Privacy Policy

Privacy Policy - Effective 14 October, 2025

1. Introduction

This Privacy Policy describes how Quench.AI Limited ("Quench.AI", "we", "us", or "our") collects, uses, stores, and protects your personal information when you use our Services. This policy applies to all services provided by Quench.AI and its affiliates, including but not limited to askollo.com and related domains.

This notice is in accordance with the European Union General Data Protection Regulation 2016/679 (GDPR) and UK data protection laws. It describes your privacy rights, how to exercise them, the basis for our information collection, and ways in which you can contact us.

Who We Are:
 Quench.ai Limited
Registered office: Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom
Company number: 13108676
Email: privacy@quench.ai

Important Note: Users of our Services must be at least 18 years of age. We do not knowingly collect or process personal information from individuals under 18.

2. Definitions

For purposes of this Privacy Policy:

  • "Services" means our AI-powered platform that enables users and organizations to connect, search, and interact with their data sources using artificial intelligence capabilities, including AI agents and agentic workflows.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Connected Data Source" means a third-party system (e.g., Google, Slack, Notion) you connect via OAuth, service account, or API key.
  • "Created Data" means content created or stored by the Service at your direction (e.g., uploads, synced copies, saved prompts, AI-generated outputs, agent artifacts).
  • "Federated Search" means real-time querying of Connected Data Sources where source content is not persistently copied or indexed by Quench.ai.
  • "Processing" means any operation performed on personal data, such as collection, storage, use, or disclosure.

3. Information We Collect

3.1 Personal Data

When you register for or use our Services, we may collect:

  • Account Information: Name, email address, contact details, company/organization name, job title, department
  • Authentication Information: Login credentials, authentication tokens for Connected Data Sources
  • Business Information: Company size, number of employees, headquarters location, organizational structure
  • Professional Information: Professional qualifications, educational background, work activities, areas of expertise

3.2 Usage Data

We collect information about how you use our Services:

  • Service Usage: Queries entered into the search service, types of content viewed or engaged with, features used, actions taken, frequency of use
  • AI Agent Activity: Agent configurations, actions performed, prompts submitted, outputs generated (as detailed in Agent Action Logs per our Terms of Service)
  • Connected Data Sources: Information about which data sources you connect, connection status, sync preferences
  • Performance Data: Service response times, error logs, feature performance metrics

3.3 Device and Technical Data

We collect technical information from devices you use to access the Services:

  • Device Information: Device type (computer, mobile, tablet), device ID, operating system, browser type and version
  • Network Information: IP address, connection type, location data (GPS, inferred from IP)
  • Access Logs: Date and time of access, pages visited, referring URLs

3.4 Data from Connected Sources

When you connect third-party data sources to our Services:

  • OAuth Tokens: Authentication tokens to maintain connections to your Connected Data Sources
  • Metadata: File names, folder structures, timestamps, authors, permissions from Connected Data Sources
  • Search Results: Content retrieved from Connected Data Sources in response to your queries
  • Synced Content: If you choose to sync content from a Connected Data Source, that content becomes Created Data stored by Quench.ai

Important: For Federated Search, source content is not persistently stored by Quench.ai. Only search results and metadata are retained as Created Data. See Section 5.2 for details.

3.5 Communications

When you communicate with us:

  • Support Inquiries: Name, email, description of issues, attachments you provide
  • Feedback: Ratings, comments, survey responses
  • Marketing Communications: Responses to newsletters, event registrations

3.6 Payment Information

If you purchase our Services:

  • Billing Information: Name, billing address, company details
  • Payment Details: Processed by our payment processor (Stripe) - we do not store complete payment card details

3.7 Cookies and Similar Technologies

We use cookies and similar tracking technologies. See Section 8 for detailed information.

4. How We Collect Information

4.1 Directly from You

We collect information directly when you:

  • Register for an account or complete online forms
  • Connect third-party data sources via OAuth
  • Use our Services to search, query, or interact with data
  • Configure and deploy AI Agents
  • Contact us for support or provide feedback
  • Subscribe to newsletters or marketing communications
  • Attend our events (online or offline)

4.2 Automatically Through Your Use

We automatically collect information through:

  • Cookies and Analytics: Google Analytics, analytics tools integrated into our platform
  • Service Logs: Automatically generated logs of your service usage
  • Agent Action Logs: Automatically recorded logs of AI Agent activities (retained for 90 days)

4.3 From Third-Party Services

We collect information from:

  • OAuth Providers: When you authorize connections to Google, Microsoft, Slack, Notion, and other services
  • Payment Processors: Stripe processes payments and provides us with transaction status
  • Social Media Platforms: If you interact with us on LinkedIn, Twitter, or other platforms
  • Analytics Providers: Google Analytics, performance monitoring tools

4.4 From Connected Data Sources

Through Federated Search and synced connections, we access:

  • Metadata and search results from your Connected Data Sources
  • Synced content if you choose to enable syncing
  • Real-time query results that become Created Data

5. How We Use Your Personal Data

5.1 To Provide and Improve Our Services

We use your personal data to:

