Privacy Policy
Last updated: 9 May 2026
Quelvio is an enterprise knowledge platform that lets organisations search and synthesise answers across their connected work systems — Google Drive, SharePoint, Confluence, Slack, Notion, and others — with cited responses, lifecycle awareness, and refusal-on-weak-context.
Quelvio is operated by Rolle Ltd, a company registered in England and Wales.
This Privacy Policy describes how we collect, use, store, and protect personal data when you and your organisation use the Quelvio service ("Service") at quelvio.com and connected interfaces. We are the data controller for personal data we collect from website visitors and account holders, and the data processor for content your organisation chooses to connect to the Service.
If you have questions about this policy or your data, contact [email protected].
1. Who we are
Rolle Ltd, operating the Quelvio service
Company Number: 14560691 (registered in England and Wales)
Registered office: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
Data Protection Contact: Antonis Papathanasopoulos
Email: [email protected]
2. Scope of this policy
This policy applies to:
- Visitors to quelvio.com and our marketing pages
- Account holders authenticating through Quelvio
- Employees of customer organisations using Quelvio through any interface — web dashboard, MCP server, browser extension, or future integrations
- Third parties whose personal data appears in content your organisation connects to Quelvio
It does not apply to data your organisation processes within its own connected sources (Google Drive, SharePoint, Confluence, Slack, Notion, etc.). For that data, your organisation is the controller and Quelvio is the processor — terms governed by your subscription agreement and any Data Processing Agreement.
3. Data we collect
We collect three categories of data.
3.1 Account data
Provided when you sign up or log in:
- Email address, name, and (where applicable) profile information from your single sign-on provider
- Organisation name and your role within it
- Authentication tokens and session metadata
3.2 Content data
Submitted by your organisation when connecting knowledge sources:
- Document text, attachments, embedded images, and audio/video content
- Source metadata (file paths, authorship, timestamps, permission lists)
- Derived representations: extracted text, semantic chunks, vector embeddings, classification labels, cross-reference relationships
We do not browse, index, or store content from sources your organisation has not explicitly connected.
3.3 Usage data
Generated when you interact with the Service:
- Queries you submit and responses returned, including cited sources
- Knowledge Token consumption per query
- Audit log entries (who queried what, when, from which interface)
- Telemetry: page views, feature usage, error reports, performance metrics
- IP address, browser type, device type, approximate location (country level)
4. How we use your data
We process personal data on the following legal bases under UK GDPR Article 6:
| Purpose | Legal basis |
|---|---|
| Operating the Service (authentication, query processing, billing) | Contract performance |
| Securing the Service against fraud, abuse, and unauthorised access | Legitimate interests |
| Improving the Service through aggregated analytics | Legitimate interests |
| Communicating with account holders about service updates and incidents | Legitimate interests |
| Complying with legal obligations (tax, audit, lawful requests) | Legal obligation |
| Marketing communications to existing customers about related products | Legitimate interests (you may opt out at any time) |
We do not use customer content to train AI models. We do not sell, rent, or share customer data with third parties for marketing.
5. Third-party content sources (connectors)
When you authorise Quelvio to connect to a third-party platform such as Google Drive, SharePoint, Box, Dropbox, Notion, Confluence, Slack, Microsoft Teams, or an AWS S3 bucket you control, you grant Quelvio permission to read content from that platform via its OAuth, API, or — in the case of S3 — a customer-controlled IAM role. Our access follows three principles:
Read-only. Every connector requests read-only OAuth scopes (or, for S3, a read-only IAM role). Quelvio cannot create, modify, or delete content in your connected source systems.
Least privilege. We request only the scopes necessary to index content. We do not request access to user profile data, calendar events, messages outside indexed channels, or administrative functions we do not use.
Revocable by you. You can revoke Quelvio's access at any time from the source platform's administrative settings (or by removing the IAM role, in the case of S3). Upon revocation or disconnection, we stop syncing new content and delete the indexed content from our systems within 30 days.
