1. Introduction

We value your privacy. Please read this Privacy Policy ("Policy") carefully before using the www.querious.ai website and the Querious application (collectively, the "Platform") operated by Querious, Inc., a Delaware corporation ("Querious," "we," "us," or "our"). This Policy describes how we collect, use, disclose, retain, and protect information in connection with the Platform.

Querious provides AI-powered legal conversational intelligence services designed for licensed attorneys and law firms ("Authorized Users"). The Platform processes audio from virtual meetings to generate meeting intelligence, including summaries, action items, issue-spotting prompts, and draft billing entries ("AI-Generated Outputs").

This Policy applies to all visitors, Authorized Users, and meeting participants who interact with the Platform. By accessing or using the Platform, you agree to the practices described in this Policy. If you disagree with any part, you do not have our permission to access or use the Platform.

This Policy should be read together with our Terms of Service and, where applicable, our BIPA Policy (for meetings involving Illinois participants).

2. Information We Collect

2.1 Account Information

When you register for the Platform, we collect: name, email address, postal and billing address, phone number, law firm or organization name, bar license number (if applicable), and payment information. This information is submitted directly by you during registration.

2.2 Meeting Audio and Communications

When an Authorized User activates the Platform for a virtual meeting, the Platform processes audio from that meeting in real-time. We want you to understand exactly how this works:

(a) Real-Time Audio Processing. Audio is captured and processed in real-time using streaming architecture. Audio is not stored, retained, or written to persistent storage. Audio data is permanently deleted upon completion of real-time processing during the active meeting session.

(b) Transcripts. By default, the Platform does not create or retain verbatim transcripts. Audio is processed solely to generate AI-Generated Outputs. However, Authorized Users may enable full transcript retention for specific conversations through Platform settings. When enabled, verbatim transcripts are stored on the Platform subject to the Authorized User’s retention period (default: 60 days) and are treated as privileged Client Communications under our Terms of Service.

(c) AI-Generated Outputs. The Platform generates summaries, action items, issue-spotting prompts, and draft billing entries based on the meeting audio. These AI-Generated Outputs may be stored on the Platform at the Authorized User's election.

(d) Attorney-Client Privileged Communications. Meeting audio may contain attorney-client privileged communications and attorney work product. We treat all meeting audio and AI-Generated Outputs as potentially privileged and confidential. Our handling of privileged communications is governed by Sections 2 and 3 of our Terms of Service.

2.3 Biometric Information (Voiceprints)

When speaker diarization or speaker identification features are enabled, the Platform may analyze unique voice characteristics of meeting participants to distinguish and attribute speech to individual speakers. These voice characteristics may constitute "voiceprints" — biometric identifiers under applicable law, including the Illinois Biometric Information Privacy Act (740 ILCS 14/10).

(a) Ephemeral Processing. Voiceprint data is generated in real-time during the meeting and exists only in volatile memory. It is never written to persistent storage.

(b) Immediate Destruction. All voiceprint data is permanently destroyed within sixty (60) seconds of the conclusion of each meeting session.

(c) BIPA Consent. ​     ​For meetings involving Illinois residents, we provide features to support obtaining informed written consent before collecting voiceprint data, as described in our BIPA Policy.

(d) No Sale or Trade. We do not sell, lease, trade, or otherwise profit from voiceprint data.

(e) PII Filtering. By default, the Platform’s PII filtering system removes personally identifiable information (names, titles, organizations, phone numbers) from AI-Generated Outputs, replacing them with bracketed placeholders (e.g., [Name], [Title], [Phone Number]). The Platform also anonymizes speaker attribution by default, using generic identifiers (“Speaker 1,” “Speaker 2”) rather than speaker names in notes and summary emails. You may adjust these settings through the Platform. When PII filtering or speaker anonymization is disabled, AI-Generated Outputs will contain the personally identifiable information present in the underlying meeting.

(f) Summary Emails. Following each meeting, the Platform may send the Authorized User a summary email containing selected sections of the AI-Generated Outputs (e.g., high-level summary, outline, follow-up tasks). The Authorized User controls which sections are included through Platform settings. When the “Attach Full PDF Summary” option is enabled, AI-Generated Outputs are transmitted as an email attachment and are thereafter subject to the Authorized User’s email provider’s retention and security policies, which may differ from the Platform’s policies. Querious does not control AI-Generated Outputs once they are transmitted via email.

