Privacy Policy & Cookie Notice

1. Scope

This Privacy Policy explains how Quillmark LLC collects, uses, shares, and protects information through websites and services we operate, including Quillmark, Compliance Flag, contact forms, service inquiries, reports, and open-source project activity that links to this policy.

Quillmark LLC is responsible for this policy and for the information we collect through these websites and services.

2. Information You Provide

When you contact us, request information, buy or inquire about a service, or discuss a project, we may collect your name, email address, company or organization, website address, message text, project details, public page URLs, and any other information you choose to provide.

Please do not submit confidential client information, credentials, secrets, or sensitive personal information through public website forms.

3. Automatically Collected Information

When you use our websites, we and our service providers may process technical information such as IP address, user agent, browser and device details, referrer, approximate location derived from network information, pages visited, timestamps, form source, security tokens, and event data.

For contact-form rate limiting and abuse prevention, we may store hashed versions of IP addresses and email addresses rather than the raw values in rate-limit records.

4. Firebase, App Check, And reCAPTCHA Enterprise

Our websites use Google Firebase services, including Firebase Hosting, Cloud Functions for Firebase, Cloud Firestore, and Firebase App Check. Contact-form submissions may be processed by Firebase functions and stored in Cloud Firestore. Depending on configuration, submissions may also be appended to Google Sheets or sent as Gmail notifications for operational follow-up.

We use Firebase App Check with reCAPTCHA Enterprise to protect forms and backend endpoints from spam, fraud, and abuse. reCAPTCHA Enterprise may collect hardware and software information, such as device and application data, and send that data to Google for security analysis. reCAPTCHA Enterprise may set a necessary cookie named _GRECAPTCHA when executed for risk analysis. When reCAPTCHA Enterprise or other Google-hosted security resources are served from Google domains, Google may also set or read additional Google cookies in the visitor's browser, such as security, anti-abuse, preference, or account-session cookies.

Information processed by Google services is handled under Google's applicable service terms and data processing terms. We use these services to operate the websites, protect contact forms, prevent abuse, and maintain business records.

5. Analytics, Measurement, And Third-Party Resources

When allowed by your cookie preferences, we use Google Tag Manager, Google Analytics, or similar measurement tools to understand how visitors find and use the websites. These tools may process page views, events, browser details, approximate location, and related technical data. We use this information to improve site performance, content, and reliability.

If analytics is allowed, Google Analytics may set first-party analytics cookies, including _ga and _ga_<container-id>, to distinguish visitors and persist session state. Google Tag Manager and other Google services used on the websites may also cause Google domains to set or read additional cookies, including cookies used for security, fraud prevention, abuse prevention, preferences, measurement, or Google account session state. The exact cookie names can vary based on Google's services, browser settings, consent settings, and whether the visitor is signed in to a Google account.

Our websites use Google Fonts to display typography consistently across browsers. When a page loads, your browser may request font files from Google-hosted domains such as fonts.googleapis.com and fonts.gstatic.com. As part of serving those files, Google may receive your IP address, user agent, and referring page, and may process that information under Google's own terms. We use Google Fonts only to render the site's typography and not to identify you.

6. Cookie And Similar Technologies

Quillmark and Compliance Flag use necessary storage and access technologies to operate the sites, remember cookie preferences, protect contact forms, prevent abuse, and maintain security. For example, the sites may store a same-origin preference record named quillmark_cookie_consent_v1 so your analytics choice can be remembered, and reCAPTCHA Enterprise may set _GRECAPTCHA when the contact form is used or prepared for submission.

Analytics and similar non-essential measurement technologies are optional. Google Tag Manager and Google Analytics are not loaded unless analytics is allowed through the cookie preference banner or the footer's cookie preferences control. Rejecting non-essential technologies does not prevent you from reading the sites or submitting the contact form, although necessary security checks may still run when you use the form.

If we add advertising, remarketing, or other cross-site tracking technologies in the future, we will update this notice and the available controls before using them where consent or opt-out rights apply.

7. How We Use Information

We use information to respond to inquiries, evaluate fit for services, provide requested work, operate and secure the websites, prevent spam and abuse, maintain records, debug and improve systems, analyze site use, comply with legal obligations, and protect Quillmark, users, and third parties.

8. How We Share Information

We may share information with service providers that help us host, secure, analyze, communicate, and operate the websites and services, including Google Cloud, Firebase, Google Workspace, analytics providers, payment or checkout providers if used, professional advisers, and contractors working under appropriate obligations.

We may also disclose information if required by law, to protect rights and safety, to investigate abuse, in connection with a business transaction, or with your direction or consent.

9. Open-Source Project Activity

If you interact with Quillmark open-source projects through third-party platforms such as GitHub, those platforms may collect and display information according to their own policies. Public issues, pull requests, discussions, commits, comments, and profile details may be visible to others. We may use public project activity to maintain projects, respond to requests, improve documentation, and evaluate support needs.

Compliance Flag is a Quillmark Open Source Python CLI for creating review trails around RIA website marketing content. It can use third-party AI model providers as part of its review-support workflow. Quillmark and Compliance Flag are not endorsed by, sponsored by, or affiliated with any model provider unless expressly stated in writing.

If you use Compliance Flag with a third-party AI platform, API, model provider, package registry, repository host, or related service, information you submit to that provider may be processed under that provider's own terms, privacy policy, account settings, and data controls. Quillmark does not operate third-party AI platforms and does not control how those providers process information you send directly to them.

10. Retention

We retain information for as long as reasonably needed for the purposes described in this policy, including responding to inquiries, providing services, maintaining records, resolving disputes, improving operations, and meeting legal or accounting obligations. Retention periods may vary depending on the type of information and the context in which it was collected.

11. Security

We use administrative, technical, and organizational measures intended to protect information, including hosted infrastructure controls, access controls, HTTPS, security headers, spam-prevention tools, and rate limiting. No system can be guaranteed secure, and you should avoid sending sensitive information through public forms.

12. Your Choices

You may contact us to request access, correction, deletion, or other handling of personal information associated with you. We may need to verify your request and may retain information where required or permitted for legal, security, business, or recordkeeping reasons.

You can change analytics preferences using the cookie preferences control in the website footer. You can also use browser controls to block or delete cookies and local storage. Some security features, including reCAPTCHA Enterprise protections, may be necessary for forms or site features to work.

13. Children

Our websites and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

14. International Processing

Quillmark is based in the United States. Information may be processed in the United States and other locations where we or our service providers operate.

15. Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised date. Continued use of the websites after an update means the updated policy applies.

16. Contact

Questions about this policy, privacy requests, or service support can be sent to support@quillmark.ai.