Privacy Policy

1. Who we are

Quell provides educational personal risk-analytics. For users in the European Economic Area (EEA), the United Kingdom, and similar regimes, Quell is the “controller” of your personal data for the Service. You can reach us at support@quell.ing.

2. Information we collect

• Account & identity: name, email, authentication identifiers (we support sign-in with email magic links and Google OAuth).
• Financial information you enter: account balances, holdings, income, liabilities, expenses, and similar figures you choose to provide. We do not connect to your bank. There is no bank-linking or open-banking integration; all financial data is entered or uploaded by you.
• Coarse sensitive inputs (optional): general health band, insurance/coverage type, and immigration/visa or residency status. We collect these in coarse categories only, to model risk, and store them encrypted. You choose whether to provide them.
• Public wallet addresses: if you add one, we perform a read-only on-chain and price lookup. We never receive or hold your keys or funds.
• Uploaded statements: if you upload a document, it is stored encrypted and processed to extract figures; you can delete it.
• Usage & device data: log data, IP address, device/browser information, and interactions, used for security and to operate the Service.
• Payment information: processed by our payment processor (Stripe). We receive limited billing details (such as plan and status) but do not store full card numbers.

3. How we use your information

• to provide the Service, including running simulations and generating your risk readings from the data you provide;
• to create, secure, and support your account, and to process payments;
• to communicate with you about the Service, including service and security notices;
• to maintain, debug, and improve the Service and our models, including using de-identified, aggregated data that does not identify you;
• to detect, prevent, and address fraud, abuse, and security incidents; and
• to comply with legal obligations and enforce our terms.

We do not sell your personal information, and we do not use your data for third-party advertising.

4. Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on: performance of our contract with you (to provide the Service); your consent (for optional sensitive inputs such as health and immigration data, which you may withdraw at any time); our legitimate interests (to secure and improve the Service, where not overridden by your rights); and compliance with legal obligations.

5. AI processing and automated estimates

We use third-party AI/large-language-model providers to turn engine-computed numbers into readable explanations and, where you ask, to gather publicly available signals. The numbers you see are produced by our simulation engine, not by a language model. Our AI provider processes the prompts we send to generate text and, under our agreement, is restricted from using your content to train its models. The Service produces probabilistic estimates; it does not make decisions that produce legal or similarly significant effects about you, and it is not advice (see our Terms).

6. How we share information

We share personal data only as described here:

• Service providers / processors who help us run the Service under contract and appropriate safeguards — for example: cloud hosting and database, payment processing (Stripe), email delivery, AI/LLM processing, public economic-data and blockchain/price lookups, and error monitoring.
• Legal & safety: when required by law, legal process, or to protect the rights, safety, and security of Quell, our users, or others.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
• With your direction or consent.

When you request a public data lookup (such as economic series or a wallet address), we send only what is needed for that lookup — not your identity.

7. International transfers

We may process and store information in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses. Where feasible, we aim to store EEA users’ data in the EEA.

8. Security

We use technical and organizational measures designed to protect your information, including encryption in transit and at rest, field-level encryption for sensitive fields, access controls, and practices to avoid logging sensitive personal content. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Data retention

We keep personal data for as long as your account is active or as needed to provide the Service, and thereafter only as required for legitimate business or legal purposes. You can delete your account and data at any time (see your rights below); on deletion we remove or de-identify your personal data, except where retention is required by law.

10. Your rights and choices

Depending on where you live, you may have the right to:

• access the personal data we hold about you and obtain a copy (the Service provides a data export);
• correct inaccurate data;
• delete your data (the Service provides account deletion);
• port your data to another service;
• restrict or object to certain processing, and withdraw consent at any time (without affecting prior processing);
• not be subject to unlawful sale or sharing of personal data — we do not sell or share your personal data for cross-context behavioral advertising; and
• lodge a complaint with your local data-protection authority.

California residents have rights under the CCPA/CPRA to know, delete, correct, and opt out of “sale” or “sharing” (we do neither), and not to be discriminated against for exercising these rights. To exercise any right, use the in-app export/delete tools or contact us at support@quell.ing. We will verify your request as required by law.

11. Cookies

We use only essential cookies and similar technologies necessary to sign you in, keep your session secure, and operate the Service. We do not use third-party advertising or cross-site tracking cookies.

12. Children

The Service is not directed to, and may not be used by, anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (for example, by posting the updated Policy with a new date or by email). Your continued use after the changes take effect constitutes acceptance.

14. Contact

Privacy questions or requests: support@quell.ing.