Privacy Policy
Last updated: 2 July 2026
This Privacy Policy explains how Quorello (“Quorello”, “we”, “us”) collects, uses, and shares information when you use our website and service (the “Service”). By using the Service, you agree to this Policy.
1. Information we collect
- Account information — your email address and a securely hashed version of your password. If you sign in with Google, we receive your email address and basic profile information from Google. We never see or store your password in readable form.
- Content you submit — the prompts you enter and the AI responses they generate. We store conversation content only when you choose to save a conversation to your history; saved conversations are linked to your account, and you can delete them at any time.
- Files you upload — on paid plans you may attach a document (PDF, Word, or text) to ground a question. We extract its text in memory only to send to the AI models for that question; the file and its extracted text are never written to our disk, database, or logs, and are discarded once your answer is shown. Document questions always run in Private mode (Zero Data Retention — see section 3) and are therefore not saved to your history. As with any prompt, the document’s contents are transmitted to the independent AI providers in order to answer your question, so only upload material you have the right to share with them.
- Usage information — we record the time and number of your queries (to enforce plan limits and prevent abuse) and the token counts and cost of each request (for capacity planning and billing). This usage information does not include the text of your prompts.
- Technical information — like most websites, our hosting provider may automatically record standard log data such as your IP address, browser type, and access times.
- Cookies and local storage — see section 9 below.
2. How we use information
- Provide, operate, and maintain the Service;
- Authenticate you and keep you signed in;
- Enforce plan limits and rate limits, and prevent abuse or fraud;
- Calculate usage and, when paid plans are offered, process payments;
- Monitor, debug, and improve the Service;
- Communicate with you about your account or important changes; and
- Comply with our legal obligations.
If you are in the EEA or UK, our legal bases for processing are: performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where we ask for it); and compliance with legal obligations.
3. How your prompts are processed
To generate answers, your prompt is transmitted to third-party AI providers through OpenRouter, Inc., which routes your request to the AI model(s) you select. Depending on your selection, those providers may include Anthropic, OpenAI, Google, xAI, Mistral, DeepSeek, Alibaba (Qwen), and Zhipu AI / Z.ai (GLM), along with the cloud infrastructure on which those models run. Each provider processes your prompt to produce a response and handles data under its own privacy policy.
Private mode (Zero Data Retention)
When Private mode is enabled — it is on by default for supported models — we instruct OpenRouter to route your request only to provider endpoints that operate under Zero Data Retention (ZDR): they do not retain your prompt after responding and do not use it to train their models. Models that do not offer a ZDR endpoint are disabled while Private mode is on. Under ZDR, your request may be served via alternative infrastructure (for example, Amazon Bedrock or Microsoft Azure). Conversations run in Private mode are also not saved to your history on our servers — they leave no trace with us once the answer is shown.
What we don’t do
We do not use your prompts or conversations to train any AI models, and we do not sell your personal information.
No end-to-end encryption of prompt content
Because an AI provider must receive your prompt in readable form in order to answer it, your prompt content cannot be end-to-end encrypted. Please do not submit confidential, sensitive, or personal information that you would not want shared with these providers.
4. How we share information
We do not sell your personal information. We share information only with the service providers (“sub-processors”) that help us operate the Service, and when required by law — for example, to comply with a legal request or to protect our rights, our users, or the public.
| Provider | Purpose |
|---|---|
| OpenRouter, Inc. | Routes your prompts to the selected AI models |
| AI model providers (Anthropic, OpenAI, Google, xAI, Mistral, DeepSeek, Alibaba, Zhipu / Z.ai) | Generate AI responses to your prompts |
| Render | Application hosting |
| Neon | Database hosting (accounts and saved conversations) |
| Optional “Sign in with Google” | |
| Stripe | Payment processing, if you purchase a paid plan |
5. International data transfers
Our providers may process data in countries outside your own, including outside the EEA and UK. Where required, such transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses. OpenRouter offers EU Standard Contractual Clauses and, for some models, in-region routing.
6. Data retention
- Account information — kept while your account is active.
- Saved conversations — kept until you delete them or close your account.
- Usage and cost metadata — retained for a limited period for billing, accounting, and abuse prevention.
- Server logs — retained for a short period by our hosting provider.
You can delete saved conversations in the app at any time. You can also permanently delete your account and all associated data yourself from the account menu in the app — this also cancels any active subscription. If you prefer, you can instead contact us using the details below.
7. Your rights
Quorello is based in Switzerland and processes personal data under Switzerland’s revised Federal Act on Data Protection (FADP), which is aligned with the EU’s GDPR; where the GDPR applies to you (for example, if you are in the EU), we honour its protections, and the EU recognises Switzerland as providing an adequate level of data protection.
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below. You may also have the right to lodge a complaint with your local data-protection authority.
8. Security
We protect your password using salted PBKDF2-HMAC-SHA256 hashing, serve the Service over HTTPS, and use HttpOnly session cookies. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
9. Cookies and local storage
- A session cookie (HttpOnly) to keep you signed in.
- A short-lived cookie during Google sign-in to protect against cross-site request forgery.
- Local storage on your device to remember interface preferences (such as which models are toggled on, Private mode, and sidebar state).
We do not use third-party advertising or tracking cookies.
10. Children’s privacy
The Service is not directed to children under 16, and we do not knowingly collect their information. If you believe a child has provided us information, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, take reasonable steps to notify you.
12. Contact
Questions or requests? Contact us at support@quorello.com.