2.4 Device and Technical Information

We automatically collect: IP address, device identifiers, browser type and version, operating system, referring URLs, pages visited, date and time of visits, and information about your interactions with the Platform. This information is collected through cookies, server logs, and similar technologies.

2.5 Calendar and Integration Data

If you connect your calendar (Microsoft Outlook, Google Calendar, or similar), we access meeting schedules, participant information, and meeting metadata solely to enable the Platform's meeting intelligence features. We do not access the content of your calendar events beyond what is necessary to identify and join scheduled meetings.

2.6 Commercial Information

We collect records of your subscription plan, purchase history, and billing transactions.

2.7 Multi-Jurisdiction Meetings

Virtual meetings frequently include participants located in different states or countries, each subject to different privacy, recording consent, and biometric data laws. Querious addresses multi-jurisdiction meetings as follows:

(a) Highest-Protection-Governs Principle. When a meeting includes participants from jurisdictions with different privacy requirements, Querious applies the most protective standard to the entire meeting. For example, if one participant is in an all-party consent state and another is in a one-party consent state, Querious treats the meeting as requiring all-party consent.

(b) Biometric Consent. If any meeting participant is an Illinois resident or physically present in Illinois, the BIPA consent requirements described in Section 2.3 and our BIPA Policy apply to the entire meeting. Querious recommends that Authorized Users with any Illinois nexus enable BIPA-compliant consent for all meetings through Platform settings.

(c) Recording Consent. If any meeting participant is located in an all-party consent jurisdiction (including California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Vermont, and Washington), Querious provides features to support obtaining affirmative consent from all participants before audio processing begins, consistent with Section 5 of our Terms of Service.

(d) International Participants. If any meeting participant is located outside the United States, additional data protection requirements may apply, including the European Union General Data Protection Regulation (GDPR) and similar international laws. Authorized Users should consult with qualified counsel before using the Platform for meetings involving international participants. Querious will cooperate with Authorized Users to execute appropriate data transfer mechanisms (e.g., Standard Contractual Clauses) upon request.

(e) Unknown Jurisdictions. If the jurisdictions of all meeting participants cannot be determined, Querious defaults to the most protective compliance posture: all-party recording consent and BIPA-compliant biometric consent are required before audio processing begins.

3. How We Use Your Information

3.1 Providing the Platform

We use your information to operate, maintain, and improve the Platform, including processing meeting audio, generating AI-Generated Outputs, managing your account, processing payments, and providing customer support.

3.2 No AI Model Training on Your Data

We do not use meeting audio, AI-Generated Outputs, voiceprint data, or any other content from your meetings to train, fine-tune, evaluate, or improve any artificial intelligence or machine learning model.

This prohibition is enforced through architectural separation of production and training data pipelines. Our production infrastructure and any model training systems are physically and logically separated at the network level, making it technically impossible for your meeting data to enter training pipelines. Our third-party AI providers (currently including OpenAI and Anthropic, operating within private cloud instances) are contractually prohibited from using your data for model training.

3.3 Communications

We may use your email address to send service-related notices (e.g., account verification, billing, technical updates, security alerts). We may also send marketing and promotional communications with your consent. You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email or contacting support@querious.ai. Marketing communications are based solely on your account registration information (name and email address). We never use meeting audio, AI-Generated Outputs, voiceprint data, meeting participant identities, meeting content, or any information derived from the substance of your meetings for marketing, advertising, profiling, or targeted content of any kind. Meeting data is used exclusively for providing meeting intelligence services as described in Section 3.1.

3.4 Security and Fraud Prevention

We use device and technical information to detect security incidents, protect against malicious or fraudulent activity, and enforce our Terms of Service.

3.5 Analytics

​​​We use analytics services to understand how users interact with the Platform, improve user experience, and diagnose technical issues. Analytics data is collected in aggregate form and does not include meeting audio, AI-Generated Outputs, or any privileged communications.

3.6 Legal Compliance

We may use your information to comply with applicable laws, respond to valid legal process, and enforce our legal rights.

