Privacy Notice
Effective date: February 21, 2026
Quick Policy provides policy authoring, compliance monitoring, onboarding, and related workflow tooling for organizations. This notice summarizes what data we process, how we use first-party analytics, and how we protect it.
1. Data We Process
We may process account details, organization profile data, policy content, audit activity, support requests, and low-sensitivity action telemetry needed to operate the platform and understand how the service is being used.
2. Purpose of Processing
Data is processed to provide the service, secure accounts, generate policy drafts, support compliance reporting, and understand how public website visitors engage with marketing content and conversion paths, as well as how authenticated users move through core workflows.
3. AI Processing
If AI features are enabled, prompts and structured context may be sent to model providers to generate outputs. AI usage events are logged for security, quality, and spend monitoring.
4. Product and visitor analytics
Public visitors are anonymous by default. Quick Policy records first-party analytics at the page, route, action, attribution, and aggregate usage level so we can improve discoverability, onboarding, and product usability. Product telemetry is action-oriented rather than content-oriented.
We do not store policy body content, learner answers, incident free text, or support message content in analytics events. We do not use session replay or keystroke capture in this analytics v1 release.
5. Retention and Security
We apply access controls, audit logging, and encryption-in-transit. Raw analytics events are retained for 12 months in the initial analytics release. Other retention periods depend on your configuration and legal obligations.
6. Marketing and advertising measurement
On public marketing pages, and only where applicable consent has been granted, we may use advertising and attribution technologies such as Meta Pixel and the LinkedIn Insight Tag to measure campaign performance and conversion outcomes. These tools are not used to monitor private in-product policy, incident, or training content.
7. Your Choices
Organization administrators can manage users, content, and lifecycle settings. Data subject requests should be submitted through your organization's designated contact.
8. Contact
For privacy questions, contact your account owner or support channel configured in your tenant environment.