security

A. Storage Location

  • Hosted exclusively in the United States
  • Cloud infrastructure with multi-zone redundancy
  • Database services with automated backups

B. Security Measures

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest
  • Access Controls: Role-based access, multi-factor authentication for administrators
  • Monitoring: Continuous security monitoring and intrusion detection
  • Incident Response: Documented procedures for security breaches
  • Regular Audits: Periodic security assessments and vulnerability scans

For enterprise customers, see our Security Overview and Security Addendum.

6. Data Retention

Unless otherwise required by law:

  • Account Data: Retained while your account is active and for a reasonable period afterward
  • User Content: Retained as needed to provide services, or until you delete it
  • Log Data: Typically retained for 30-90 days
  • Billing Records: Retained for statutory periods (typically 7 years for tax compliance)
  • Support Communications: Retained for a reasonable period to provide ongoing support

Enterprise customers may negotiate custom retention schedules in their agreements.

You may request deletion of your account and associated data at any time (subject to legal retention requirements).

7. International Transfers

We are a U.S.-based service. All data is processed and stored in the United States.

If you access the Services from outside the U.S., your data will be transferred to and processed in the United States.

For users in jurisdictions with data protection laws (EU/EEA, UK, Brazil, etc.), we provide safeguards including:

  • EU/EEA: Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK: UK Addendum to SCCs
  • Brazil (LGPD): Contractual mechanisms consistent with LGPD requirements
  • India (DPDP): International transfer safeguards per DPDP regulations
  • Other jurisdictions: Appropriate contractual and organizational protections

8. Your Rights

Depending on your location, you may have the following rights:

General Rights (All Users)

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

Additional Rights (Jurisdiction-Specific)

  • EU/EEA & UK (GDPR): Right to restriction, objection, lodge complaints with supervisory authorities
  • California (CCPA/CPRA): Right to know categories of data collected, opt-out of "sharing"
  • Brazil (LGPD): Right to anonymization, information about data sharing
  • India (DPDP): Right to grievance redress, correction, and erasure
  • Canada: Right to withdraw consent, file complaints with Privacy Commissioner

How to Exercise Your Rights

To exercise any of these rights, contact us at: privacy@quroi.com

We will respond within the timeframe required by applicable law (typically 30-45 days). We may require verification of your identity before processing requests.

9. Children's Privacy

The Services are not intended for children under 18. We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at privacy@quroi.com and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

  • Email to your registered account
  • Dashboard alerts within the Services
  • Website notice banner

The "Last Updated" date at the top will reflect when changes were made. Continued use of the Services after changes constitutes acceptance of the updated policy.

11. Jurisdiction-Specific Addenda

For users in specific jurisdictions, additional terms apply. See:

  • EU/EEA Users: GDPR Addendum (Art. 15-21 rights, SCCs, data protection officer)
  • UK Users: UK GDPR Addendum (ICO oversight, UK Addendum to SCCs)
  • California Users: CCPA/CPRA Addendum (right to know, delete, opt-out, no sale/sharing)
  • Brazil Users: LGPD Addendum (ANPD compliance, international transfer safeguards)
  • India Users: DPDP Addendum (data principal rights, grievance officer)
  • Canada Users: PIPEDA/Quebec Law 25 Addendum
  • Australia Users: Privacy Act Addendum (OAIC complaints)
  • Singapore Users: PDPA Addendum
  • New Zealand Users: Privacy Act Addendum

Note: Full addenda available upon request. Contact privacy@quroi.com for jurisdiction-specific details.

12. Contact Information

QuROI, Inc.

Suite 4805, 4th Floor

1007 North Orange Street

Wilmington, New Castle County, DE 19801

United States

Privacy Inquiries: privacy@quroi.com

General Contact: support@quroi.com

Website: https://quroi.com

EU/EEA Representative: [To be appointed if required under GDPR Art. 27]

UK Representative: [To be appointed if required under UK GDPR]

Related Documents

© 2025 QuROI, Inc. All rights reserved.