4. Information We Share

We do not sell your personal information. We share information only as described below:

4.1 Third-Party AI Infrastructure Provider

Meeting audio is processed by Meeting audio is processed by third-party AI providers (currently including OpenAI and Anthropic) operating within Querious’s secure cloud environment. These providers process audio through private, isolated model instances that are not shared with other customers. Each provider is contractually prohibited from using your data for model training, is required to delete all input data upon completion of processing, and is subject to confidentiality obligations no less protective than those in our Terms of Service.

4.2 Service Providers

We share information with third-party service providers who assist us in operating the Platform, processing payments, providing customer support, and sending communications. These providers are contractually required to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

4.3 Meeting Platform Integrations

The Platform integrates with Microsoft Teams, Zoom, and Google Meet. When the Platform joins a meeting, it accesses meeting audio through the meeting platform's API. We do not share your meeting content with these meeting platform providers beyond what is inherent in the Platform's participation in the meeting.

4.4 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request. However, because meeting audio and AI-Generated Outputs may contain attorney-client privileged communications, we follow the subpoena response protocol described in Section 4 of our Terms of Service before disclosing any such information. This includes notifying the affected Authorized User, asserting privilege, and declining to produce absent a court order.

4.5 No Other Sharing

We do not share meeting audio, AI-Generated Outputs, voiceprint data, or any other meeting content with advertisers, data brokers, or any other third parties not described in this Section 4.

 Third-Party Disclosure Summary  

5. Data Retention and Deletion

5.1 Meeting Audio

Meeting audio is processed ephemerally and is never retained. Audio is permanently deleted upon completion of real-time processing during the active meeting session.

5.2 Voiceprint Data

Voiceprint data (biometric identifiers) is processed ephemerally and permanently destroyed within sixty (60) seconds of the conclusion of each meeting session. Under no circumstances is voiceprint data retained longer than three (3) years from the individual's last interaction with Querious, as required by 740 ILCS 14/15(a). Our complete Biometric Data Retention and Destruction Policy is publicly available at www.querious.ai.

5.3 AI-Generated Outputs

AI-Generated Outputs (summaries, action items, insights) and, if enabled by the Authorized User, full transcripts are retained on the Platform for sixty (60) days following the conversation, unless the Authorized User specifies a shorter retention period through the Platform’s profile settings. Authorized Users may delete AI-Generated Outputs and transcripts at any time through the Platform interface. Upon expiration of the retention period, outputs and transcripts are automatically and permanently deleted.

5.4 Account Information

Account and identifying information is retained for the duration of your account and for sixty (60) days following account termination, after which it is deleted or anonymized.

5.5 Commercial Information

Subscription and billing records are retained until you terminate your subscription and for any additional period required by applicable law (e.g., tax record retention requirements).

5.6 Technical and Analytics Data

Device, browsing, and analytics data is retained until you terminate your subscription or for the period necessary to fulfill the purposes described in this Policy, whichever is shorter.

5.7 Deletion Requests

You may request deletion of your personal information at any time by contacting support@querious.ai. Upon receipt of a verified deletion request, we will delete or anonymize your personal information within seven (7) business days, except where retention is required by applicable law or necessary to complete a transaction you requested.

6. Security

We implement security measures consistent with ABA Formal Opinion 477R (2017) requirements for reasonable efforts to protect client confidentiality:

(a) Azure Cloud Environment. All Platform operations run within Microsoft Azure's secure cloud infrastructure.

(b) Private AI Instances. AI models operate on private, isolated instances not shared with other customers.

(c) Encryption. All data in transit and at rest is encrypted using industry-standard protocols (TLS 1.2 or higher; AES-256 at rest).

(d) Access Controls. Personnel access to meeting content and AI-Generated Outputs is restricted to essential automated systems only. No Querious personnel access privileged communications in decrypted form except as strictly necessary for technical support and only with the Authorized User's prior consent.

(e) SOC 2 Type II Certification. We maintain SOC 2 Type II certification, demonstrating annual independent audit of our security controls.

(f) Breach Notification. In the event of a security incident affecting your data, we will notify you within twenty-four (24) hours, consistent with Section 6.3 of our Terms of Service.

7. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies for the following purposes:

(a) Identifying whether you are signed in to the Platform;

(b) Storing your preferences and settings;

(c) Analyzing Platform traffic and usage patterns (via Microsoft Clarity);

(d) Testing content and improving user experience; and

(e) Security and fraud prevention (via reCAPTCHA and Cloudflare Turnstile).