For S3 connections, the customer controls the IAM trust policy that grants Quelvio cross-account access. Quelvio does not have standing access to any S3 bucket without an explicit IAM trust relationship configured by the customer.
Use of information retrieved from Google APIs by Quelvio adheres to the Google API Services User Data Policy, including the Limited Use requirements.
6. Subprocessors
We use the following third-party processors to operate the Service. Each is bound by a data processing agreement and contractually committed to security standards equivalent to those described in this policy.
6.1 Infrastructure
| Subprocessor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Compute, database, storage, key management | EU (Frankfurt) |
| Cloudflare | Edge hosting for the MCP server, CDN, DDoS protection | Global edge network |
6.2 AI and machine learning
| Subprocessor | Purpose | Region |
|---|---|---|
| Voyage AI | Text and multimodal embeddings | United States |
| OpenRouter | Routing requests to large language models | United States |
| OpenAI | Large language model inference | United States |
| Anthropic (via Amazon Bedrock) | Large language model inference | EU and United States |
| Alibaba Cloud (Qwen) | Large language model inference | China |
| Groq | Audio and video transcription, model inference | United States |
| Hugging Face | Audio and video extraction model hosting | United States and EU |
6.3 Authentication, billing, and operations
| Subprocessor | Purpose | Region |
|---|---|---|
| Clerk | User authentication and single sign-on | United States |
| Stripe | Subscription billing and payments | Global |
| SendGrid | Transactional and notification email | United States |
| Supabase | Marketing waitlist and newsletter sign-ups | United States |
We update this list when we add or remove subprocessors. Material changes are announced to active customers at least 30 days before they take effect, where feasible.
7. International data transfers
Customer content is stored on infrastructure located in the European Union (AWS Frankfurt). However, some processing — specifically embedding generation, large language model inference, audio and video transcription, authentication, billing, and email delivery — may occur outside the European Economic Area, including in the United States and China.
For any transfer of personal data outside the United Kingdom or European Economic Area, we rely on:
- The European Commission's Standard Contractual Clauses (SCCs) and the United Kingdom's International Data Transfer Addendum where applicable
- Each subprocessor's documented technical and organisational safeguards
- Adequacy decisions where they apply
You can request copies of our transfer mechanisms by emailing [email protected].
8. Data residency
Customer content storage is committed to the European Union for tenants on the European region.
- Storage: content data, embeddings, and audit logs for European tenants are stored in AWS Frankfurt (eu-central-1) and never replicated outside the European Union.
- Processing: queries may be routed to AI model providers in other jurisdictions for embedding generation, audio/video transcription, and language model inference (see Section 6). The query content travels to those providers under SCCs and is not retained by them beyond the time required to return a response.
We are working toward EU-only processing for European tenants in future releases. Until then, the cross-border processing described above applies.
9. Data retention
We retain personal data only as long as needed to operate the Service or comply with legal obligations.
| Data category | Retention period |
|---|---|
| Account data | Duration of the account; deleted within 30 days of account deletion |
| Content data (raw documents, chunks, embeddings) | Duration of the source connection; deleted within 30 days of source disconnection |
| Audit logs and query logs | Up to 365 days |
| Billing records | 6 years (UK statutory tax retention requirement) |
| Tenant data after tenant deletion | Complete purge within 30 days |
Backups are retained for up to 35 days after the underlying data is deleted, after which the backup itself is overwritten.
Deletion is propagated to subprocessors where technically feasible. Some subprocessors (notably AI providers that do not retain query content) require no deletion action because the data was never persisted.
10. Your rights
If you are in the United Kingdom, European Economic Area, or another jurisdiction with data protection laws comparable to UK GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests, including profiling
- Withdraw consent — where processing is based on consent, withdraw it at any time
If you are a California resident, you have parallel rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights to know, delete, correct, opt out of sale or sharing (we do neither), and limit the use of sensitive personal information.
How to exercise your rights
Most requests can be completed directly in your Quelvio account:
- Access your data: request a data export from your account profile
- Delete your account: use "Delete account" in your account settings — this triggers full deletion of your personal data and content within 30 days
For requests that cannot be completed in-app, or for inquiries about data processed about you by a customer organisation, email [email protected].
