Nquiry

Privacy Policy

Version 1.0Effective: March 31, 2026Last Updated: March 31, 2026

1. Introduction

JE Vectors LLC (“Company,” “we,” “us,” or “our”) is a Florida limited liability company that operates Nquiry and ConKurrence (each a “Service,” collectively the “Services”). This Privacy Policy explains how we collect, use, store, and protect information when you use our Services.

We are committed to protecting the privacy and security of your data. Our Services are designed for professionals who may work with sensitive information, and our data handling practices reflect the care that responsibility requires.

This Privacy Policy applies to all Services. Where data handling differs by Service, the relevant Product Privacy Addendum (attached below) provides the details.

2. Information We Collect

2.1 Account Information

When you create an Account on any Service, we collect:

  • Name
  • Email address
  • Password (stored in hashed form by Amazon Cognito; we never have access to your plaintext password)

2.2 Customer Data

Customer Data is information you upload to or create within a Service. The specific types of Customer Data differ by Service and are described in the applicable Product Privacy Addendum.

2.3 Usage Data

We automatically collect certain information about how you use our Services:

  • Login timestamps and session duration
  • Features used and pages visited
  • AI processing requests (type and frequency, not content)
  • Browser type and operating system
  • IP address

2.4 Audit Log Data

For security and compliance purposes, we maintain detailed audit logs of actions taken within each Service, including:

  • User actions (create, read, update, delete operations)
  • Resource access events
  • Authentication events
  • Administrative actions

3. How We Use Your Information

3.1 To Provide the Services

We use your information to:

  • Operate and maintain your Account
  • Process and store Customer Data
  • Generate AI Outputs based on your data and requests
  • Provide customer support
  • Send transactional communications (password resets, security alerts, service notifications)

3.2 To Improve the Services

We use aggregated, de-identified usage data to:

  • Monitor Service performance and reliability
  • Identify and fix technical issues
  • Improve features and user experience

We do not use your Customer Data content to train AI models, develop new products, or for any purpose other than providing the Services to you.

3.3 To Ensure Security

We use information to:

  • Detect and prevent unauthorized access
  • Monitor for security threats
  • Maintain audit trails for compliance

4. AI Processing and Data Handling

4.1 Core AI Data Commitments

These commitments apply to all AI processing across all Services:

  • No model training: Your Customer Data is not used to train, fine-tune, or improve any AI models. Amazon Bedrock does not retain customer inputs or outputs for model training.
  • No model provider access: The AI model providers (e.g., Anthropic, Meta, Mistral) do not have access to your prompts, data, or results when processing occurs through Amazon Bedrock. Amazon Bedrock's architecture isolates customer data from model providers.
  • No retention by AI services: Amazon Bedrock does not retain your inputs or outputs after processing is complete.

4.2 Service-Specific AI Processing

The specific data flows, models used, and processing details differ by Service and are described in each Product Privacy Addendum below.

4.3 Third-Party AI Providers (ConKurrence Only)

If you configure ConKurrence to use AI providers other than Amazon Bedrock (such as OpenAI or Google), your data is sent directly to those providers. Each provider's own privacy policy and data handling practices apply. We do not control how third-party providers handle your data once it is transmitted to them. See Product Privacy Addendum B for details.

5. Data Storage and Security

5.1 Infrastructure

All data for our hosted Services is stored on Amazon Web Services (AWS) infrastructure in the US-East-1 (N. Virginia) region. Our infrastructure is covered under an AWS Business Associate Agreement (BAA) for HIPAA-eligible workloads.

5.2 Encryption

  • At rest: All data is encrypted using AES-256 encryption via AWS Key Management Service (customer-managed keys for databases and caches; SSE-S3 for file storage)
  • In transit: All data transmitted between you, the Services, and AWS services is encrypted using TLS 1.2 or higher

5.3 Access Controls

  • Tenant isolation: User data is isolated using PostgreSQL Row Level Security (RLS) policies. Users can only access their own data.
  • Authentication: User authentication is managed by Amazon Cognito with support for multi-factor authentication (MFA) and advanced security features (adaptive authentication, compromised credential detection).
  • Network security: Application infrastructure runs in private VPC subnets. Web traffic is protected by AWS WAF (OWASP Top 10 rules, bot protection, IP reputation, rate limiting). All API endpoints require authenticated sessions.
  • Audit logging: All data access events are logged via AWS CloudTrail. Logs are encrypted and retained per our retention policy.

