Privacy Policy
Last updated: PLACEHOLDER — update on launch
⚠ This is a placeholder
Before launching to paying customers, replace this page with a legally-reviewed privacy policy. Recommended generators: termly.io (~$10/mo, GDPR + CCPA + COPPA compliant) or iubenda. Microsoft also requires a working privacy policy URL during Publisher Verification for the multi-tenant Outlook OAuth app.
Overview
Quill ("we", "us", "our") is an AI-powered customer-service email assistant operated by [BUSINESS LEGAL NAME]. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
Information we collect
Account information
- Your name, email address, and password (handled by our authentication provider, Clerk).
- Your business name, owner name, return policy, and brand tone preferences.
- Billing information (handled by our payment processor, Stripe — we never see your card number).
Mailbox credentials
- Encrypted at rest with AES-256-GCM. We decrypt them only at the moment of an outbound API call to Gmail / Microsoft Graph / Yahoo.
- For Outlook, we hold OAuth access + refresh tokens granted by you when you click "Connect Outlook." You can revoke at any time at account.microsoft.com/privacy/app-access.
- For Gmail and Yahoo, we hold app passwords you generated. You can revoke them at any time in your Google or Yahoo account settings.
Email content
- We fetch new email from your connected inboxes to draft replies. Email bodies are stored in our database, isolated to your tenant via row-level security.
- Drafted replies are sent through your own SMTP / Microsoft Graph / Gmail using your delegated credentials. We are a delegate, not a relay — your domain's reputation, your sent folder.
- Bulk-mailer and personal-domain gates filter promotional / no-reply email out before any AI processing.
Inventory + knowledge base
- Spreadsheets and documents you upload to teach Quill about your products and policies are stored in our database, isolated to your tenant.
How we use information
- To draft customer-service replies grounded in your inventory and knowledge base.
- To deliver, monitor, and improve the Service.
- To communicate with you about your account (verification, password reset, billing).
- To comply with legal obligations.
We do not sell your data. We do not train AI models on your data.
Subprocessors
We use the following providers to operate Quill. Each is bound by a Data Processing Agreement.
- Stripe — payments (PCI Level 1)
- Clerk — authentication (SOC 2 Type II)
- Resend — transactional email (verification, password reset)
- Railway — hosting (SOC 2 Type II)
- Cloudflare — DNS, CDN, DDoS protection
- xAI — AI model used for drafting replies. We send only the necessary email + retrieved inventory context per draft. xAI does not retain your data for training.
Your rights
You have the right to:
- Access a copy of your data.
- Correct inaccurate data.
- Delete your account and all associated data.
- Revoke any inbox connection at any time.
- Export your data in a machine-readable format.
To exercise these rights, email privacy@myquillai.com.
Data retention
- Active customer data: retained while your account is active.
- Cancelled accounts: 30-day grace period (in case you change your mind), then hard-deleted from our database. OAuth tokens are revoked at the provider level.
- Audit logs: 90 days.
- Billing records: 7 years (legal requirement in most jurisdictions).
Security
- HTTPS required for all traffic.
- Customer credentials encrypted at rest with AES-256-GCM. Master encryption key rotated annually.
- Tenant isolation enforced at both the application middleware layer and the database (Postgres Row-Level Security).
- Audit log of every credential decryption + every send-mail event.
Contact
Questions: privacy@myquillai.com