Privacy Policy
Last updated: 14 July 2026
This policy explains how QUORUM QUALITY & RISK MANAGEMENT LTD ("Quorum", "we", "us") collects, uses, shares and protects personal data when you use the Quorum service and website at quoquarisman.shop. It applies to visitors, account holders and subscribers.
1. Who is responsible
The data controller is QUORUM QUALITY & RISK MANAGEMENT LTD, 82 Dover Drive, Dunfermline, Fife, Scotland, KY11 8HA. You can reach us about privacy at support@quoquarisman.shop or +44 7702721461. For most requests, email is fastest — use the “Data & privacy request” topic on our contact form.
2. What we collect
- Account data: name, email address and authentication details when you create an account.
- Subscription & billing data: plan, billing status, and limited transaction metadata. Card details are handled by our payment processor, not by us.
- Content you provide: the briefs, prompts, uploaded material and generated draft documents you create in the workspace.
- Support data: messages you send us and the context needed to help you.
- Technical data: IP address, device and browser type, and basic usage events needed to run and secure the service.
We do not intentionally collect special category data. Please do not enter personal data you do not need, and never upload another party's confidential information without authorization.
3. Collection sources
We collect personal data from the following collection sources:
- Directly from you — the account details, briefs, prompts, file uploads and support messages you provide.
- Automatically from your use of the service — technical and usage data generated as you interact with the workspace.
- From our payment processor — subscription and payment status returned by Stripe.
- From service providers acting on our behalf — hosting, database, email and AI generation providers that process data to deliver the service.
4. Why we use it & legal bases
- Provide the service — generate drafts, visuals and exports. Legal basis: performance of a contract.
- Billing & subscriptions — take payment and manage plans. Legal basis: contract and legal obligation.
- Security & abuse prevention — protect the service and users. Legal basis: legitimate interests.
- Support & communication — respond to you and send service messages. Legal basis: contract and legitimate interests.
- Improve the service — aggregate, non-identifying analytics. Legal basis: legitimate interests. We do not use your content to train AI models.
- Legal compliance — meet our obligations. Legal basis: legal obligation.
5. AI processing of user input, generated results & file uploads
Because Quorum is an AI tool, this section explains exactly how we handle the user input you type, the generated results the tool produces, and any file uploads or example data you provide. You retain ownership of all of it. We process it only to operate the service for you — to produce drafts, visuals, training explainers and exports, and to let you and your team review and revise them.
- User input: the briefs and prompts you enter are processed to generate your draft documents and visuals, and are stored with your workspace so you can continue editing.
- Generated results: the documents, risk scores, diagrams, training videos and exports produced from your input are stored for your use and are yours to edit, download and delete.
- File uploads & example data: any material you upload is used only to inform your draft; do not upload personal special-category data or any third party's confidential information without authorization.
- No model training: we do not use your user input, uploads or generated results to train or fine-tune AI models.
- AI provider processing: where a generation step uses a third-party AI provider, only the input needed to return your result is transmitted to that provider, under their data-processing terms.
- Retention & deletion: user input and generated results are retained by default for 30 days so you can continue your work, then cleared, unless you keep them in your account. You can request deletion of your input and results at any time.
6. Payments
Payments are processed by Stripe. Card and payment credentials are entered directly with the payment processor; Quorum does not receive or store your full card number. We receive only the subscription status and limited transaction metadata needed to give you access and support. See Stripe's own privacy notice for how they handle payment data.
7. Who we share it with
We share personal data only with processors and partners that help us run the service, under contract:
- Hosting & infrastructure — to serve the application.
- Payment processing — Stripe, for subscriptions and billing.
- Email & support — to communicate with you.
- Database, storage & authentication — to store your account and documents securely.
- AI generation providers — where a feature requires it, to return your generated result.
We do not sell your personal data. We may disclose data if required by law or to protect our rights and users.
8. International transfers
Our providers may process data outside the UK/EEA. Where they do, we rely on appropriate safeguards such as UK International Data Transfer Agreements, the EU Standard Contractual Clauses, or adequacy decisions, so your data keeps an equivalent level of protection.
9. How long we keep it
- Account data: for the life of your account and a short period afterwards.
- Briefs & generated outputs: 30 days by default (or while kept in your account), then cleared.
- Billing records: as required by law and tax rules.
- Support messages: as long as needed to resolve and evidence the matter.
10. Security
We use encryption in transit, access controls, and least-privilege practices. Payment credentials are handled by our payment processor. No system is perfectly secure, but we work to protect your data and to notify you and the relevant authority where the law requires.
11. Your rights
Under UK GDPR and EU GDPR you have the right to: access; rectification; erasure; restriction; portability; objection; and to withdraw consent. You can also complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO).
If you are a California resident, under the CCPA/CPRA you have the right to know, delete, correct, and to opt out of “sale” or “sharing” of personal information, and not to be discriminated against for exercising these rights.
To exercise any right, email support@quoquarisman.shop. We will verify your request and respond within the timeframe the law requires.
12. Do Not Sell or Share
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. There is nothing to opt out of on that basis; if this ever changes, we will provide a clear opt-out mechanism first.
13. Cookies & analytics
We use strictly necessary cookies to run the service (for example, to keep you signed in) and limited, privacy-respecting analytics to understand aggregate usage. See our Cookie Policy for details and choices.
14. Automated decisions & children
Quorum generates draft content with automation, but this does not produce legal or similarly significant effects about you — outputs are drafts for human review. The service is for professional use and is not directed to children. It must not be used by anyone under 13; users aged 13–17 require the consent of a parent or guardian.
15. Changes & contact
We may update this policy; the “last updated” date above shows the current version. For any privacy question or request, contact QUORUM QUALITY & RISK MANAGEMENT LTD at support@quoquarisman.shop.