QuietSignal

Privacy Policy

Effective May 15, 2026

This Privacy Policy explains how QuietSignal, LLC (“QuietSignal,” “we,” “us”) collects, uses, and shares information when you use our mobile application and website (the “Service”). By using the Service, you agree to the practices described here.

1. Information We Collect

We collect the following categories of information:

  • Account information: email address, display name, password (hashed), and your chosen subscription tier.
  • User Content: filmed clips, voiceovers, AI-generated scripts, captions, edits, watermarks, and published-post metadata.
  • Connected-platform data: when you authorize a publishing connection (Instagram, Facebook, TikTok, YouTube), we store the OAuth tokens and basic account metadata returned by that platform. We do not store your platform passwords.
  • Billing information: Stripe collects and stores your payment details directly; we receive only a customer identifier, the subscription tier, status, and renewal date.
  • Usage data: device type, OS version, app version, anonymized analytics events, and crash reports.
  • Push tokens: if you grant notification permission, we store an Expo push token for your device so we can send you in-app notifications.

2. How We Use Your Information

  • To provide and improve the Service.
  • To process payments and manage your subscription.
  • To generate AI-assisted content (scripts, voiceovers, captions) using your inputs as prompts.
  • To publish your content to platforms you authorize.
  • To send you transactional emails (account, billing, security) and optional product updates.
  • To monitor for abuse, fraud, and policy violations.
  • To comply with legal obligations.

3. Third-Party Services We Share Data With

QuietSignal is built on a stack of third-party services. We share the minimum information needed for each integration to function:

  • Supabase — primary database + authentication + file storage. Stores your account, content, and tokens.
  • Stripe — payment processing and subscription management. Handles all payment data per PCI DSS.
  • Trigger.dev — background-job orchestration. Receives task payloads (e.g. asset id, customer id) to run server-side processing.
  • Anthropic (Claude API) — generates draft scripts from your topic input. Anthropic does not retain prompts to train its models per our enterprise agreement.
  • ElevenLabs — synthesizes voiceovers from your approved scripts (faceless mode).
  • Google Cloud Speech-to-Text — generates timed captions from your filmed clip's audio.
  • Snap Camera Kit — renders on-camera filters during teleprompter recording. Frame data is processed on-device; no video is sent to Snap.
  • Epidemic Sound — music catalog for the in-app editor. We send the selected track id; track audio is mixed into your Reel server-side.
  • Meta, TikTok, YouTube — the publishing platforms. When you authorize a connection, we send your final video and metadata to publish on your behalf.
  • Resend — transactional email delivery (welcome, beta invites, monthly insights digests).
  • Expo Push (Apple APNs / Google FCM) — push-notification delivery.
  • PostHog — product analytics (events: button taps, screen views, conversion funnels). Anonymized to the extent feasible.
  • Sentry — error tracking and crash reports.
  • Nango — manages the OAuth connections to Meta / TikTok / YouTube.

Each third party has its own privacy policy; we encourage you to review them.

4. Data Retention

We retain your account and User Content for as long as your account is active. After you cancel or delete your account, we retain your data for 30 days to support reactivation, then delete or anonymize it. Some data (billing records, security logs) may be retained longer where required by law.

5. Your Rights

Subject to your jurisdiction, you may have the right to access, correct, port, or delete your personal data, and to object to certain processing. To exercise these rights, email privacy@quietsignalapp.com. We respond within 30 days.

California residents: you have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information.

EU/UK residents: under GDPR/UK GDPR, we process your data on the legal bases of contract performance (account, billing), legitimate interest (security, anti-fraud), and consent (marketing emails, push notifications).

6. Security

We use industry-standard safeguards including HTTPS for transport, encryption at rest in the Supabase database, row-level security policies on every customer-data table, and per-customer signed URLs for media downloads. No system is perfectly secure; we will notify affected users without undue delay if a breach occurs.

7. Children

QuietSignal is not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with information, email privacy@quietsignalapp.com and we will delete it.

8. International Transfers

Our infrastructure is hosted in the United States. By using the Service from outside the US, you consent to the transfer of your information to the US, where data-protection laws may differ from those in your country.

9. Changes to This Policy

We may update this Privacy Policy as our practices evolve. Material changes will be announced via email and in-app notice at least 14 days in advance.

10. Contact

Privacy questions: privacy@quietsignalapp.com.
Postal mail: QuietSignal, LLC, c/o the registered agent, Louisiana.