Privacy Policy
Effective Date: 1/1/2026
Last Updated: 1/2/2026
This Privacy Policy describes how JE Vectors LLC, d/b/a Nquiry ("Company," "we," "us," or "our") collects, uses, and protects your information when you use Nquiry ("Service"). We are committed to protecting your privacy and handling your data responsibly.
1. Information We Collect
1.1 Account Information
When you register for an account, we collect:
- Email address
- Full name (optional)
- Password (stored in hashed form by our authentication provider)
1.2 Organization Information
For team organizations, we collect:
- Organization name
- Billing email
- Member information (email, role, join date)
1.3 Investigation Data
When you use the Service, we store:
- Investigation titles, descriptions, and status
- Topics and questions
- Evidence metadata (titles, descriptions, sources, dates)
- AI-generated analysis and reports
- Notes and annotations you create
1.4 Uploaded Files
We store files you upload, including:
- Documents (PDF, Word, Excel)
- Images (JPEG, PNG, GIF, WebP)
- Custom files related to your investigations
1.5 Usage Information
We automatically collect:
- Log data (IP address, browser type, access times)
- Device information
- Feature usage patterns
- Error and performance data
1.6 Audit Logs
For compliance and security, we maintain detailed audit logs including:
- User actions (create, view, update, delete operations)
- Authentication events (login, logout, password changes)
- Administrative actions
- IP addresses and user agents
- Timestamps
2. How We Use Your Information
2.1 Providing the Service
We use your information to:
- Create and manage your account
- Store and organize your investigations and evidence
- Generate AI-powered analysis and reports
- Enable team collaboration
- Process payments and manage subscriptions
2.2 AI Processing
When you use AI features, your content is processed to:
- Generate analysis, summaries, and recommendations
- Extract text from uploaded documents
- Provide relevant insights based on your evidence
Important: Content sent for AI processing includes investigation details, evidence text, and document contents. This data is transmitted to our AI provider (AWS Bedrock/Anthropic) and is not used to train AI models.
2.3 Communication
We use your email to:
- Send team invitations
- Deliver password reset links
- Notify you of important account or service updates
- Send data export notifications
2.4 Security and Compliance
We use logs and audit data to:
- Detect and prevent fraud or abuse
- Monitor for security threats
- Comply with legal obligations
- Support compliance requirements (SOC 2, HIPAA, FedRAMP)
2.5 Service Improvement
We may use aggregated, anonymized data to:
- Improve Service features and performance
- Analyze usage patterns
- Develop new features
3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We share data with trusted providers who help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| AWS (Amazon Web Services) | Infrastructure (hosting, storage, database, AI) | All service data |
| AWS Bedrock (Anthropic Claude) | AI analysis generation | Investigation content, evidence text, documents |
| Resend | Transactional email | Email addresses, names, organization names |
| Sentry | Error monitoring (production only) | Error logs, stack traces, request context |
| Stripe | Payment processing | Billing information, payment details |
3.2 Within Organizations
Team organization members can view and access content within their organization based on their assigned role (owner, admin, member, viewer).
3.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights or property
- Prevent fraud or security threats
- Protect the safety of users or the public
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
3.5 No Sale of Personal Information
We do not sell your personal information to third parties.
4. Data Storage and Security
4.1 Storage Location
Your data is stored in AWS data centers in the United States (us-east-1 region).
4.2 Security Measures
We implement comprehensive security measures including:
- Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
- Access Control: Role-based access control and row-level database security
- Authentication: Secure session management with HTTP-only cookies
- File Security: Signed URLs with time-limited access for file downloads
- Network Security: Private database subnets, security groups, and firewalls
- Audit Logging: Comprehensive logging of all access and changes
4.3 Multi-Tenant Isolation
Each organization's data is logically isolated through:
- Organization-scoped database queries
- Storage paths segregated by organization ID
- Row-level security policies enforcing access boundaries
4.4 Compliance Standards
We design our security practices to support compliance with:
- SOC 2 Type II
- HIPAA
- FedRAMP Moderate
- ISO 27001
- GDPR
5. Data Retention
5.1 Active Accounts
- Investigation data: Retained as long as your account is active
- Uploaded files: Retained until deleted by you or upon account deletion
- Audit logs: Retained for 2 years (730 days) for compliance purposes
5.2 Deleted Content
When you delete content:
- Investigation data is permanently removed from our database
- Associated files are removed from storage
- File versions may be retained temporarily for disaster recovery
- Audit log entries are preserved (anonymized)
5.3 Account Deletion
Upon account deletion:
- Personal organization and all content permanently deleted
- You are removed from team organizations
- Audit logs retained with anonymized user references
6. Your Rights and Choices
6.1 Access Your Data
You can access your investigation data through the Service at any time.
6.2 Export Your Data
You can export all your data in JSON format through Settings > Account > Export Data. This includes:
- Profile information
- Organizations and memberships
- Investigations, evidence, topics, questions
- Analysis and reports
- Audit log entries
6.3 Delete Your Data
You can:
- Delete individual investigations, evidence, or other content
- Delete your entire account through Settings > Account > Delete Account
6.4 Correct Your Data
You can update your profile information and content through the Service interface.
6.5 Withdraw Consent
You may stop using the Service at any time. For specific consent withdrawals, contact us.
6.6 Data Portability
Your exported data is provided in a structured, commonly used format (JSON).
7. International Data Transfers
If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
For users in the European Economic Area (EEA), we rely on:
- Standard Contractual Clauses for data transfers
- AWS's GDPR Data Processing Addendum
8. Children's Privacy
The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
9. Cookies and Tracking
9.1 Essential Cookies
We use essential cookies for:
- Authentication and session management
- Security features
9.2 Analytics
We may use analytics tools to understand Service usage. These tools collect aggregated, anonymized data.
9.3 Do Not Track
We currently do not respond to Do Not Track browser signals.
10. AI-Specific Privacy Considerations
10.1 What We Send to AI
When you use AI features, we transmit:
- Investigation title and focus statement
- Question and topic text
- Evidence content (text extracted from documents)
- Uploaded documents (PDFs, images)
- Framework and evaluation guide documents
10.2 AI Provider Commitments
Our AI provider (Anthropic via AWS Bedrock):
- Does not use your data to train models
- Processes data only for the requested task
- Does not retain your data after processing
- Is subject to AWS security and compliance standards
10.3 AI Data Minimization
We only send data necessary for the requested AI task. You control which evidence and documents are included in analysis.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email notification to your registered address
- Notice within the Service
- Updated "Last Updated" date
Continued use after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions, requests, or concerns:
Email: [PRIVACY EMAIL]
Address: [COMPANY ADDRESS]
Data Protection Inquiries: [DPO EMAIL, if applicable]
13. Additional Information for Specific Jurisdictions
13.1 California Residents (CCPA)
California residents have additional rights under the CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell personal information)
- Right to non-discrimination
To exercise these rights, contact us using the information above.
13.2 European Economic Area (GDPR)
EEA residents have additional rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
Legal Basis for Processing:
- Contract performance (providing the Service)
- Legitimate interests (security, fraud prevention, service improvement)
- Legal obligations (compliance requirements)
- Consent (where specifically requested)
By using nquir, you acknowledge that you have read and understood this Privacy Policy.