Privacy Policy

Last updated: March 27, 2025

Quipthread LLC ("Quipthread", "we", "our", or "us") operates the Quipthread cloud comment platform at quipthread.com and app.quipthread.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

We collect information you provide directly and information generated through your use of the service:

• Account information — your name, email address, and profile avatar when you sign up via email or OAuth (GitHub, Google). OAuth providers only share what you authorize; we never see your OAuth password.
• Comment content — comments posted through the Quipthread embed widget on your site or sites you moderate.
• Usage and analytics — comment volume, page-level stats, and activity patterns to power the dashboard analytics feature.
• Billing information — subscription and payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status; raw card numbers never touch our servers.
• Technical data — IP addresses and user-agent strings collected for spam prevention and rate limiting. These are not sold or used for advertising.

2. How We Use Your Information

• To create and manage your account and deliver the service.
• To send transactional emails: email verification, password resets, and comment notification digests. We do not send marketing email without your opt-in.
• To process payments and manage your subscription via Stripe.
• To detect and prevent spam, abuse, and unauthorized access.
• To generate the aggregated analytics shown in your dashboard.

3. No Advertising

We do not use your personal data for advertising purposes. We do not build advertising profiles, engage in behavioral tracking across websites, or share your data with advertising networks, data brokers, or any third party for marketing purposes. The Service is funded entirely by subscription fees.

4. Data Sharing

We do not sell your personal data. We share information only with:

• Stripe — for payment processing. Stripe's privacy policy is at stripe.com/privacy.
• Email delivery provider — to send transactional emails on our behalf. Only your email address and the content of the message are shared.
• Legal requirements — if required by law, court order, or to protect the rights, property, or safety of Quipthread or others.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you by email before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will purge your personal data within 30 days, except where retention is required by law (e.g., billing records).

6. Cookies

We use a single session cookie: an HttpOnly, first-party JWT used to authenticate your dashboard session. We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

7. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or similar laws, including the right to access, correct, or delete your personal data. To exercise any of these rights, email us at legal@quipthread.com. We will respond within 30 days.

8. GDPR Lawful Basis

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

• Performance of a contract — processing your account information and payment details is necessary to provide the Service under our agreement with you.
• Legitimate interests — processing IP addresses and technical data for spam prevention, security, and rate limiting, where these interests are not overridden by your rights.
• Legal obligation — retaining billing records as required by applicable law.
• Consent — sending optional notification emails (comment digests), which you may withdraw at any time from your account settings.

9. International Data Transfers

Quipthread LLC is based in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on standard contractual clauses approved by the European Commission as the legal mechanism for transferring personal data to the United States. You may request a copy of these clauses by contacting us at legal@quipthread.com.

10. Self-Hosted Instances

Quipthread is open-source software available for self-hosting under the AGPL-3.0 license. When you deploy your own instance, you — not Quipthread LLC — are the data controller for your users' information. This Privacy Policy applies only to the cloud service operated by Quipthread LLC.

11. Children's Privacy

The Quipthread service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles.

14. Contact

Questions or requests regarding this Privacy Policy should be directed to:
Quipthread LLC
legal@quipthread.com