We respond to all rights requests within 30 days. Where a request is complex or we receive multiple requests from the same person, we may extend the response period by up to two additional months and will notify you of the extension within the initial 30-day window.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local data protection authority.
11. AI and automated processing
Quelvio uses artificial intelligence to provide its core service. We disclose the following so you can make informed decisions:
- Embeddings: when content is connected, we generate vector representations using third-party models (see Section 6.2). The original content travels to the embedding provider; the resulting vectors are stored on Quelvio infrastructure.
- Audio and video extraction: audio and video content is transcribed using third-party speech-to-text and analysis models (see Section 6.2). The audio or video file travels to the provider; the resulting transcript and extracted metadata are stored on Quelvio infrastructure.
- Synthesis: when you request a synthesised answer, your query and retrieved source excerpts are sent to a large language model provider (see Section 6.2). The provider returns a response which Quelvio cites and returns to you.
- No model training: we do not use customer content to train, fine-tune, or otherwise improve any AI model — neither our own nor those of our subprocessors. Subprocessor agreements explicitly prohibit training on customer queries or content.
- No automated decision-making with legal effect: Quelvio does not make decisions that produce legal or similarly significant effects about you using only automated processing. Quelvio is a knowledge retrieval and synthesis tool; downstream decisions are made by humans in your organisation.
12. How we protect your information
Encryption. Content is encrypted in transit (TLS 1.2+) and at rest (AES-256). Authentication tokens and OAuth credentials are stored in a dedicated secrets manager with per-tenant scoping.
Tenant isolation. Each customer's content lives in a separate logical namespace, enforced at every layer of the system — vector storage, database queries, retrieval pipeline, and audit logs. Cross-tenant access is not possible through the application layer.
Access controls. Quelvio personnel access to customer data is restricted, logged, and limited to debugging and support activities initiated at your request. Role-based access controls within customer organisations let administrators determine which employees can connect sources, run queries, or manage billing.
Audit logging. Administrative actions and content access events are logged with immutable timestamps. Customer administrators can review audit logs from their account.
Vulnerability management. We monitor dependencies for known vulnerabilities, apply security patches promptly, and conduct regular security reviews.
Incident response. If we become aware of a security incident affecting your personal data, we will notify you and the relevant supervisory authority in accordance with applicable law (typically within 72 hours of becoming aware of a notifiable breach).
No system is completely secure. The protections above represent the standard of care we commit to maintaining.
13. Children's privacy
Quelvio is a business-to-business service and not directed at children under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided personal data to us, contact [email protected] and we will take steps to delete it.
14. Cookies and similar technologies
Quelvio uses cookies and similar technologies for the following purposes:
Essential cookies. Required for the Service to function. These authenticate your session, remember your sign-in state, protect against cross-site request forgery, and maintain security. You cannot opt out of essential cookies because the Service will not work without them.
Analytics cookies. Used to understand how the Service is used in aggregate — which features are accessed, where users encounter errors, how performance varies across regions. Analytics data is processed in a way that does not identify individual users.
We do not use advertising cookies, retargeting cookies, or third-party tracking pixels for marketing purposes.
You can control cookies through your browser settings — most browsers let you refuse, accept, or delete cookies on a per-site basis. Disabling essential cookies will prevent you from signing in or using authenticated features.
15. Changes to this policy
We may update this policy from time to time. Material changes — including new subprocessors, expanded data uses, or changed retention periods — will be communicated to active account holders by email and posted at the top of this page at least 30 days before they take effect, where feasible.
The "Last updated" date at the top of this page reflects the most recent revision.
16. Contact
For privacy questions, complaints, or to exercise your rights:
Email: [email protected]
Postal address:
Rolle Ltd (Quelvio)
71–75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
If we cannot resolve your concern, you have the right to contact the UK Information Commissioner's Office at ico.org.uk or your local data protection authority.