Privacy Policy

How we collect, use, and protect your personal information.

Last updated: March 13, 2026

Introduction

OrchIntel ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website orchintel.com or use our services, including the QiXCite legal citation validation service and Microsoft Word Add-in.

QiXCite Citation Validation Service

QiXCite is a legal citation validation service available as a Microsoft Word Add-in and through the IOA Cloud console. When you use QiXCite, additional data processing applies:

Data Processed by QiXCite

  • Citation text: The legal citation string you submit for validation (e.g., case names, citation numbers, quoted passages) is transmitted to IOA Cloud servers for processing. No other document content is transmitted.
  • Validation results: Results are stored as evidence bundles with integrity metadata linked to your IOA Cloud account for audit and compliance purposes.
  • Usage counts: We record the number of citation validations performed per account per month for quota enforcement and billing.
  • Jurisdiction: The jurisdiction you select or that is detected from your citation is used to route the query to the appropriate legal database.

Third-Party Legal Databases

To validate citations, QiXCite queries authoritative third-party legal databases. Citation text (the citation string only) may be transmitted to these services:

  • CourtListener (Free Law Project): US federal and state court opinions — Terms of Service
  • CanLII (Canadian Legal Information Institute): Canadian federal and provincial court decisions — Terms of Use
  • AustLII (Australasian Legal Information Institute): Australian and New Zealand court decisions — Terms of Use
  • OpenLaw NZ: New Zealand court decisions and legislation
  • The National Archives (Find Case Law): UK court judgments — Terms of Use
  • EUR-Lex (Publications Office of the EU): EU legislation and Court of Justice decisions
  • Crossref: Academic journal article metadata and DOI resolution — Privacy Policy

We do not transmit personally identifiable information to these services. Only citation text submitted for validation is shared with the applicable provider.

Microsoft Word Add-in

The QiXCite Microsoft Word Add-in runs inside Microsoft Word and communicates with IOA Cloud servers (api.orchintel.com) to perform citation validation. The Add-in does not access, read, or transmit any document content other than citation text you explicitly submit through the task pane. Add-in usage is subject to Microsoft's Services Agreement.

QiXChat Web Assistant

QiXChat is available on web surfaces such as qix.chat and chat.orchintel.com, with governance services provided through IOA Cloud. When you use QiXChat, additional data processing applies:

Data Processed by QiXChat

  • Messages and prompts: Text you submit in chat, plus assistant responses generated for your session.
  • Session metadata: Session IDs, timestamps, mode selection, domain profile, and governance metadata used for routing, policy enforcement, and troubleshooting.
  • Quota and access state: Account or guest-tier usage counters (for example, remaining messages and active session limits) used to enforce service limits.
  • Evidence metadata: Where enabled by deployment or policy, evidence records may be generated for auditability, including references and processing metadata.

Guest vs Signed-In Behavior

  • Guest mode: Intended for immediate trial access with limited quotas and reduced persistence.
  • Signed-in mode: Enables account-linked history, broader feature access, and account-scoped governance/evidence behavior depending on your plan and settings.
  • Environment differences: Some authentication and control features may be unavailable on localhost or development surfaces.

Model and Provider Processing

QiXChat can route requests to configured model providers based on runtime policy and deployment settings. When provider-backed inference is used, relevant request content may be processed by those providers under their own terms and privacy policies.

Information We Collect

Information You Provide Directly

  • Newsletter Subscription: Email address when you subscribe to our newsletter
  • Contact: If you email us, we receive your email address and message
  • IOA Cloud Account: Email address and authentication credentials when you create an account (managed via Clerk)

Information We Collect Automatically

We do not use cookies or analytics by default. If analytics are added in the future, they will be opt-in. See our Cookies Policy.

Information from Third Parties

  • Clerk (Authentication): We use Clerk for account authentication. Clerk processes your email address and authentication tokens. See Clerk's Privacy Policy.
  • GitHub: If you authenticate via GitHub, we may receive your GitHub profile information
  • Analytics Providers: Aggregated usage statistics and performance metrics

How We Use Your Information

We use the information we collect to:

  • Provide Services: Deliver and maintain our AI governance platform
  • Communication: Respond to inquiries, send newsletters, and provide support
  • Improvement: Analyze usage patterns to improve our services
  • Security: Protect against fraud, abuse, and security threats
  • Legal Compliance: Comply with applicable laws and regulations

Legal Basis for Processing (GDPR)

If you are in the European Union, we process your personal data based on:

  • Consent: When you subscribe to our newsletter or provide explicit consent
  • Legitimate Interest: For service improvement, security, and analytics
  • Contract Performance: To provide services you have requested
  • Legal Obligation: To comply with applicable laws

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

Service Providers

  • Cloud hosting providers (AWS, Cloudflare)
  • Analytics services (Google Analytics)
  • Email service providers
  • Customer support platforms

Legal Requirements

  • When required by law or legal process
  • To protect our rights and property
  • To prevent fraud or abuse
  • In case of emergency to protect user safety

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Limited access to personal information
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Privacy and security awareness training

Data Retention

We retain newsletter emails for up to 12 months. You may opt out at any time by emailing help@orchintel.com.

Your Rights

Depending on your location, you may have the following rights:

General Rights

  • Access: Request copies of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service

GDPR Rights (EU Residents)

  • Right to be Forgotten: Request deletion of personal data
  • Data Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing

CCPA Rights (California Residents)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information
  • Non-Discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise your rights or opt out of communications, contact us at help@orchintel.com. We will respond within 30 days.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Certification Schemes: Privacy Shield or similar frameworks

Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notification to registered users
  • Updating the "Last updated" date

Contact Information

If you have questions about this Privacy Policy, please contact us:

Data Protection Officer (GDPR)

For EU residents, our Data Protection Officer can be reached at:

  • Email: help@orchintel.com
  • Subject Line: "Data Protection Officer - GDPR Inquiry"