Effective Date: 22 March 2026

Privacy Policy

How Qui Intelligent Systems LLC collects, uses, stores, and protects your personal information.

1. About This Privacy Policy

Welcome to Qui Intelligent Systems LLC ("Qui Intelligent Systems LLC," "we," "us," or "our"). Your privacy is important to us. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our AI orchestration platform and related services, in compliance with the Law of Georgia on Personal Data Protection (2023) and other applicable laws.

This Privacy Policy should be read together with our Terms of Service, which govern your use of the Services.

Business Use Only: Qui Intelligent Systems LLC services (including all products, platforms, and applications) are professional-grade tools intended primarily for business and organizational users, including employees, contractors, and authorized representatives of commercial entities.

Service Availability: Our services are available globally to business and professional users, subject to applicable sanctions and export control laws.

Data Controller Information:

  • Company: Qui Intelligent Systems LLC
  • Identification Code: 405838866
  • Address: Vake district, University Street, N 17a, Floor 10, 0186, Tbilisi, Georgia
  • Contact: support@qui.is
  • Privacy/Data Protection Contact: privacy@qui.is

Supervisory Authority:

  • Authority: Personal Data Protection Service of Georgia (PDPS)
  • Website: https://pdps.ge
  • Email: info@pdps.ge

You have the right to lodge a complaint with the PDPS if you believe your data protection rights have been violated.


2. Information We Collect

2.1 Information You Provide Directly
  • Account Information: Name, business email address, company name, job title, business phone number
  • Authentication Data: Username, password, security questions, multi-factor authentication settings
  • Communication Data: Messages sent through our platform, customer support inquiries, feedback
  • Payment Information: Processed securely by Paddle (we do not store credit card details)

2.2 Information Collected Automatically
  • Usage Data: How you interact with our platform, features used, time spent, API calls made
  • Technical Data: IP address, browser type and version, device information, operating system
  • Performance Data: Response times, error logs, system performance metrics
  • Location Data: General geographic location based on IP address (country/state level only)

2.3 Information from Third Parties
  • AI Model Providers: Processing results and metadata from Anthropic Claude and other AI services
  • Authentication Services: Information from single sign-on providers (if you choose to use them)
  • Business Partners: Information from integrations you authorize

3. How We Use Your Information

3.1 Service Provision
  • Provide and maintain our AI orchestration platform
  • Process your API requests and route them to appropriate AI models
  • Authenticate your identity and manage your account
  • Provide customer support and respond to inquiries
  • Monitor platform performance and uptime

3.2 Business Operations
  • Analyze usage patterns to improve our services
  • Develop new features and functionality
  • Conduct research and development
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

3.3 Communications
  • Send important service notifications and updates
  • Provide technical support and customer service
  • Share product updates and new feature announcements (with your consent)
  • Send marketing communications (only with your explicit opt-in consent)

4. Legal Basis for Processing

Under the Law of Georgia on Personal Data Protection (2023), we process your personal information based on one or more of the following legal grounds:

  • Contract Performance: Processing necessary to provide our AI orchestration services and fulfill our contractual obligations to you
  • Legitimate Interests: For security, fraud prevention, service improvement, and normal business operations, where our interests do not override your fundamental rights
  • Consent: For marketing communications and optional features (you may withdraw consent at any time)
  • Legal Obligations: To comply with applicable Georgian and international legal requirements

5. How We Share Your Information

5.1 Service Providers

We share information with trusted third parties who help us operate our platform:

  • AI Model Providers: Anthropic (Claude), OpenAI, and other AI services for processing your requests
  • Payment Processor: Paddle for secure payment processing
  • Cloud Infrastructure: AWS, Google Cloud, or other hosting providers for platform operations
  • Security Services: Fraud detection and cybersecurity providers
  • Analytics Providers: For platform usage analysis and improvement

5.2 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.


5.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights and safety.


5.4 With Your Consent

We may share information for other purposes with your explicit consent.

We do not sell your personal information to third parties for their marketing purposes.


6. Your Data Protection Rights

Under the Law of Georgia on Personal Data Protection (2023), you have the following rights regarding your personal data:


6.1 Right to Access

You have the right to request confirmation of whether we are processing your personal data, and to obtain access to and copies of your data free of charge. We will respond within 10 working days of receiving your request (extendable by up to 10 additional working days if necessary).


6.2 Right to Rectification

You have the right to request the correction, updating, or completion of inaccurate or incomplete personal data. We will correct any inaccuracies within 10 working days.


