Privacy Policy


Privacy Policy 

Version 1.0 

Quill Security Technology, LLC (“Company”) will only ever access the Client’s account to help with a problem or squash a software bug. The Company logs all access to all accounts by IP address, so the Company can always verify that no unauthorized access has happened for as long as the logs are kept. 


Identity & Access 

When the Client signs up for the Company’s service, we ask for the Client’s representative name, Client’s name, and email address. That's just so the Client’s representative can manage your new account, and Quill can send invoices, updates, or other essential information to the appropriate Client representative. Quill will not sell the Client’s personal information to third parties, and we won’t use the Client representative’s name or Client’s company name in marketing statements without expressed permission. 

For invoicing purposes, Quill will ask for billing information, such as, billing contact, email address and physical address.  Quill will not share the Client’s billing contact information with any 3rd parties. 

When the Client contacts Quill with a question or to ask for help, the Company will keep that correspondence, and the email address, for future reference. When the Client browses the Company’s marketing pages, Quill tracks that for statistical purposes (like conversion rates and to test new designs). Quill also stores any information Clients  volunteer, like surveys, for as long as it makes sense. 

Quill will never directly modify the Client’s information without expressed instruction to do so as part of an implementation, assessment, or support process. As the world changes, Quill will update our database of measures, threats, and other content used in providing the service. These updates may affect the information in the Client’s account, such as current asset risk, relative value of planned measures, and other aspects of the Client’s  organizational security posture or plans; and is a critical part of delivering up-to-date insights on Risk Assessment. 


The Sharing of Client’s Information : 

  • To provide products or services the Client has  requested. 

  • To investigate, prevent, or take action against violations of our Terms of Service, or as otherwise required by law. 

  • Quill will notify all Clients in writing of Privacy Policy changes before implementation of a new or revised Privacy Policy.  


Client’s Rights With Respect to Their Information   

Clients may have heard about the General Data Protection Regulation (“GDPR”) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, Quill recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include: 

  • Right of Access. This includes the Client’s right to access the personal information Quill gathers about the Client , and their right to obtain information about the sharing, storage, security and processing of that information. 

  • Right to Correction. This is the Client’s right to request correction of their personal information. 

  • Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires Quill to comply with the Client’s request to delete their information, fulfillment of the  request may prevent the Client  from using Quill services and may result in closing of the Client’s account. 

  • Right to Complain. Clients have the right to make a complaint regarding Quill’s handling of their personal information with the appropriate supervisory authority. 

  • Right to Restrict Processing. This is the Client’s right to request restriction of how and why their  personal information is used or processed. 

  • Right to Object. This is the right, in certain situations, to object to how or why the Client’s personal information is processed. 

  • Right to Portability. This is the Client’s right to receive the personal information Quill  has about the Client and the right to transmit it to another party. 

  • Right to not be subject to Automated Decision-Making. This is the right to object and prevent any decision that could have a legal, or similarly significant, effect on the Client from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between the Client  and Quill, is allowed by applicable European law, or is based on the Client’s  explicit consent. 

Many of these rights can be exercised by signing in and directly updating the Client’s  account information. If there are questions about exercising these rights or need assistance, please contact Quill at 


Law Enforcement 

Quill won’t hand the Client’s data over to law enforcement without a warrant or court order requiring Quill to comply . Quill flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless Quill is legally prevented from it, we’ll always inform the Client when such requests are made. 


Security & Encryption 

All data is encrypted via SSL/TLS when transmitted from Quill’s servers to the Client’s  browser. The database backups are also encrypted. Data isn’t encrypted while it's live in Quill’s database (since it needs to be ready to send to the Client when they  need it), but Quill will  go to great lengths to secure Client’s  data at rest—you can read more about that on our security page

For more information about how Quill will  keep your information secure, please review Quill’s security overview


Deleted Data 

When a Client cancels their account, Quill will ensure that nothing is stored on our servers past 30 days. Anything Clients delete on their account while it's active will also be purged within 30 days. 


Location of Site and Data 

Our servers operate in the United States. 


Changes & Questions 

Quill reserves the right to update the Privacy Policy — we’ll notify Clients about changes by emailing the account owner or by placing a prominent notice on our site. Clients can access, change or delete their  personal information at any time by contacting our support team.