Privacy Policy

Last updated: July 17, 2026

Who we are

Quick-Work is an operations suite — a family of products that share one account, organization, and security model, including contract lifecycle management and asset & inventory management, with more on the way. This policy explains what data the service collects, why, and how it is protected across the suite.

What we collect

  • Account data — your name, email address, and an optional age. No other personal profile information is requested.
  • Organization content — the contract and asset records you and your organization create (supplier names, dates, values, contacts, and links to documents you host elsewhere). We store metadata and links only; we do not store your signed contract documents.
  • Operational data — authentication sessions, in-app notifications, and standard server logs (including IP address) used to run, secure, and troubleshoot the service.

How we use it

We use your data to provide the service: managing your organization’s contracts and assets, sending the reminders and notifications the product exists to deliver, billing per seat where applicable, and keeping the service secure and reliable. We do not sell your data.

How we protect it — encryption & isolation

Your data is encrypted and walled off to your organization. Your records are locked with an encryption key that belongs to your organization alone and is never shared with another customer, so a stolen copy of our database is unreadable — the data and the keys to it are kept apart.

  • Encrypted in transit and at rest. All traffic uses TLS, and all stored data — including backups — is encrypted on disk.
  • Per-organization field encryption. Your most sensitive fields — supplier and owner contacts, contract values, and document links — are encrypted inside the application, before they ever reach the database, using a key unique to your organization. That key is itself protected by a hardware-backed key management service and never stored in usable form alongside your data.
  • Tamper-evident and tenant-bound. Encryption uses AES-256-GCM, which detects any tampering, and each value is cryptographically tied to your organization — it cannot be read in the context of any other customer’s account.
  • Only your people, only their scope. Data is decrypted solely to answer an authenticated request from a member of your organization, and access is further limited by role (owner, admin, member, viewer) and by team/group — so people see only what they’re entitled to.

To make search, reminders, and dashboards work, our application decrypts your data in order to serve your requests; this is not end-to-end encryption. What it guarantees is that your stored data is unreadable to anyone who obtains the database or a backup, and that it stays isolated to your organization.

Cloudflare Turnstile (bot protection)

To protect sign-in, sign-up, and password-reset from automated abuse, we use Cloudflare Turnstile in its invisible mode. It runs silently in your browser with no checkbox or visible challenge, and issues a token that our servers verify. To do this, Cloudflare may collect information about the request and your device/browser and set a token; this processing is described in Cloudflare’s documentation.

Cloudflare’s handling of this data is governed by the Cloudflare Turnstile Privacy Addendum and the Cloudflare Privacy Policy. We reference the Turnstile Privacy Addendum here as a condition of using invisible mode.

Third parties

Besides Cloudflare (bot protection), the service relies on infrastructure and processors that support its operation — cloud hosting (AWS), transactional email, and, where billing is enabled, our payments provider (Stripe). Each processes data only to provide its function.

Retention & deletion

We keep your data for as long as your account and organization are active. When an organization is deleted, its per-organization encryption key is destroyed with it, rendering that organization’s encrypted fields permanently unreadable — including in historical backups.

Contact

Questions about this policy or your data can be directed to your organization’s administrator or the Quick-Work team.

← Back to Quick-Work