6.3 Right to Erasure

You have the right to request the deletion or destruction of your personal data when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

6.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing.


6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.


6.6 Right to Object

You have the right to object to processing based on legitimate interests. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.


6.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.


6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Personal Data Protection Service (PDPS) if you believe your data protection rights have been violated. You may also seek judicial remedies through the courts of Georgia.


6.9 How to Exercise Your Rights

To exercise any of these rights:

  • Email: privacy@qui.is
  • Mail: Qui Intelligent Systems LLC, Data Protection, Vake district, University Street, N 17a, Floor 10, 0186, Tbilisi, Georgia

Response Time: We will respond to requests within 10 working days, which may be extended by up to 10 additional working days for complex requests. We will notify you of any extension.

Verification: We may need to verify your identity before processing requests to ensure data security.

No Charge: We will process your first request free of charge. For repetitive, excessive, or manifestly unfounded requests, we may charge a reasonable fee based on administrative costs.


7. Automated Decision-Making Technology (ADMT)

QUI uses automated decision-making technology to provide its services. This section describes how ADMT operates within the platform, what data it processes, and your rights regarding automated decisions.

7.1 What ADMT Means

ADMT refers to any technology that processes personal information and uses computation to replace or substantially replace human decision-making. QUI's AI features — including character responses, workflow execution, memory retrieval, and agentic operations — constitute ADMT.

7.2 How ADMT Works in QUI

When you interact with an AI character or run a workflow: your input is processed; your character's configuration is loaded; relevant memories are retrieved via vector search; the combined context is sent to an LLM provider for processing; the AI generates a response; if agentic mode is enabled, tools may be executed autonomously; results are returned to you; and the interaction is stored in semantic memory.

7.3 What Data Influences AI Outputs

The following data may influence AI outputs: your messages and conversation history; semantic memories from previous conversations; documents uploaded to knowledge bases; character system prompts and configuration; consciousness state (if Qonscious is enabled); files shared in conversations; and results from tool executions.

7.4 How Outputs Are Used

QUI is a general-purpose AI orchestration platform. AI outputs are presented to you for your review, use, or further processing. QUI does not use AI outputs to make significant decisions about you or any third party. If you use QUI to make significant decisions about other individuals, you are solely responsible for your own ADMT compliance. See our Terms of Service for your specific obligations.

7.5 Your Rights Regarding ADMT
  • Right to know: You may request information about how ADMT processes your data. Contact privacy@qui.is.
  • Right to opt out: You may opt out of ADMT processing by not using AI features.
  • Right to human review: All AI outputs are presented to you for review. You have full authority to accept, reject, modify, or ignore any AI output.
  • No retaliation: We will not discriminate against you for exercising your ADMT rights.
7.6 Data Processed for ADMT
Data TypePurposeStored By
Messages and promptsAI input for generating responsesYour device (local)
Conversation historyContext for memory retrievalYour device (local)
Character configurationDefines AI behaviourYour device (local)
Knowledge base documentsRAG search contextYour device (local)
LLM request/responseAI processingThird-party provider (transient)
Tool execution resultsAgentic workflow contextYour device (local)

Your messages, memories, and character data are stored locally on your device and are not stored on our servers.

8. AI Content Labeling and Metadata

QUI attaches metadata to AI-generated content indicating that it was produced by an AI system, including the model and provider used. This metadata is:

  • Visible within the QUI interface (character labels, AI indicators)
  • Included in exported content by default
  • Embedded in file metadata for audio and image outputs
  • Available via API response headers

This metadata is not personal information — it describes the content's origin, not the user. We attach this metadata to comply with AI content labeling regulations including Vermont's requirements and similar emerging laws.

You can configure the format and visibility of AI-generated labels in your account settings. Disabling visible labels does not remove embedded metadata, and does not relieve you of your own labeling obligations when distributing content commercially.

9. Age Verification Data

We collect your date of birth at registration to verify that you meet our minimum age requirement of 18 years. In certain jurisdictions, we use third-party verification services to confirm your age or business status.

9.1 What We Collect and Store
  • Date of birth
  • Whether you have been verified as 18+ (boolean)
  • The method of verification (self-declared, business verification, or third-party)
  • Timestamp of verification
9.2 What We Do NOT Collect or Store
  • Government-issued ID images or numbers
  • Biometric data
  • Any raw data from third-party verification providers

Third-party verification providers process your information under their own privacy policies. We receive only a pass/fail verification result.

For users in Texas and other jurisdictions requiring data deletion: raw verification data is processed by the third-party provider and never transmitted to or stored by QUI.