5.4 Personnel Access

Access to production systems and Customer Data is restricted to authorized Company personnel who require access to operate and maintain the Services. All access is logged and auditable.

6. Data Sharing

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or Customer Data to third parties. We do not serve advertising within our Services and do not share data with advertisers.

6.2 Service Providers

We use the following third-party service providers to operate our Services:

ProviderPurposeData SharedApplicable Services
Amazon Web ServicesInfrastructure, AI processing (Bedrock), authentication (Cognito), storage (S3, RDS), security (WAF, CloudTrail, KMS)All Service data (under BAA)All
StripePayment processingEmail, subscription status, payment informationNquiry, ConKurrence (direct billing)
AWS MarketplaceSubscription and billing for Marketplace customersAccount identifiers, usage metering dataConKurrence (Marketplace billing)

If you configure ConKurrence to use non-Bedrock AI providers, those providers also receive your evaluation data. See Product Privacy Addendum B.

We require our service providers to protect your data in accordance with applicable law and our contractual requirements.

6.3 Legal Requirements

We may disclose your information if required by law, regulation, or legal process, including:

  • Court orders or subpoenas
  • Government requests in accordance with applicable law
  • Protection of our rights, property, or safety

We will notify you of such disclosure to the extent legally permitted.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

7. Data Retention

7.1 General Retention

Customer Data is retained for as long as your Account is active. Service-specific retention details are described in each Product Privacy Addendum.

7.2 Account Closure

Upon Account closure:

  • You will have 30 days to export your Customer Data
  • After the 30-day export period, all Customer Data is permanently deleted
  • Account information (name, email) is retained for 90 days for fraud prevention, then deleted
  • Audit logs are retained for 1 year for compliance purposes, then deleted

7.3 Legal Hold Exception

Notwithstanding the above, we may retain Customer Data or audit logs beyond the stated periods if required by applicable law, regulation, or valid legal process. We will notify you of any such retention to the extent legally permitted.

7.4 Deletion Requests

You may delete individual data items at any time through each Service's interface. Deletion is permanent and includes all associated data.

8. Your Rights

8.1 Access and Export

You may access and export your Customer Data at any time through each Service's export functionality.

8.2 Correction

You may correct your Account information at any time through your Account settings.

8.3 Deletion

You have the right to delete your Account and all associated Customer Data. Contact support@nquir.ai to initiate Account deletion.

8.4 Data Portability

Each Service's export functionality provides your Customer Data in portable, standard formats (JSON, CSV, original file formats for attachments as applicable).

8.5 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to:

  • Request access to your personal data
  • Request correction of inaccurate personal data
  • Request deletion of your personal data
  • Object to processing of your personal data
  • Request restriction of processing
  • Data portability
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact privacy@nquir.ai.

8.6 California Privacy Rights (CCPA)

If you are a California resident, you have rights under the CCPA. We do not sell personal information. You have the right to know what personal information we collect, request deletion, and not be discriminated against for exercising your rights. Contact privacy@nquir.ai to exercise these rights.

9. Cookies and Tracking

9.1 Essential Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the Services to function and cannot be disabled.

9.2 Analytics

We may use analytics tools to understand how the Services are used. Analytics data is aggregated and does not include Customer Data content.

9.3 No Advertising

We do not use advertising cookies or tracking pixels. We do not serve ads within the Services and do not share data with advertisers.

