Privacy Policy

Last updated: 29 May 2026

This Privacy Policy explains how Quorello (“Quorello”, “we”, “us”) collects, uses, and shares information when you use our website and service (the “Service”). Quorello is operated by [Operator name]. By using the Service, you agree to this Policy.

1. Information we collect

• Account information — your email address and a securely hashed version of your password. If you sign in with Google, we receive your email address and basic profile information from Google. We never see or store your password in readable form.
• Content you submit — the prompts you enter and the AI responses they generate. We store conversation content only when you choose to save a conversation to your history; saved conversations are linked to your account, and you can delete them at any time.
• Usage information — we record the time and number of your queries (to enforce plan limits and prevent abuse) and the token counts and cost of each request (for capacity planning and billing). This usage information does not include the text of your prompts.
• Technical information — like most websites, our hosting provider may automatically record standard log data such as your IP address, browser type, and access times.
• Cookies and local storage — see section 9 below.

2. How we use information

• Provide, operate, and maintain the Service;
• Authenticate you and keep you signed in;
• Enforce plan limits and rate limits, and prevent abuse or fraud;
• Calculate usage and, when paid plans are offered, process payments;
• Monitor, debug, and improve the Service;
• Communicate with you about your account or important changes; and
• Comply with our legal obligations.

If you are in the EEA or UK, our legal bases for processing are: performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where we ask for it); and compliance with legal obligations.

3. How your prompts are processed

To generate answers, your prompt is transmitted to third-party AI providers through OpenRouter, Inc., which routes your request to the AI model(s) you select. Depending on your selection, those providers may include Anthropic, OpenAI, Google, xAI, DeepSeek, Alibaba (Qwen), and Zhipu AI / Z.ai (GLM), along with the cloud infrastructure on which those models run. Each provider processes your prompt to produce a response and handles data under its own privacy policy.

Private mode (Zero Data Retention)

When Private mode is enabled — it is on by default for supported models — we instruct OpenRouter to route your request only to provider endpoints that operate under Zero Data Retention (ZDR): they do not retain your prompt after responding and do not use it to train their models. Models that do not offer a ZDR endpoint are disabled while Private mode is on. Under ZDR, your request may be served via alternate infrastructure (for example, Amazon Bedrock or Microsoft Azure).

What we don’t do

We do not use your prompts or conversations to train any AI models, and we do not sell your personal information.

No end-to-end encryption of prompt content

Because an AI provider must receive your prompt in readable form in order to answer it, your prompt content cannot be end-to-end encrypted. Please do not submit confidential, sensitive, or personal information that you would not want shared with these providers.

4. How we share information

We do not sell your personal information. We share information only with the service providers (“sub-processors”) that help us operate the Service, and when required by law — for example, to comply with a legal request or to protect our rights, our users, or the public.

5. International data transfers

Our providers may process data in countries outside your own, including outside the EEA and UK. Where required, such transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses. OpenRouter offers EU Standard Contractual Clauses and, for some models, in-region routing.

6. Data retention

• Account information — kept while your account is active.
• Saved conversations — kept until you delete them or close your account.
• Usage and cost metadata — retained for a limited period for billing, accounting, and abuse-prevention.
• Server logs — retained for a short period by our hosting provider.

You can delete saved conversations in the app at any time. To delete your account and associated data, contact us using the details below.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below. You may also have the right to lodge a complaint with your local data-protection authority.

8. Security

We protect your password using salted PBKDF2-HMAC-SHA256 hashing, serve the Service over HTTPS, and use HttpOnly session cookies. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Cookies and local storage

• A session cookie (HttpOnly) to keep you signed in.
• A short-lived cookie during Google sign-in to protect against cross-site request forgery.
• Local storage on your device to remember interface preferences (such as which models are toggled on, Private mode, and sidebar state).

We do not use third-party advertising or tracking cookies.

10. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect their information. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, take reasonable steps to notify you.

12. Contact

Questions or requests? Contact us at nicolas.b@zoho.com.