9.3 Business Verification Data (United States)

For users in the United States, we collect business verification data including company name, registration number, and business address. This data is verified through a third-party business verification service and retained for the duration of your account plus 7 years for financial record-keeping compliance.

10. Data Security

10.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication required
  • Network Security: Firewalls, intrusion detection, and continuous monitoring
  • Regular Testing: Security audits, vulnerability assessments, and penetration testing
  • Employee Training: Regular security awareness and data protection training

10.2 Data Breach Response

In accordance with Georgian law, in the event of a data breach affecting your personal information, we will:

  • Investigate and contain the breach promptly
  • Notify the Personal Data Protection Service (PDPS) within 72 hours of becoming aware of the breach (unless the breach is unlikely to cause significant harm to your rights and freedoms)
  • Notify affected data subjects immediately if the breach is likely to pose a significant threat to your rights and freedoms
  • Provide information about the nature of the breach, categories of data affected, potential consequences, and measures taken to address and mitigate the breach
  • Document all breaches and our response actions

Important: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.


11. Data Retention

11.1 Retention Periods
  • Account Information: Retained while your account is active and for 3 years after account closure
  • Usage Data and Logs: Typically retained for 24 months for service improvement and security
  • Communication Records: Customer support communications retained for 3 years
  • Payment Records: Retained as required by financial regulations (typically 7 years)
  • Security Logs: Retained for up to 7 years for fraud prevention and legal compliance

11.2 Data Deletion

When we delete your information, it is removed from our active systems and backups within 90 days, except where longer retention is required by law.


12. Cookies and Tracking Technologies

12.1 Types of Cookies We Use
  • Essential Cookies: Required for platform functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences

12.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.


12.3 Do Not Track

We do not currently respond to "Do Not Track" browser signals, but you can opt out of analytics cookies through our cookie preferences.


13. Children's Privacy

Our services are not intended for individuals under 18 years of age and are designed exclusively for business and professional users. We do not knowingly collect information from minors. If we learn that information from someone under 18 has been submitted, we will delete it promptly.

Age Verification: By using our services, you represent that you are at least 18 years old.


14. Changes to This Privacy Policy

14.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • Service improvements or new features
  • User feedback and best practices

14.2 Notice of Changes
  • Material Changes: 30 days advance notice via email and platform notification
  • Minor Updates: Notice on our website with updated effective date
  • Continued Use: Your continued use of our services after changes become effective constitutes acceptance

15. Contact Information

15.1 General Privacy Questions

Email: privacy@qui.is
Mail: Qui Intelligent Systems LLC, Data Protection, Vake district, University Street, N 17a, Floor 10, 0186, Tbilisi, Georgia


15.2 Data Subject Rights Requests

Email: privacy@qui.is
Response Time: Within 10 working days of verified request (may be extended by up to 10 additional working days)


15.3 Supervisory Authority

If you believe your data protection rights have been violated, you may lodge a complaint with:

Personal Data Protection Service (PDPS)
Website: https://pdps.ge
Email: info@pdps.ge


16. International Data Transfers

QUI processes data locally on your device. When you use cloud LLM providers, your current request is sent directly to the provider for processing. QUI does not transfer your data to or through any intermediate jurisdiction.

QUI does not currently serve customers in the EU, EEA, or UK. EU transfer mechanisms (Standard Contractual Clauses) are not applicable at this time.

17. Special Notices

17.1 Service Limitations
  • Geographic Restrictions: Services not available to users in sanctioned jurisdictions
  • Age Restrictions: Services not available to individuals under 18
  • Business Use: The platform is designed and marketed primarily for business, professional, and organizational use

17.2 Data Processing Transparency
  • AI Model Processing: Your data may be processed by third-party AI providers
  • No Long-term Storage: We do not store your content or AI-generated responses long-term
  • Processing Location: Data processed in various locations depending on service provider

17.3 User Responsibilities
  • Content Appropriateness: Do not submit sensitive personal information through our platform without implementing appropriate safeguards
  • Account Security: Maintain strong passwords and protect your account credentials
  • Compliance: Ensure your use of our platform complies with applicable laws in your jurisdiction

Effective Date: This Privacy Policy is effective as of 22 March 2026 and applies to information collected from that date forward.

This Privacy Policy demonstrates our commitment to protecting your privacy while providing innovative AI orchestration services. We regularly review and update our practices to ensure continued compliance with the Law of Georgia on Personal Data Protection (2023) and other applicable privacy laws.