10. Children's Privacy

The Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. International Data Transfers

Our Services are hosted in the United States. If you are accessing the Services from outside the United States, your data will be transferred to and processed in the United States. We rely on standard contractual clauses and other lawful transfer mechanisms as appropriate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before the changes take effect. Your continued use of any Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

JE Vectors LLC
Vero Beach, Florida
Email: privacy@nquir.ai
Website: https://nquir.ai

For security concerns: security@nquir.ai
For HIPAA/BAA requests: compliance@nquir.ai
For GDPR/CCPA requests: privacy@nquir.ai

Product Privacy Addendum A: Nquiry

This addendum supplements the Master Privacy Policy for the Nquiry service.

A.1 Customer Data Types

Customer Data in Nquiry includes:

  • Evidence items (text content, descriptions, metadata)
  • File attachments (documents, images, and other files)
  • Investigative questions and topics
  • Notes and annotations
  • AI analysis results that you save
  • Inquiry structure and organization metadata

Customer Data may contain personally identifiable information (PII) and protected health information (PHI) about the subjects of your investigations or audits. We understand this is inherent to the oversight work the Service supports. We process this data solely to provide the Service and take appropriate measures to protect it.

A.2 AI Processing Details

Models Used

  • Analysis generation: Anthropic Claude (via Amazon Bedrock)
  • Quality evaluation: Anthropic Claude (via Amazon Bedrock)
  • Semantic search: Amazon Titan Text Embeddings V2 (via Amazon Bedrock)
  • Content safety: Amazon Bedrock Guardrails

Data Flow

When you request an AI analysis:

  1. Relevant evidence is retrieved from your inquiry via semantic search (embeddings) and keyword search
  2. Evidence text and your question are sent to Amazon Bedrock for analysis
  3. The generated analysis undergoes automated quality checks via separate Bedrock calls
  4. Results are returned to you and stored in your inquiry

All AI processing occurs within AWS infrastructure in the US-East-1 region. Evidence content is not cached or retained by Bedrock after processing.

A.3 PHI/PII Safeguards

Nquiry includes Amazon Bedrock Guardrails configured to detect patterns including Social Security numbers, medical record numbers, National Provider Identifiers, DEA numbers, health plan IDs, and other common identifiers. These safeguards operate on a best-effort basis and do not replace your organization's compliance obligations.

A.4 HIPAA

If your use of Nquiry involves protected health information, you must execute a Business Associate Agreement before uploading any PHI to the Service. Contact compliance@nquir.ai.

A.5 Data Retention

Customer Data is retained for as long as your Account is active. Deletion of an inquiry permanently deletes all associated data. Nquiry is a workspace, not an archival system.

A.6 File Storage

Evidence file attachments are stored in private Amazon S3 buckets encrypted with AWS KMS. Files are accessed only through time-limited, signed URLs.

Product Privacy Addendum B: ConKurrence

This addendum supplements the Master Privacy Policy for the ConKurrence service.

B.1 Customer Data Types

Customer Data in ConKurrence includes:

  • Evaluation schemas (criteria definitions, rating scales, instructions)
  • Data items submitted for evaluation
  • Run configurations (model selections, parameters)
  • Evaluation results (per-item ratings, inter-rater statistics, golden datasets)
  • Anchor libraries (expert-calibrated reference items)

B.2 AI Processing Details

Models Used (Default)

Evaluation via Anthropic Claude and other models via Amazon Bedrock Converse API. All Bedrock processing is covered by the commitments in Section 4.1.

Third-Party AI Providers (Optional)

ConKurrence supports evaluation using AI models from providers other than Amazon Bedrock. If you configure third-party providers:

ProviderWhat Is SentTheir Data Policy
OpenAIEvaluation schema + data itemsSubject to OpenAI's API data usage policy
Google (Gemini)Evaluation schema + data itemsSubject to Google's API terms of service

You control which providers are used. No data is sent to any third-party provider unless you explicitly configure and run an evaluation using that provider.

You assume all risk for third-party provider data handling. The Company's data commitments in Section 4.1 apply only to processing through Amazon Bedrock and do not extend to third-party providers.

B.3 Data Retention

Evaluation schemas, data items, run configurations, and results are retained for as long as your Account is active. You may delete individual evaluation runs or schemas at any time.

B.4 No PHI Processing

ConKurrence is not designed for processing protected health information.