Most browsers automatically accept cookies. You may modify your browser settings to decline cookies, though this may affect Platform functionality.

7.1 Advertising and Remarketing

The Platform uses the LinkedIn remarketing service and LinkedIn Insights Tag for measuring conversions from our advertisement campaigns. You may opt out by visiting LinkedIn's advertising preferences. We do not serve third-party advertisements on the Platform or within meetings.

Cookies and tracking technologies are never used within or applied to meeting audio, meeting content, or AI-Generated Outputs. Tracking technologies apply only to your interactions with the Querious website and application interface.

8. Children's Privacy

The Platform is designed for use by licensed attorneys and legal professionals. It is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

9.1 Rights Available to All Users

(a) Access. The right to confirm whether we process your personal information and to access the information we hold about you.

(b) Correction. The right to request that we correct inaccurate personal information.

(c) Deletion. The right to request that we delete your personal information, subject to applicable legal exceptions.

(d) Portability. The right to receive your personal information in a portable, readily usable format.

(e) Opt-Out of Sale. The right to opt out of the sale of your personal information. We do not sell personal information.

(f) Non-Discrimination. The right not to be discriminated against for exercising your privacy rights.

9.2 Additional Rights for Illinois Residents (BIPA)

If you are an Illinois resident, you have additional rights under the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.) with respect to voiceprint data, including the right to written notice before collection, the right to provide or withhold informed written consent, and the right to have voiceprint data permanently destroyed in accordance with our published retention and destruction policy. These rights are described in detail in our BIPA Policy at www.querious.ai.

9.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know the categories and specific pieces of personal information collected, the right to request deletion, the right to opt out of sale or sharing, and the right to limit the use of sensitive personal information. Voiceprint data is classified as sensitive personal information under CCPA/CPRA.

9.4 Meeting Participants Who Are Not Authorized Users

If you participated in a meeting in which the Platform was activated but you are not a registered Authorized User, you have the same privacy rights described in this Section 9 with respect to any personal information (including voiceprint data) that the Platform collected from you during that meeting. To exercise these rights, contact us at support@querious.ai and identify the approximate date and time of the meeting.

9.5 Exercising Your Rights

Privacy Dashboard. Authorized Users may exercise many of their privacy rights directly through the Querious Privacy Dashboard, accessible within the Platform at app.querious.ai. The Privacy Dashboard allows you to: (i) view the categories of personal information Querious holds about you; (ii) download your personal information in a portable format; (iii) delete AI-Generated Outputs and associated meeting data; (iv) manage your consent preferences, including biometric consent settings for Illinois meetings; (v) view your consent history; (vi) opt out of marketing communications; and (vii) request full account deletion. The Privacy Dashboard provides immediate self-service access to your data and does not require you to submit a formal request or wait for a response period.

Formal Requests. For rights that cannot be exercised through the Privacy Dashboard, or if you are a non-user meeting participant without a Querious account, you may submit a formal request to:

Querious, Inc.

Attn: Privacy Team

Email: support@querious.ai

Web: www.querious.ai

We will verify your identity before processing your request. We will respond to most requests within thirty (30) to forty-five (45) days of receipt. If additional time is needed, we will notify you in writing. We do not charge a fee for processing requests, except for repetitive or unfounded requests as permitted by law.

You may designate an authorized agent to exercise your rights on your behalf. We will require the agent to provide a valid power of attorney or other evidence of authorization.

You have the right to appeal a refusal to act on a privacy request. Appeals may be submitted to support@querious.ai. We will respond to appeals within forty-five (45) days.

10. Do Not Track

Do Not Track ("DNT") is a browser preference that signals websites not to track you. We do not currently respond to DNT signals.

11. Third-Party Websites

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read their privacy policies before providing personal information.

12. International Users

The Platform is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. By using the Platform, you consent to this transfer. If you are subject to the European Union General Data Protection Regulation (GDPR) or similar international data protection laws, please contact us at support@querious.ai to discuss appropriate data transfer mechanisms.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated to Authorized Users by email at least thirty (30) days before the effective date. The "Last Updated" date at the top of this Policy indicates the most recent revision. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

If you have questions about this Privacy Policy, please contact:

Querious, Inc.

Attn: Privacy Team

Email: support@querious.ai

Website: www.querious.ai

‍