Privacy Notice

Effective date: February 21, 2026

Quick Policy provides policy authoring, compliance monitoring, onboarding, and related workflow tooling for organizations. This notice summarizes what data we process, how we use first-party analytics, and how we protect it.

1. Data Controller

The data controller for this notice is Quick Policy, a Pineapple Tapped Limited company (Company No. 13376705). For any privacy question, request, or complaint, contact us using the details in section 9 below.

2. Data We Process

We may process account details, organization profile data, policy content, audit activity, support requests, and low-sensitivity action telemetry needed to operate the platform and understand how the service is being used.

3. Purpose and Lawful Basis for Processing

Data is processed to provide the service, secure accounts, generate policy drafts, support compliance reporting, and understand how public website visitors engage with marketing content and conversion paths, as well as how authenticated users move through core workflows. We rely on the following lawful bases, depending on the activity:

  • Contract: processing account, organization, and policy data needed to deliver the service you have signed up for.
  • Legitimate interests: product and visitor analytics, service security, and fraud prevention, balanced against your rights.
  • Consent: marketing and advertising measurement cookies, which you can accept or decline at any time.
  • Legal obligation: retaining records where required for accounting, tax, or regulatory purposes.

4. AI Processing

If AI features are enabled, prompts and structured context may be sent to model providers to generate outputs. AI usage events are logged for security, quality, and spend monitoring.

5. Product and visitor analytics

Public visitors are anonymous by default. Quick Policy records first-party analytics at the page, route, action, attribution, and aggregate usage level so we can improve discoverability, onboarding, and product usability. Product telemetry is action-oriented rather than content-oriented.

We do not store policy body content, learner answers, incident free text, or support message content in analytics events. We do not use session replay or keystroke capture in this analytics v1 release.

6. Retention and Security

We apply access controls, audit logging, and encryption-in-transit. Raw analytics events are retained for 12 months in the initial analytics release. Other retention periods depend on your configuration and legal obligations.

7. Marketing and advertising measurement

On public marketing pages, and only where applicable consent has been granted, we may use advertising and attribution technologies such as Meta Pixel and the LinkedIn Insight Tag to measure campaign performance and conversion outcomes. These tools are not used to monitor private in-product policy, incident, or training content.

8. Your Data Protection Rights

Subject to applicable law, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request erasure; restrict or object to certain processing; request data portability; and withdraw consent at any time where processing is based on consent. Organization administrators can manage users, content, and lifecycle settings directly; individual data-subject requests should be submitted through your organization's designated contact or directly to us using the details below.

If you are not satisfied with how we have handled your request, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

9. Contact

For privacy questions, data-subject requests, or complaints, contact support@quickpolicy.co.uk, or your account owner or support channel configured in your tenant environment.