The short version: we don’t want your data.

What we don’t do

This is the load-bearing list. Every item is grounded in the actual code — you can read our source.

The desktop app

The QuipShot app is built to collect nothing. It doesn’t phone home with usage data, feature counts, or crash reports. Its only network activity is the sign-in, subscription check, and update check described below, and none of it carries anything about how you use the app or what you capture.

Specifically:

• No telemetry or analytics. The app does not report usage, feature taps, crashes, or anything else to us or to a third party.
• Your screenshots stay local. Captures are written to your disk, copied to your clipboard, and held in a temp file for the editor. None of it is uploaded anywhere.
• Grab-text runs on-device. Recognising text off the screen happens entirely on your machine, in over a hundred languages. Language packs are fetched from a content-delivery network the first time you use a language; the download contains no data about you, and no screen content is ever sent anywhere.
• Settings stay local. Preferences live in a JSON file under %APPDATA%\QuipShot\ on your computer.

The app does make network calls in exactly three cases, all initiated by you or by the update system: (1) when you sign in to your account, (2) when it checks for updates (see belowfor what that reveals), and (3) when it activates or verifies your subscription. That’s the entire outbound surface.

This website

• No advertising trackers, no third-party analytics cookies, no fingerprinting.
• Error diagnostics (Sentry). When something on the site breaks, we use Sentry to capture a technical error report — the stack trace and which page it happened on — so we can fix it. We configure it to scrub personal data: no IP addresses, no form contents, and no session recording or replay. It’s used only to diagnose bugs, never to track you.
• Standard server request logs (IP, user-agent, timestamp, path) are retained briefly by our hosting and edge providers for security and reliability.
• If you enter your email into a “notify me at launch” form, we store it only to send you the launch announcement, and you can ask us to delete it at any time.

Accounts & subscriptions

Using the QuipShot app requires an account with an active subscription — the account system exists only to manage your subscription, activate the desktop app, and bill you. This section covers what we store when you sign up.

What we store when you sign up

• Your email address. Used to sign you in, send you transactional email (verification, password reset, billing receipts, security notices), and contact you about the service.
• A hashed password if you sign up with email + password (bcrypt; we never see your plaintext password).
• Your name, if you provide one, for Stripe receipts and display in your account dashboard.
• Session records (an opaque session token, IP address, browser user-agent, timestamps) so you can stay signed in and so we can show you your active sessions and let you sign devices out.
• Subscription state mirrored from Stripe: your Stripe customer and subscription IDs, current status, current billing period end, and whether cancellation is pending.

Payments

All payment processing is handled by Stripe, Inc.Your card number, CVV, and billing address are entered directly on Stripe-hosted pages — QuipShot never sees or stores card data, and we are not in PCI scope. We receive only the Stripe-generated identifiers and subscription state. Stripe’s handling of your payment information is governed by its own privacy policy.

Email we send

Two distinct categories:

• Transactional / service emails (verification, password reset, change-of-email confirmation, billing receipts, subscription-status changes, security notices). These are part of operating your account; you can’t unsubscribe from them while your account is open. Closing your account stops them.
• Launch and product-update emails, sent only if you joined our launch list or otherwise explicitly opted in. Every such email contains a one-click unsubscribe link and our postal address. We do not share this list with third parties.

We don’t track email opens or clicks. There are no tracking pixels, redirect URLs, or third-party fonts/images in our emails.

Activating a device

When you sign the QuipShot desktop app into your account, the app generates a one-way hashed device identifier from stable Windows hardware values (a machine GUID and the OS-disk serial number). We deliberately do not use your MAC address. We store this hashed identifier alongside a name you give the device, its operating system, and timestamps for when it activated and when we last heard from it.

• Purpose: to enforce the 3-device cap that’s part of your subscription, to display your signed-in devices on /account so you can sign any of them out, and to detect lost or stolen-device misuse.
• Legal basis (GDPR): performance of the contract for the QuipShot service (Art. 6(1)(b)), with our legitimate interest in fraud prevention as a secondary basis (Art. 6(1)(f)).
• Retention: as long as the device is bound to your account. Deleted automatically when you deactivate the device, when your account is deleted, or after 30 days of inactivity.
• Not used for tracking outside of seat enforcement.

The sign-in tokens that the desktop app holds are stored as hashes in our database (SHA-256, base64url). A database compromise does not yield usable session tokens; an attacker would need the original token value, which we never store and never log.

The app also checks for updates every ~24 hours. The update check transmits your IP address (necessary for any internet connection), your current app version, and a short-lived signed entitlement token that identifies your subscription and the device making the request (so we serve only updates you’re entitled to and can block updates for revoked accounts). Update logs are retained for reliability monitoring and are not used to build a profile of you.

Cookies & local storage

QuipShot uses a single category of cookie: strictly necessary first-party session cookies. We don’t use any analytics, advertising, or cross-site tracking cookies.

All four are first-party, HttpOnly, Secure, and scoped to our origin. They are set only after you sign in. Because they’re strictly necessary to deliver a service you’ve explicitly requested (signed-in functionality), no cookie consent banner is required under the EU ePrivacy Directive or UK PECR. If we ever introduce a non-essential cookie, we’ll update this page and add a consent banner before any such cookie is set.

Global Privacy Control (GPC).We don’t “sell” or “share” personal information as those terms are defined under the California CPRA, so there’s nothing for a GPC signal to opt you out of. If that ever changes, we’ll honor a valid GPC signal as a request to opt out.

Who else touches your data

A handful of service providers process personal data on our behalf, under written data-processing agreements. This is the complete list:

New sub-processors.Before adding a sub-processor that materially affects your data, we’ll update this list and post a notice on this page at least 30 days in advance, except for emergency replacements (e.g. a provider outage), which we’ll disclose as soon as practicable.

