Legal
This page lists only what is technically implemented today. We do not list aspirational measures or certifications we have not yet completed.
Decision text and AI analysis stored in the database are encrypted at the field level using AES-256-GCM before storage. Encrypted fields are decrypted only at read time within the application.
Quorum uses time-limited magic links sent to your email. No passwords are stored. Authentication is handled via Supabase Auth with PKCE flow.
All data between your browser and Quorum servers is transmitted over HTTPS with TLS termination enforced at the hosting layer.
Supabase PostgreSQL row-level security policies are enforced across all user-scoped tables. Authenticated users can only read and write their own rows.
The Quorum application runs on Railway (US) and the database is hosted on Supabase (US). No user data is stored in jurisdictions with inadequate data protection standards.
Quorum does not serve advertising, does not sell user data, and does not share decision content with any third party except the AI processing service used to generate analysis.
Your decision text is processed by an AI service solely to generate your Council analysis. The AI provider does not use your submissions to train its models.
We believe transparency about current limitations is more valuable than unverifiable claims. The following are not yet in place:
If you discover a potential security issue, please report it via the Privacy Center in app Settings. We will acknowledge all valid reports within 5 business days and aim to remediate critical issues within 30 days.
You can export or delete your data at any time via the Privacy Center. For full details see the Privacy Policy.