Security & data protection

We never link your bank

Quell has no bank-linking or open-banking integration. We never ask for, receive, or store your banking credentials. You enter or upload what you choose, in coarse terms — which means there is far less sensitive data to protect in the first place.

Encryption

• In transit: all traffic is encrypted with TLS.
• At rest: your data is encrypted in our database.
• Field-level: the most sensitive fields (such as coarse health and immigration inputs) receive an additional layer of application-level encryption.
• Uploads: any document you upload is stored encrypted, processed to extract figures, and can be deleted by you.

Crypto wallets are read-only

If you add a public wallet address, Quell performs a read-only balance lookup. We never request, hold, or control your keys or funds, and we cannot move your assets.

Access & secrets

We follow least-privilege access for the small team that operates the Service, and we avoid writing sensitive personal content to logs. Third-party credentials and API keys live only on our servers — never in your browser. AI and data providers are bound by contract, and our AI provider is restricted from using your content to train its models.

Payments

Card payments are handled by our PCI-compliant payment processor (Stripe). We never see or store full card numbers.

Your controls

• Export: download everything we hold about you, on demand.
• Delete: permanently delete your account and data at any time.
• Edit: change your inputs whenever your life changes, and re-run.

Honest caveat

No system is perfectly secure, and we will never claim otherwise. We work to protect your data with strong, layered measures and to minimize what we collect. If you have a security concern or believe you’ve found a vulnerability, please contact us at security@quell.ing — we appreciate responsible disclosure.