Legal

Privacy Policy

Effective 5 June 2026 · Version 1.0

Quorum is a private decision intelligence tool. We take the confidentiality of your decisions seriously. This policy explains exactly what data we collect, why we collect it, how it is protected, and what rights you have over it.

1. Data we collect

Account data

Your email address, collected when you sign in via magic link.

Decision data

The decision text you submit and any register-mode answers you provide before Council analysis.

Analysis data

AI-generated responses from persona analysis, synthesis, and the Examiner diagnostic, stored so you can return to a session.

Behavioural data

Bias scores, calibration records, decision patterns, and independence metrics derived from your decisions over time. This compounds into your decision profile in the Mirror module.

Technical data

An anonymous device identifier (gated behind functional cookie consent), session identifiers, and server-side request logs including IP address and user agent.

Website enquiry

If you request early access via this website, your name, email, WhatsApp number, and the decision context you provide.

2. Legal basis for processing

Contract

Creating and delivering a Council session, linking sessions to your account, and providing subscribed features.

Legitimate interests

Maintaining anonymous session access, improving reliability and product quality, and detecting abuse.

Consent

Functional cookies (device ID, session history). You may withdraw at any time via the Privacy Center in the app.

3. AI processing

When you submit a decision for Council analysis, your decision text is transmitted to an AI processing service to generate the analysis. The AI provider processes your data solely to generate the response and does not use your submissions to train its models.

Analysis generated by AI is for informational and reflective purposes only. It does not constitute legal, financial, medical, or investment advice.

4. Third-party processors

Supabase

Database and authentication. Hosted in the United States. See supabase.com/privacy.

Railway

Application hosting. Hosted in the United States. See railway.app/legal/privacy.

AI service

Generates Council analysis from your decision text. Hosted in the United States.

Google Fonts

Loads typefaces. No personal data transmitted beyond standard browser request metadata.

5. Data retention

Authenticated sessions

Retained until you delete your account or request erasure.

Anonymous sessions

Retained for 90 days if not linked to an account.

Bias & behavioural profiles

Retained while your account is active. Deleted on account erasure.

Server logs

Standard infrastructure logs retained for up to 30 days.

6. Data security

Decision text and analysis stored in the database is encrypted at rest using AES-256-GCM field-level encryption. All data in transit is protected by HTTPS/TLS. Authentication uses passwordless magic links — no passwords are stored. Row-level security is enforced in the database so each user's data is scoped to their account.

For a full account of our security measures, see the Security & Trust page.

7. Your rights

Under GDPR and the Digital Personal Data Protection Act 2023 (DPDP), you have the right to access, export, correct, erase, and restrict processing of your data. You may also withdraw consent and lodge a complaint with your supervisory authority.

To exercise these rights, use the Privacy Center in app Settings. We aim to respond within 30 days.

8. Cookies and local storage

Quorum uses browser local storage (not traditional HTTP cookies) to persist preferences on your device. For a full list of every key stored, its purpose, and how to manage it, see the Cookie Policy.

9. Children

Quorum is intended for professionals making significant decisions. We do not knowingly collect data from anyone under 18.

10. Changes & contact

Material changes will be posted here with an updated effective date. To raise a privacy concern or exercise your rights, use the Privacy Center in the app.