Legal

Privacy Policy

Last updated: January 2025

Quillwell LLC ("Quillwell", "we", "us", "our") is a go to market consultancy and product studio that builds software agents for managing paid media and related GTM workflows. This Privacy Policy explains how we collect, use, and protect personal data when you visit our website, contact us, or use our products and services.

If you have any questions about this Privacy Policy, you can contact us at:

Email: privacy@quillwell.com

Address: Quillwell LLC, 553 E Grant Hwy, Marengo, IL 60152

This Privacy Policy is not intended to provide legal, financial, or regulatory advice. It is a description of how we handle data in the normal course of business.

1. Scope

This Privacy Policy applies to:

  • Visitors to quillwell.com
  • People who contact us, subscribe to updates, or book time with us
  • Customers and users of our software products and Labs offerings, including any paid media agents or GTM systems we provide

In some engagements we act as a processor or service provider to our customers. In those cases, the customer's own privacy notice applies to their end users and our obligations are also governed by the contract we sign with that customer.

2. Data we collect

We collect three broad categories of data.

2.1 Website and usage data

When you visit our site, we may automatically collect:

  • Basic technical information from your browser or device, such as IP address, browser type, operating system, and device identifiers
  • Usage data, such as pages visited, referral URLs, timestamps, and interactions with site elements
  • Cookie or similar identifiers, where we use analytics or performance tools

We may also collect any information you provide through website forms, for example:

  • Name
  • Work email
  • Company name
  • Role or job title
  • Areas of interest
  • Any free form message you enter

2.2 Prospect and client data

When you interact with us as a prospect or client, we may collect:

  • Contact details, such as name, business email, job title, and company
  • Commercial information, such as areas of interest, project details, budgets, and timelines
  • Communications, such as emails, call notes, and meeting records related to sales or delivery of services

2.3 Connected platform and product data

If you work with us on paid media or use our software products, we may process data from platforms that you choose to connect to our systems, such as advertising, analytics, or CRM platforms.

Depending on the integrations you configure, this can include:

  • Account and campaign identifiers
  • Campaign, ad group, and creative configuration
  • Performance metrics such as impressions, clicks, spend, conversions, and revenue
  • Audience, keyword, and targeting configuration as permitted by each platform
  • Configuration data for rules, guardrails, and optimization settings in our products

We obtain this data through the official interfaces and permissions provided by the platforms you connect, such as APIs, exports, or native integrations. We do not use scraping or automated browsing to collect data from LinkedIn or from any other platform in ways that are inconsistent with that platform's terms or user controls.

We do not intentionally collect highly sensitive categories of data such as government identification numbers, payment card numbers, or health information through these integrations.

2.4 Use of advertising and social platform data

When you connect advertising or social platforms to our services, we use the data we receive only to provide the functionality you have requested. In practice, this means we use your advertising and social platform data to:

  • Read account, campaign, ad group, and ad configuration and performance metrics
  • Calculate derived metrics, diagnostics, and recommendations
  • Propose or apply changes to campaigns, budgets, bids, and other settings according to the rules and guardrails you define

We do not:

  • Use advertising or social platform data obtained through these integrations to build separate audience lists for resale or to create standalone data products
  • Use your connected accounts to target users outside of your own campaigns and accounts
  • Attempt to re-identify individuals from aggregated metrics

2.5 Other data sources and web content

In some cases we may process information from other sources to help deliver or improve our services. These sources can include:

  • Publicly available websites and documentation
  • Content that you or your organization provide to us directly, such as playbooks, FAQs, internal docs, or knowledge bases
  • Third party tools or data sources that you explicitly authorize us to use

Where we collect information from public websites, we do so in ways that are intended to be consistent with applicable laws and with the terms, robots rules, and technical controls of those sites. We do not use automated tools to access or collect data from LinkedIn or similar closed platforms in ways that violate their rules.

2.6 Access, authorization, and revocation

Access to your third party accounts is always based on your explicit authorization, typically through an OAuth or similar connection flow provided by the platform or through credentials you supply. We do not gain access to your accounts without an authorization step that you or your organization completes.

You can revoke our access at any time by disconnecting the integration within our product or directly within the relevant platform. Once access is revoked, our systems will no longer be able to read from or write to that account.

We periodically review connected integrations and may disable stale or unused connections as a security measure.

3. How we use your data

We use the data described above for the following purposes:

  • To operate, maintain, and improve our website and understand which content is useful
  • To respond to inquiries, schedule conversations, and manage sales and consulting relationships
  • To provide and operate our products and services, including:
    • Connecting to the platforms you choose to integrate
    • Reading performance data to power dashboards, analyses, and agents
    • Making or recommending changes to campaigns, bids, budgets, and creatives according to your configuration
  • To monitor and secure our systems, prevent abuse, troubleshoot issues, and perform debugging and diagnostics
  • To comply with legal, regulatory, and contractual obligations

We do not sell your personal data or your advertising and analytics data to third parties.

If you are located in a region where data protection laws apply, such as the European Economic Area or the United Kingdom, our legal bases for processing may include performance of a contract, our legitimate interests in operating and improving our services, and your consent where required.

Use of data for models and automation

Our products use automation and machine learning to analyze performance and generate recommendations. We may use your configuration and performance data inside your environment to tune models and rules that operate on your accounts.

