QuorumIQ

Privacy Policy

Last updated: 27 April 2026

This is the plain English version of how we look after your information. We've tried to keep it short and clear. If anything is unclear or you want more detail, email us at hello@QuorumIQ.nz.

Who we are

QuorumIQ is a New Zealand owned and operated governance support platform for clubs, societies, and community organisations.

What this policy covers

This policy is written under the New Zealand Privacy Act 2020. If you're using QuorumIQfrom Australia or the United Kingdom in future, equivalent rights will apply under those countries' privacy laws.

What we collect

When you use QuorumIQ, we collect:

  • Account information — your email, name, and role in your club
  • Club data — members, conflict of interest disclosures, meeting minutes, decisions, policies, health and safety records, member communications, assets, and any documents you upload
  • Member personal information — including names, dates of birth, ages, addresses, and contact details. Your club collects this; we process it on your behalf
  • Basic usage data — auth cookies (so you stay signed in) and error logs. No third-party tracking, no analytics

How we use your data

  • To run the service for you
  • To power AI assistance, grounded only in your own records
  • To provide support when you ask for it
  • To send transactional emails (invites, notifications, receipts)
  • To keep the platform secure
  • To meet our own legal obligations

We don't sell your data. We don't share it for marketing.

AI — how it works and what it sees

QuorumIQuses AI (Anthropic's Claude API) for features like governance assistance, search, and document understanding. Here's what that means in practice:

  • Only the data needed for the request is sent to the AI, scoped to your club
  • Anthropic does not train their models on data sent through their API
  • We use prompt caching to make AI faster and cheaper — cached prompts have a short retention window
  • AI output is assisted judgement, not formal legal, financial, or professional advice. Your committee still makes the decisions
  • We do not use your data to train any AI models of our own

Where your data lives — sub-processors

We use trusted providers to run the service. Each one only sees the data they need to do their job.

ProviderWhat they doWhere
SupabaseDatabase, sign-in, file storageSydney, Australia
VercelApp hostingSydney region
Anthropic (Claude)AI featuresUnited States
ResendTransactional emailUnited States
XeroSubscription billingNew Zealand / Australia
NZBN APIPublic business lookup only — no personal info sentNew Zealand
Independent advisorsOnly when your club asks for them — scoped, time-limited, under their own confidentiality termsNew Zealand

Cross-border data

Most of your data stays in Sydney. AI prompts go to the United States to be processed by Anthropic. Transactional emails are sent through Resend in the United States. We've picked providers with strong privacy commitments.

Security

  • Data is encrypted at rest and in transit
  • Each club's data is isolated at the database layer — queries are always scoped to your club
  • We log who does what for audit purposes
  • Access to production systems is restricted to a small number of QuorumIQ staff

Who can see your data

Your club's authorised users — that's it. QuorumIQstaff don't routinely look at your data. We'll only access it when you ask us to (for support), and only for as long as we need to.

Independent advisors

You can grant a named third-party advisor access to your data for a defined period to help with a specific governance matter. You decide who, when, and for how long. Access ends automatically when the period is up.

Advisors operate under their own engagement terms and confidentiality obligations. We can provide ours and theirs on request. You're never bound by what an advisor recommends — the decision is always your committee's.

How long we keep your data

  • While you're a customer: we keep your data for at least 7 years. This lines up with statutory record-keeping requirements that apply to incorporated societies (Companies Act, IRD, Charities Act)
  • If you cancel:we'll keep your data for at least 90 days so you can export or request a return of it. After that, we may delete it

Your rights under the Privacy Act 2020

You can ask us to:

  • Show you what personal information we hold about you
  • Correct anything that's wrong
  • Delete it (subject to our retention obligations above)

Email hello@QuorumIQ.nz to make a request. If you're not happy with how we handle it, you can complain to the Office of the Privacy Commissioner.

Children and young people

Clubs sometimes have members under 16. Your club is responsible for getting any parental consent that's needed before adding them. We apply reasonable safeguards on our side.

Cookies

We only use cookies that are essential for keeping you signed in. No analytics cookies, no tracking cookies, no third-party cookies.

Changes to this policy

We may update this policy from time to time. If we make a meaningful change, we'll let you know. The date at the top tells you when it was last updated.

Contact

Questions about privacy? Email hello@QuorumIQ.nz.