Privacy Policy

Edvanta Technologies Private Limited ("Edvanta", "we", "us", or "our"), a company incorporated under the laws of India with its registered office in Noida, Uttar Pradesh, India, operates Quad ("the Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Quad.

We are committed to protecting your privacy and complying with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and applicable international privacy regulations.

1. Information We Collect

1.1 Account Information

When you create a Quad account, we collect your name, email address, institution name, and role. If you sign up using a third-party provider (Google, Microsoft), we receive basic profile information from that provider.

1.2 Content and Task Data

When you use AI Experts, we process the instructions you provide, the data accessed from your Connected Systems, and the output generated. This data is processed to perform the task you requested and for audit logging.

1.3 Connected System Credentials

When you connect third-party services (Canvas, Salesforce, Google Workspace, etc.), OAuth tokens or API keys are stored in an encrypted vault. The AI never has access to raw credentials. Credentials are used solely to execute tasks you authorise.

1.4 Usage Data

We automatically collect information about how you interact with the Platform, including pages visited, features used, task types, timestamps, browser type, device information, and IP address.

1.5 Memory and Preferences

With your consent, Quad stores learned preferences and institutional knowledge ("Operator Memory") to improve future task execution. This may include style preferences, assessment standards, reporting formats, and workflow patterns.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Platform
• Execute tasks delegated to AI Experts on your behalf
• Store preferences and institutional knowledge (with consent)
• Send Morning Briefing emails and notifications you have enabled
• Improve Platform performance, accuracy, and reliability
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Communicate service updates, changes, and support

We do not use your Content to train AI models. Your data is processed to serve your requests only.

3. Consent Management

Quad provides granular consent controls. You can manage your preferences for:

• AI Processing — Required for core functionality. Tasks are processed through AI models to generate output.
• Memory Storage — Optional. Allows Quad to remember your preferences and institutional patterns across sessions.
• Data Sharing — Optional. Enables sharing of anonymised, aggregated usage insights.
• Analytics — Optional. Helps us understand how the Platform is used to improve the experience.
• Education Records — Optional. Required for tasks that access student data. Subject to FERPA and equivalent protections.

You can update or revoke consent at any time from your account settings. Revoking consent will not affect the lawfulness of processing carried out before revocation.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• AI Providers — Task instructions and relevant context are sent to Anthropic (our AI provider) for processing. This data is subject to Anthropic's data processing terms and is not used for model training.
• Infrastructure Providers — We use Vercel (hosting), Supabase (database), and other service providers who process data on our behalf under strict contractual obligations.
• Connected Systems — When you authorise Quad to write to your systems (LMS, CRM, email), data is sent to those services as directed by you.
• Legal Requirements — We may disclose information if required by law, regulation, legal process, or government request.

5. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Encrypted credential storage in a dedicated vault
• Row-level security on all database tables
• Append-only access logs for full audit trail
• PII detection and automatic redaction in execution traces
• Trust-level controls that limit what AI Experts can do without approval
• Regular security assessments and vulnerability monitoring

No system is completely secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

• Account data — Retained until account deletion, plus 30 days for data export
• Execution traces — Retained for 90 days by default (configurable per operator)
• Operator Memory — Retained until you delete it or revoke memory consent
• Access logs — Retained for 12 months for audit and compliance
• Aggregated analytics — May be retained indefinitely in anonymised form

7. Your Rights

Under the DPDP Act and applicable privacy laws, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete personal data
• Erasure — Request deletion of your personal data, subject to legal retention obligations
• Portability — Request export of your data in a machine-readable format
• Withdraw Consent — Withdraw consent for optional processing at any time
• Grievance Redressal — Lodge a complaint with us or with the Data Protection Board of India

To exercise any of these rights, contact us at yogesh@quadhq.ai. We will respond within 30 days.

8. Education Records and FERPA

If you use Quad to process student education records, we act as a "school official" with a legitimate educational interest under FERPA (for US institutions) or equivalent regulations. We will:

• Process education records only as directed by you and only for the purposes you specify
• Not disclose education records to third parties except as required to provide the service
• Maintain appropriate security controls for education records
• Return or delete education records upon termination of the service agreement

9. International Data Transfers

Our Platform infrastructure is hosted on servers that may be located outside India. When your data is transferred internationally, we ensure adequate safeguards are in place, including contractual protections with our service providers, in compliance with the DPDP Act and applicable cross-border transfer requirements.

10. Cookies and Tracking

Quad uses essential cookies for authentication and session management. We do not use third-party advertising trackers. Analytics cookies (if enabled via consent) help us understand usage patterns. You can manage cookie preferences through your browser settings.

11. Children's Privacy

Quad is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are an educational institution that processes student data through Quad, you are responsible for ensuring compliance with applicable laws regarding minors' data, including obtaining necessary parental or institutional consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Platform at least 15 days before they take effect. The "Effective date" at the top of this page indicates when the policy was last revised. Your continued use of Quad after changes take effect constitutes acceptance of the updated policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the Grievance Officer for Quad is:

Grievances will be acknowledged within 48 hours and resolved within 30 days.