  • Authenticate you and maintain your account
  • Provide search and AI capabilities across your Connected Data Sources
  • Execute AI Agent actions you configure and authorize
  • Store and index Created Data (including synced content if you opt in)
  • Process your queries and return relevant results
  • Maintain and improve service performance, security, and reliability
  • Develop new features and capabilities

Legal Basis: Performance of contract, legitimate interests (service improvement)

5.2 Data Processing for Federated Search and Syncing

Federated Search:

  • We query your Connected Data Sources in real-time
  • Source content is NOT persistently stored by Quench.ai
  • Only search results, metadata, and outputs become Created Data
  • Created Data is stored in your selected region (EU, UK, or US)

Synced Content (Opt-In):

  • If you choose to sync content, it becomes Created Data
  • Synced content is encrypted at rest and stored in your selected region
  • We build search indexes to provide retrieval functionality
  • We do NOT change permissions from the source system
  • You control inclusion/exclusion rules, retention, and re-index frequency

Legal Basis: Performance of contract, consent (for syncing)

5.3 AI Model Training - What We DO NOT Do

Quench.ai does NOT use your data to train AI models:

  • We do NOT use your Inputs, Outputs, Created Data, or content from Connected Data Sources to train, fine-tune, or improve foundation models
  • Your data is NOT incorporated into AI training datasets
  • Your data is NOT used to improve models for other users
  • We do NOT use your data for machine learning model development

What We DO Use:

  • De-identified operational telemetry to maintain service quality, safety, and reliability
  • Such telemetry does NOT include source content bodies from Federated Search

Legal Basis: Legitimate interests (service quality and security)

5.4 For Security and Compliance

We use your data to:

  • Monitor and maintain security of the Services
  • Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations and government requests
  • Enforce our Terms of Service and policies
  • Investigate security incidents and breaches

Legal Basis: Legal obligation, legitimate interests (security and fraud prevention)

5.5 For Communications

We use your data to:

  • Send service-related notifications (account changes, security alerts, breach notifications)
  • Respond to your support inquiries
  • Send newsletters and marketing communications (with your consent)
  • Notify you of updates, new features, and events

Legal Basis: Performance of contract (service notifications), consent (marketing), legitimate interests (customer engagement)

Opt-Out: You can unsubscribe from marketing emails at any time by clicking the unsubscribe link or emailing privacy@quench.ai

5.6 For Analytics and Business Operations

We use your data to:

  • Understand how users engage with our Services
  • Analyze usage patterns and trends
  • Improve user experience and platform functionality
  • Conduct research and development
  • Generate aggregated, anonymized statistics

Legal Basis: Legitimate interests (business improvement and development)

5.7 Agent Action Logs

We record Agent Action Logs containing:

  • Actor (who initiated the agent)
  • Prompt summary/hash
  • Target service
  • Action type
  • Parameters (redacted where sensitive)
  • Timestamps, status, error codes

These logs are retained for 90 days and exportable by administrators for audit and compliance purposes.

Legal Basis: Performance of contract, legitimate interests (security and accountability)

6. Data Storage and Retention

6.1 Storage Locations

Created Data:

  • Stored in your selected region at onboarding: EU, UK, or US
  • Encrypted at rest
  • We will NOT move your data out of your selected region without notice, except for emergency continuity with equivalent protections

Federated Search:

  • Data remains in original Connected Data Sources
  • No persistent storage by Quench.ai

6.2 Retention Periods

Created Data:

  • Retained while your account is active
  • Automatically deleted after 90 days of inactivity (by default)
  • Deleted within 90 days of account termination (unless legal retention required)
  • You may request deletion at any time by contacting legal@quench.ai

Agent Action Logs:

  • Retained for 90 days
  • Exportable by administrators

Account Information:

  • Retained while your account is active
  • Deleted within 90 days of account termination (unless legal retention required)

Marketing Consent Records:

  • Retained for 6 years after consent withdrawal

Support Communications:

  • Retained for as long as necessary to resolve your inquiry and for legitimate business purposes

Payment Records:

  • Retained as required by tax and accounting laws (typically 6-7 years)

Legal Holds:

  • Data may be retained longer if required by law, regulation, legal process, or to establish, exercise, or defend legal claims

7. Data Sharing and Disclosure

7.1 We Share Your Data With:

Service Providers and Subprocessors:

  • Payment processors (Stripe)
  • Cloud infrastructure providers (hosting in EU, UK, or US per your selection)
  • AI model providers (for routing prompts/requests)
  • Analytics providers (Google Analytics)
  • Communication tools (email service providers)

A current list of subprocessors is available upon request at legal@quench.ai

Your Organization:

  • If you use our Services through an employer or organization, administrators and managers may view your service usage and Created Data
  • We hold legally binding agreements with enterprise clients to ensure security and proper processing

Law Enforcement and Regulators:

  • When required by law or legal process
  • To comply with government requests
  • To protect our rights, property, or safety, or that of others

Business Transfers:

