Legal

Privacy Policy

Effective date: May 18, 2026 · Last updated: May 18, 2026

Do not upload sensitive personal data Quiriz is not designed or certified to handle protected health information (PHI), regulated financial data, government-issued identification numbers, or other categories of sensitive personal data. We strongly advise against uploading datasets that contain such information. If you choose to do so, you do so at your own risk and in violation of our Terms of Service. Quiriz accepts no liability for the consequences of uploading sensitive data to the platform.

1. About This Policy

This Privacy Policy describes how Quiriz ("we," "us," or "our") collects, uses, stores, and shares information when you use the Quiriz platform at quiriz.co (the "Service"). By using the Service, you agree to the practices described in this Policy.

We may update this Policy from time to time. We will post the revised Policy with a new effective date. Continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.

2. Information We Collect

We collect information in the following categories:

Category	Examples	Source
Account information	Name, email address, authentication credentials	Provided by you at registration (via Clerk)
User Data	Datasets, CSV/Excel files, and other content you upload	Provided by you
Usage data	Pages visited, features used, queries submitted, report history	Automatically collected
Third-party integration data	Google account tokens, Microsoft account tokens, email metadata	Collected when you authorize integrations
Technical data	IP address, browser type, device information, error logs	Automatically collected

3. How We Use Your Information

We use collected information to:

Provide, operate, and maintain the Service.
Process your datasets and generate AI-powered analysis and reports.
Authenticate your identity and manage your account.
Connect to third-party services you authorize (Google, Microsoft).
Respond to support requests and communicate with you about the Service.
Monitor and improve the performance, security, and reliability of the Service.
Comply with applicable legal obligations.

We do not use your User Data to train AI models, and we do not sell your personal information to third parties.

4. Data Hosting and US Jurisdiction

All data collected and processed by Quiriz is stored on servers located in the United States, hosted through Render (render.com), a US-based cloud infrastructure provider.

By using the Service, you acknowledge and consent that your data will be transferred to, stored in, and processed in the United States. The United States may have data protection laws that differ from those in your country. Your use of the Service is subject to applicable US federal and state law.

Quiriz does not currently maintain data residency options outside the United States. If your jurisdiction requires data to be stored locally, you should not use the Service.

5. Sensitive Data — Important Warning

Quiriz is a general-purpose data analysis platform. It is expressly not designed, audited, or compliant with the following regulatory frameworks:

HIPAA — Health Insurance Portability and Accountability Act (protected health information)
PCI-DSS — Payment Card Industry Data Security Standard (payment card data)
GLBA — Gramm-Leach-Bliley Act (consumer financial information)
COPPA — Children's Online Privacy Protection Act (data of children under 13)

You must not upload datasets containing any of the following:

Social Security numbers, government ID numbers, or national identification numbers
Medical records, diagnoses, prescriptions, or any individually identifiable health data
Credit card numbers, bank account numbers, or payment credentials
Passwords, PINs, or authentication credentials
Personal data of individuals under 13 years of age
Biometric identifiers

If you upload such data, you do so in breach of our Terms of Service and solely at your own risk. Quiriz accepts no liability for any harm resulting from your upload of sensitive or regulated data.

6. Third-Party Service Providers

We share data with trusted third-party sub-processors only as necessary to operate the Service. These include:

Provider	Purpose	Location
Render	Cloud infrastructure and database hosting	United States
Clerk	User authentication and account management	United States
OpenRouter / AI model providers	AI inference for data analysis and report generation	United States
Google	OAuth authentication and optional Gmail/Drive integration	United States
Microsoft	OAuth authentication and optional OneDrive integration	United States
Qdrant	Vector search for dataset intelligence features	United States

Each sub-processor is bound by data protection agreements consistent with applicable law. We do not authorize sub-processors to use your data for their own purposes.

7. Third-Party Integrations (Google and Microsoft)

If you choose to connect a Google or Microsoft account, we will request only the permissions necessary for the features you activate (such as reading files from Google Drive or accessing Gmail for data ingestion). OAuth tokens are stored securely and used solely to perform the actions you authorize.

You may revoke these permissions at any time through your Quiriz account settings or through your Google or Microsoft account settings. Revoking access will disable the corresponding features but will not affect your other data on Quiriz.

8. Data Retention

We retain your account information and User Data for as long as your account is active. If you delete your account, we will delete your personal information and User Data within 30 days, except where retention is required by applicable law or for the resolution of disputes.

Certain anonymized or aggregated usage statistics may be retained indefinitely as they do not identify you personally.

9. Security

We implement industry-standard technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction. These include encrypted data transmission (HTTPS/TLS), access controls, and regular security reviews.

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for the data you choose to upload.

10. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal data, including:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion of your personal data and account.
Portability: Request an export of your data in a machine-readable format.
Objection: Object to processing of your personal data in certain circumstances.

To exercise any of these rights, contact us at privacy@quiriz.co. We will respond within 30 days. We may need to verify your identity before fulfilling any request.

11. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@quiriz.co and we will delete it promptly.

12. International Users

Quiriz is operated by a corporation incorporated in British Columbia, Canada. All data is stored and processed on servers located in the United States. By using the Service, you consent to your data being transferred to and processed in the United States. Data protection laws in the United States may differ from those in Canada or your country of residence.

Canadian users: the Service is subject to applicable Canadian federal privacy law (PIPEDA and any applicable provincial equivalents). By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Policy.

Users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with heightened data protection requirements should be aware that Quiriz does not currently offer a Data Processing Agreement (DPA) or maintain EU-specific data residency. Such users should evaluate their obligations before using the Service.

13. Cookies and Tracking

The Service uses session cookies and local storage to maintain your login state and preferences. We do not currently use third-party advertising or tracking cookies. Browser telemetry may be collected for performance monitoring and error diagnosis.

14. Contact

For privacy-related questions or to exercise your data rights, contact us at:
privacy@quiriz.co

For general support: support@quiriz.co