How long we keep things

• Your account (name, email, password hash): until you delete your account.
• Sessions and IP/UA attached to them: up to 7 days idle; deleted on sign-out or password reset.
• Subscription cache: until you delete your account. Stripe retains its own records under its retention policy.
• License and bound-device records: until you deactivate the device or close your account; inactive devices may be reclaimed after 30 days.
• Sign-in tokens for the desktop app: access tokens 10 minutes; refresh tokens 30 days. Both are stored hashed.
• Launch-list email: until you unsubscribe or the launch announcement has been sent (we delete entries 30–90 days after their notifiedAt timestamp).
• Server request logs and rate-limit counters: rolling 7-day window for rate-limit data; provider-default retention for edge/access logs (typically ≤ 30 days).
• Billing and tax records: up to 7 years to meet US tax, accounting, and audit obligations. We retain only what the law requires (date, amount, tax, your billing name and address as supplied to Stripe). This is the one exception that survives account deletion.
• System backups: residual copies of deleted data may persist in backups for up to 30 days, after which the backup rotates out.

How we protect it

We take technical and organisational measures appropriate to the data we hold. These include encryption in transit (TLS for all traffic), encryption at rest at the database layer, password hashing (bcrypt), hashed storage of sign-in tokens, hardware-bound license activation, principle-of-least-privilege access controls, and ongoing dependency updates. We don’t claim certifications we haven’t earned.

If a security incident affects your personal data, we’ll notify you and any required regulator in accordance with applicable law — including the EU’s 72-hour notification requirement to a supervisory authority, where applicable.

Your choices

You can:

• Access your account data from /account.
• Change your email from /account — we send a confirmation link to your current address so a stolen session can’t silently move your account.
• Sign devices out individually or all at once from /account.
• Cancel your subscription at any time from /account; the Stripe-hosted Customer Portal handles it.
• Delete your account from /account. This permanently removes your user profile, sessions, license, all bound devices, and OAuth tokens (subject to the legal-retention carve-outs in the retention section above).
• Export or delete anything else we hold, or ask us any question about your data, by emailing [email protected]. We acknowledge within 7 days and respond substantively within 30 days (extending by up to two further months for unusually complex requests, in which case we’ll tell you within the first 30 days).

If you’re in the EU, EEA, or UK

Under the EU General Data Protection Regulation and the UK GDPR, you have rights to access, rectify, port, erase, restrict, and object to our processing of your personal data, and to withdraw consent at any time (without affecting the lawfulness of processing before the withdrawal). You also have the right to lodge a complaint with your local supervisory authority.

Lawful bases we rely on: performance of the contract for the QuipShot service (your account, subscription, license, device binding); our legitimate interests in operating, securing, and improving the service (server logs, rate limits, fraud detection, anti-abuse); your consent (the launch-list email and any other marketing we may send); and compliance with legal obligations (tax-record retention).

Automated decision-making. We do not make solely automated decisions about you that produce legal or similarly significant effects.

International transfers and data residency. QuipShot is operated from the United States. Application data and personal information are stored in the United States on Amazon Web Services (region: US East — N. Virginia, us-east-1). Stripe processes payments globally, and Cloudflare serves our edge from its global network. When your personal data is transferred outside the EEA or the UK, we rely on the EU-US Data Privacy Framework where our sub-processors are certified, on the EU Standard Contractual Clauses where they are not, and on the UK and Swiss extensions to those mechanisms as applicable. (We are in the process of self-certifying to the EU-US Data Privacy Framework; in the interim, transfers rely on Standard Contractual Clauses.)

EU and UK representative. An Article 27 representative will be named here before we accept EU or UK customers; until then, please contact us directly at [email protected].

If you’re in California

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have the right to know what personal information we collect, to delete personal information we hold about them, to correct inaccurate personal information, to opt out of the “sale” or “sharing” of personal information, and to non-discrimination for exercising these rights.

• Categories of personal information we collect, in CCPA terms: Identifiers (email, IP, session identifiers); Commercial information (subscription status, billing history); Internet activity (server request logs). We do not collect Sensitive Personal Information as defined in §1798.140(ae), so the right to limit use of SPI does not apply.
• Sources: directly from you (when you sign up, sign in, or interact with the site).
• Purposes: as described elsewhere in this policy — operate your account, bill you, deliver the service, secure the service, send transactional email.
• We do not sell or share personal information, as those terms are defined under the CCPA/CPRA, and we do not engage in cross-context behavioral advertising.
• Recipients: the sub-processors listed in the “Who else touches your data” section above. We do not provide personal information to third parties for their own marketing purposes.
• Retention: as described in the “How long we keep things” section above.

To exercise any of these rights, email [email protected]. We may need to verify your identity before responding. You can also designate an authorized agent to submit requests on your behalf; we may verify the agent’s authority and your identity. We do not discriminate against anyone who exercises a privacy right.

Children

QuipShot is not directed to children. You must be at least 16 years old to create a QuipShot account or pay for a subscription. If your country sets a higher age of digital consent or contractual capacity, that higher age applies to you. Because the QuipShot desktop app requires an account to use, this age requirement applies to all use of QuipShot. If we learn that we have collected personal information from someone under 16, we will delete it.

Contact

QuipShot is operated by OTHEXCORP, a Florida corporation. For any privacy question, to exercise a data-protection right, or for any other reason, email [email protected].

Postal address:
OTHEXCORP
5645 Coral Ridge Drive, Suite 137
Coral Springs, FL 33076
United States

Changes to this policy

We’ll update this page when things change and adjust the “effective” date at the top. For material changes(anything that meaningfully affects your rights), we’ll notify account holders by email at least 30 days before the change takes effect, post a prominent notice on this page, and add a row to the revision history below.

Revision history