  • In connection with mergers, acquisitions, or sale of assets, your data may be transferred (with appropriate protections)

7.2 Connected Data Sources

Important: When you connect third-party data sources:

  • Those services are governed by their own terms and privacy policies
  • You are responsible for compliance with their terms
  • Quench.ai does NOT control their data handling practices
  • Data accessed through Federated Search remains in those systems

7.3 International Data Transfers

If data is transferred outside the UK/EU:

  • We implement appropriate safeguards (Standard Contractual Clauses, adequacy decisions)
  • Your Created Data remains in your selected region (EU, UK, or US)
  • Model providers and subprocessors may be located in different jurisdictions
  • We ensure appropriate data protection measures are in place

7.4 We Do NOT:

  • Sell your personal data to third parties
  • Share your data with advertisers for their direct marketing
  • Use your data to train AI models for other customers
  • Publicly display your queries or service usage

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Strictly Necessary Cookies:

  • Enable essential features like secure login and site navigation
  • Cannot be disabled without affecting site functionality

Performance Cookies:

  • Google Analytics and similar tools
  • Collect anonymized data about site usage, page visits, and performance
  • Help us improve the Services

Functional Cookies:

  • Remember your preferences and settings
  • Enable personalized features

Marketing/Tracking Cookies:

  • Used for remarketing (Google Ads, LinkedIn Ads)
  • Deliver personalized advertisements based on your site visits
  • We do NOT collect identifiable information through remarketing

8.2 Managing Cookies

You can control cookies through:

  • Our cookie preferences tool (where available)
  • Your browser settings
  • Opt-out links for specific services (e.g., Google Ads settings)

Note: Blocking certain cookies may affect site functionality.

8.3 Analytics

We use Google Analytics and similar tools to understand user behavior. These services use cookies and may collect:

  • Pages visited
  • Time on site
  • Referral sources
  • Device and browser information

We do NOT use Google Workspace APIs to train, develop, or improve generalized AI/ML models.

9. Your Privacy Rights

Under GDPR and UK data protection laws, you have the following rights:

9.1 Right of Access

Request a copy of the personal data we hold about you

9.2 Right to Rectification

Request correction of inaccurate or incomplete data

9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements)

9.4 Right to Restrict Processing

Request limitation on how we use your data

9.5 Right to Data Portability

Receive your data in a structured, machine-readable format

9.6 Right to Object

Object to processing based on legitimate interests, including direct marketing

9.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time

9.8 Right Not to be Subject to Automated Decision-Making

Protection against decisions based solely on automated processing

9.9 How to Exercise Your Rights

To exercise any of these rights:

Email: privacy@quench.ai
Mail: Quench.ai Ltd, Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom

Please provide sufficient information to identify you (name, email address, account details). We will respond within one month of receiving your request.

10. Data Security

10.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data encrypted at rest and in transit
  • Access Controls: Role-based access, authentication requirements
  • Network Security: Firewalls, intrusion detection, secure infrastructure
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Privacy and security training for personnel

10.2 Your Responsibilities

  • Keep your password secure and confidential
  • Do not share your account credentials
  • Log out when finished using shared devices
  • Contact us immediately if you suspect unauthorized access

10.3 Data Breach Notification

In the event of a Security Incident affecting your Personal Data:

  • We will notify you without undue delay and within 72 hours of confirming the incident
  • Notification will include nature of breach, data affected, and remedial steps
  • We will also notify relevant supervisory authorities as required by law

11. Third-Party Services and Links

Our Services may contain links to third-party websites and integrate with third-party services. This Privacy Policy does not apply to those third parties. We are not responsible for:

  • Privacy practices of third-party services
  • Content or security of third-party websites
  • Data handling by Connected Data Sources

We recommend reviewing the privacy policies of any third-party services you use.

12. Children's Privacy

Our Services are intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we discover we have collected data from someone under 18, we will delete it promptly.

If you believe we have collected information from someone under 18, please contact us at privacy@quench.ai

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If changes are material and affect data we already hold about you, we will notify you by:

  • Email to your registered address
  • In-product notification
  • Prominent notice on our website

We encourage you to review this policy periodically. Your continued use of the Services after changes constitutes acceptance of the updated policy.

14. Contact Us and Complaints

14.1 Contact Information

For questions about this Privacy Policy or our privacy practices:

Email: privacy@quench.ai
Mail: Quench.ai Ltd, Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom

14.2 Complaints

If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
 Website: https://ico.org.uk
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Helpline: 0303 123 1113

15. Data Processing Addendum

For enterprise customers processing personal data through our Services, a separate Data Processing Addendum (DPA) may apply. The DPA includes:

  • Standard Contractual Clauses for international transfers
  • Subprocessor lists and approval mechanisms
  • Security and breach notification obligations
  • Data subject rights assistance

Contact legal@quench.ai to request or execute a DPA.

Quench.ai Limited
 Company registered in England and Wales
Company number: 13108676
Registered office: Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom

Email: privacy@quench.ai
Legal: legal@quench.ai

Effective Date: 14 October 2025