Privacy Policy

Last updated: May 2, 2026 · Effective: May 2, 2026

Plain-language summary: We hold your tenant data (knowledge base sources, chat logs, API keys) only to serve your chatbot. We never train AI models on your conversations. You own your data and can export or hard-delete it at any time. We use minimal subprocessors and disclose every one below.

1. Who we are

Quikori (“we”, “us”, the “Service”) is the operator of the knowledge-grounded chatbot platform reachable at https://quikori.com. The data controller for tenant administrators (“you”) is Quikori. The data controller for end-users your chatbot serves is you; Quikori acts as a data processor on those end-user conversations.

2. Contact

Privacy questions, data subject requests, or breach reports go to [email protected]. We respond within 30 days (GDPR Article 12.3) or sooner.

3. What data we collect

We collect the minimum needed to operate the platform:

  • Account data — email, password (Argon2id-hashed, never plaintext), tenant name. Required to authenticate.
  • Knowledge base sources — files you upload (PDFs, text), URLs you crawl, and the chunks/embeddings derived from them. Required to ground chatbot replies.
  • Conversation data — chat messages between your end-users and Ori, stored for the analytics + handoff features you enable. Each message is tagged with the originating channel (web widget / WhatsApp).
  • API keys you provide — e.g. your OpenAI key, envelope-encrypted at rest with a separate KMS-managed key before write.
  • Billing data — Stripe customer ID and subscription metadata. Card numbers never reach our servers; they live with Stripe.
  • Operational telemetry — opt-in PostHog events (only after explicit cookie banner consent), error logs without PII, request rates for rate-limit enforcement.

4. Legal basis for processing (GDPR Article 6)

  • Contract performance (Art. 6.1.b) — account, subscription, knowledge base, and conversation processing.
  • Legal obligation (Art. 6.1.c) — billing records retained for tax law (typically 7 years).
  • Legitimate interest (Art. 6.1.f) — security logs, abuse prevention, fraud detection. We weigh this against your privacy and document the assessment.
  • Consent (Art. 6.1.a) — analytics cookies (PostHog). Withdrawable any time via the cookie banner or dashboard Settings.

5. Subprocessors

Listed below. We notify customers at least 30 days before adding or replacing a subprocessor.

SubprocessorPurposeRegion
OpenAILLM inference for chatbot replies + embeddings for KBUS
StripePayment processing, subscription billing, customer portalUS/EU
Meta (WhatsApp Business)WhatsApp message delivery (only if you connect WhatsApp)Per Meta DPA
PostHogProduct analytics + session replay (consent-gated)US (EU on Enterprise)
AWS S3 (or compatible)Source file storage (PDFs you upload)US-East default; EU on Enterprise

We notify customers at least 30 days before adding a new subprocessor. The current list above is also reachable at /privacy#subprocessors.

6. International transfers

Default storage region is US-East. EU-region storage is available on Enterprise Team. When EU personal data is transferred to a non-adequate jurisdiction (e.g. US), we rely on Standard Contractual Clauses (Module 2: Controller → Processor) and apply supplementary measures (encryption in transit + at rest, role-based access, audit logs). LLM inference may transit to model-provider regions per your model selection — see §5 Subprocessors.

7. Retention + deletion

We use hard deletion only — no soft-delete, no shadow copies. When you delete a tenant, source, conversation, or API key from the dashboard, the underlying database rows are removed in the same transaction and not recoverable.

Retention windows:

  • Active tenant data — kept for the lifetime of your subscription.
  • Cancelled tenant — purged 30 days after cancellation effective date. Email [email protected] for immediate purge.
  • Billing records — 7 years (tax law minimum).
  • Security logs — 90 days unless an active incident extends retention.
  • Backups — encrypted, rolling 35-day window.

8. Your rights

Under GDPR (EU/EEA/UK) and analogous laws (CCPA in California, PIPEDA in Canada, KVKK in Türkiye), you have the right to:

  • Access your personal data (export available in dashboard Settings).
  • Rectify inaccurate data.
  • Erase data (“right to be forgotten” — hard delete).
  • Restrict processing.
  • Port data in machine-readable format (JSON export).
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time (cookie banner / Settings).
  • Lodge a complaint with your supervisory authority. EU users may contact their national data protection authority; UK users may contact the ICO. Türkiye users may contact KVKK.

Tenant administrators submit data subject requests on behalf of their end-users. Quikori responds within 30 days of receipt.

9. Security

  • TLS 1.2+ everywhere in transit.
  • AES-256 at rest on the database tier (Postgres at-rest encryption).
  • API keys envelope-encrypted with a separate KMS-managed key.
  • Postgres Row-Level Security (RLS) on every multi-tenant table — cross-tenant reads denied at the database layer.
  • Argon2id password hashing.
  • Audit logs on SuperAdmin tenant CRUD, billing events, and authentication events.
  • SOC 2 Type II + ISO 27001 — on the roadmap (planned).

10. Cookies + tracking

We use a single first-party cookie, quikori-consent, to remember your preference across visits. Necessary cookies (session, CSRF) are always on — required for the service to work. Analytics (PostHog) and Marketing categories are off by default and require explicit consent via the cookie banner. You can withdraw consent at any time. We do not run third-party marketing pixels.

11. Children

Quikori is not intended for children under 16 (or the local age of digital consent). We do not knowingly collect data from children. If you believe we have, contact us and we will hard-delete it immediately.

12. Changes to this policy

When we change this policy materially, we email tenant administrators at least 30 days before the change takes effect and update the “Last updated” date at the top. Continued use after the effective date constitutes acceptance of the revised policy.

13. AI-specific disclosures

  • No model training on your data. Quikori never uses your knowledge base, conversations, or tool outputs to train any AI model.
  • LLM provider data handling.Conversation content transits to the LLM provider (default: OpenAI) for inference. Per OpenAI's API terms, OpenAI does not train on API requests. We pass a no-train header where supported.
  • Hallucinations + grounding. Ori grounds replies in your sources. If your sources are out of date, replies may be too. We surface confidence/uncertainty signals via handoff-to-human triggers (Phase 8 D-44/D-48).

This policy was last reviewed by Quikori on May 2, 2026. We re-review before each material change and update the “Last updated” date above.