Legal

Privacy Policy

Last updated: March 2026

Privacy Policy

Effective date: [To be set on publication] Version: 1.0.0

1. Who We Are

Quorate is a governance and meeting management platform. We are the data controller for your account information and the data processor for organisation data.

2. What We Collect

  • Account data: Name, email address, password (hashed)
  • Organisation data: Meeting records, minutes, decisions, documents — processed on behalf of your organisation
  • Usage data: Login times, pages visited, feature usage (no PII)
  • Payment data: Processed by Stripe — we do not store card details

    • 3. Legal Basis

  • Contract: Processing necessary to provide the Platform
  • Legitimate interest: Usage analytics, platform improvement
  • Consent: Marketing communications (opt-in)
  • Legal obligation: Financial records retention

    • 4. Data Sharing

    We share data only with:

  • AWS (hosting infrastructure)
  • Stripe (payment processing)
  • Sentry (error monitoring — no PII)

    • See our Sub-processor List for full details.

    5. Data Retention

  • Active accounts: data retained while subscription is active
  • Cancelled accounts: data deleted 90 days after cancellation
  • Financial records: retained for 7 years (legal requirement)

    • 6. Your Rights

    Under UK GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Data portability
  • Object to processing
  • Lodge a complaint with the ICO

    • 7. Contact

    Data protection enquiries: privacy@quorate.app

    ---

    *This document requires legal review before publication.*