We do not use your advertising or analytics data to train models that are then shared in a way that would expose your strategies or performance to unrelated customers. Any analysis we perform across customers is used only to improve our services and is handled in a way that does not allow other customers to identify you, your users, or your individual campaigns.

We do not use your connected platform data to train public models or models operated by third parties for their own purposes.

4. Where and how we store and process data

Our application and data are hosted on a small number of reputable cloud infrastructure providers. We design our system so that production data stays within this stack and is not copied to arbitrary third party services.

In broad terms:

  • Application code and background jobs run in a managed runtime environment in the cloud
  • Application data such as customer accounts, configuration, and integration data is stored in a managed relational database service
  • The application frontend and APIs are served by a managed hosting and content delivery platform
  • Supporting services such as logging, error tracking, and monitoring may process limited technical data for operational purposes

These cloud providers maintain their own security programs and undergo independent audits such as SOC 2 and ISO 27001 or similar frameworks. Quillwell itself has not yet completed a SOC 2 audit. We rely on the security controls of our providers at the infrastructure level, and we are responsible for the security of our application code, access controls, and data handling within that environment.

Production access is limited to Quillwell personnel and contractors who need it to perform their work and are bound by confidentiality obligations.

5. Data sharing and third parties

We share personal data only with third parties in the following categories and for the purposes described:

Cloud infrastructure and hosting providers
To host the website, application, APIs, and databases, and to deliver content securely over the internet.

Service providers
To help us operate our business, which may include:

  • Customer relationship management
  • Email and calendar tools
  • Logging, monitoring, and error tracking
  • Analytics and performance measurement

Professional advisors, auditors, or regulators
When reasonably necessary for legal, tax, compliance, or audit purposes.

Other third parties when required
When we are required to do so by law, court order, or legal process, or when you explicitly ask us to share information on your behalf.

We require our service providers to use the data they receive from us only to provide services to us and to protect it in a manner consistent with this Privacy Policy and applicable law.

We do not disclose your advertising performance data or configuration data to other customers, and we do not sell this data to data brokers.

Compliance with platform terms and policies

When we integrate with third party platforms, including advertising and social platforms, we do so using their official tools and interfaces and in accordance with their applicable terms, policies, and developer documentation.

We do not use automated means to access data or functionality that we are not permitted to access, and we do not attempt to bypass technical controls, rate limits, or consent mechanisms put in place by these platforms.

If a platform or account owner revokes our access, our systems stop accessing that account and we remove or anonymize related data from our systems within a reasonable period, subject to any legal or contractual retention requirements.

6. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy or as required by law. In general:

  • Website and usage data is retained for a limited period to understand trends and maintain the site
  • Prospect and client data is retained while we have an active relationship and for a reasonable period afterward for record keeping, legal, and accounting purposes
  • Platform and product data is retained while you are an active customer of the relevant product, and for a limited period after termination, subject to contractual and legal obligations

We may retain certain data for longer periods if necessary to comply with legal obligations, resolve disputes, or enforce our agreements. When data is no longer needed, we take steps to delete or anonymize it.

You can request deletion of your data earlier, subject to our legal obligations and technical feasibility.

7. Security

We take reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures include:

  • Using reputable cloud providers with independent security audits and certifications at the infrastructure level
  • Enforcing authentication and access controls for internal systems and production environments
  • Encrypting data in transit using HTTPS and TLS
  • Limiting access to production data to individuals with a business need
  • Monitoring for unusual activity and responding to incidents

No method of transmission or storage can be guaranteed to be perfectly secure, but we work to reduce risk and improve our practices over time.

If we become aware of a security incident that materially affects your personal data or connected platform data, we will investigate and, where required by law or contract, notify you without undue delay along with information about steps we are taking to mitigate the impact and prevent recurrence.

8. Your rights and choices

Depending on your location, you may have certain rights regarding your personal data, which can include:

  • The right to request access to the personal data we hold about you
  • The right to request correction of inaccurate or incomplete data
  • The right to request deletion of your personal data in certain circumstances
  • The right to object to or restrict certain types of processing
  • The right to request a copy of your data in a portable format

To exercise these rights, contact us at privacy@quillwell.com. We may need to verify your identity before fulfilling your request. Some rights may be limited where we have a legal obligation or compelling legitimate interest to retain certain data.

If you receive marketing emails from us, you can unsubscribe at any time by using the unsubscribe link in the email or by contacting us.

9. International transfers

Our infrastructure providers may process data in countries that are different from the country where you are located. These countries may have data protection laws that are different from those in your jurisdiction.

Where required, we use appropriate safeguards to protect cross border transfers of personal data, such as standard contractual clauses or equivalent mechanisms, and we work with providers that commit to protecting data that they process on our behalf.

10. Children

Our website, products, and services are not directed to children under 16 years of age, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action to delete that information.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the "Last updated" date at the top of this page. In some cases we may provide additional notice, such as by email or by posting a notice on our site.

12. How to contact us

If you have questions or concerns about this Privacy Policy or our data practices, you can contact us at:

Email: privacy@quillwell.com

Postal mail: Quillwell LLC, 553 E Grant Hwy, Marengo, IL 60152