At Quivr, we prioritize the security and privacy of our users. This document outlines our commitment to privacy and compliance, detailing our security measures, telemetry use, row-level policy enforcement, local data handling, and compatibility with various Language Learning Models (LLMs).
Quivr is built on an open-source model, allowing for transparency and community-driven security enhancements. Our codebase is publicly available for review, ensuring that security experts can audit and contribute to our security practices.
Telemetry data is used to improve user experience and product performance. We collect minimal data necessary for these purposes, ensuring it is anonymized and securely stored. Users have the option to opt-out of telemetry collection.
Security is enforced at the database level through row-level policies. This ensures that data access is strictly controlled, with users only able to access data they are explicitly permitted to view or modify.
All data processed by Quivr remains local, ensuring that no data is sent outside without explicit user consent. This local-first approach guarantees data privacy and sovereignty.
Quivr is compatible with any Language Learning Model, including local server-run models. This flexibility allows users to choose the most suitable model for their needs, whether it’s for privacy reasons or specific feature requirements.
Through our partnership with Porter & Oneleet, we offer SOC2 compliance within 90 days for instances managed by Quivr. This demonstrates our commitment to maintaining high standards of security and data protection.
If you are a Quivr customer, user, employee, applicant, or just visiting our website, this policy applies to you.
If you are a registered customer of Quivr, we act as the ‘data controller’ of personal data about you and your use of Quivr, but as the ‘data processor’ of personal data in the information you put into Quivr (like information about your users, etc.).
From the first moment you interact with Quivr, we are collecting data. Sometimes you provide us with data, and sometimes we collect data about you, either automatically or from other sources, like publicly available websites or from a trusted data supplier.
We don’t collect any “sensitive data” about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offenses or alleged offenses) except when we have your specific consent, or when we have to comply with the law.
Quivr is a business-to-business service directed to and intended for use only by those who are 16 years of age or over. We do not target Quivr at children, and we do not knowingly collect any personal data from any person under 16 years of age.
Data protection law means that we can only use your data for certain reasons and where we have a legal basis for doing so.
You can exercise your rights by sending us an email at privacy@quivr.app.
We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. These measures include:
We limit access to personal data only to those employees, agents, contractors, and third parties who have a business need-to-know.
Quivr is a global service with primary storage of your information in the United States and the EEA. To facilitate our global operations, we may process personal information from around the world, including from other countries in which Quivr has operations, employees, or in the data processing facilities operated by the third parties identified below.
If you’ve been a Quivr customer, we’ll delete your personal data from our systems six years after you stop being a Quivr customer. We keep the information in this time in case there are any legal claims relating to your time as a customer.
We partner with third parties who we believe are the best in their field at what they do. When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.
We do not use cookies on our website. If you contract with us for a dedicated instance, there will be no data collection on our side. Data collection only occurs on the hosted version of Quivr.com.
By adhering to these principles, Quivr ensures a secure, private, and compliant environment for all users. Our commitment to transparency, rigorous security practices, and user-centric design ensures that Quivr remains a trusted platform for all your data privacy and compliance needs.