Effective Date: January 11, 2025 | Last Updated: January 11, 2025

1. Introduction

Welcome to Quirel ("we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application generation platform and related services (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

By using Quirel, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use the Service.

2. Company Information

3. Information We Collect

3.1 Information You Provide to Us

• Account Information: Email address, username, and password when you create an account
• Profile Information: Name, profile picture, and other optional profile details
• Content Data: Application specifications, prompts, code, and other content you create or upload
• Communication Data: Messages, feedback, and support requests you send to us
• Payment Information: Billing details and transaction history (processed securely through third-party payment processors)

3.2 Information We Collect Automatically

• Usage Data: Features used, actions taken, time spent, and interaction patterns
• Device Information: Browser type, operating system, device type, and unique device identifiers
• Log Data: IP address, access times, pages viewed, and referring URLs
• Analytics Data: Performance metrics, error reports, and usage statistics
• Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies

3.3 Information from Third Parties

• Authentication Providers: Profile information from Google OAuth or other authentication services you use to sign in
• Payment Processors: Transaction confirmations and payment status from Stripe or other payment providers

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To operate, maintain, and improve our application generation platform
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Content Generation: To process your requests and generate applications based on your specifications
• Communication: To send service updates, security alerts, and respond to your inquiries
• Personalization: To customize your experience and provide relevant features and recommendations
• Analytics: To understand usage patterns, improve our services, and develop new features
• Security: To detect, prevent, and address technical issues and protect against fraud
• Legal Compliance: To comply with legal obligations and enforce our terms of service
• Marketing: With your consent, to send promotional communications about new features and updates

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following situations:

5.1 Service Providers

We share data with third-party service providers who assist us in operating our platform:

• Supabase: Database and authentication services
• Anthropic/OpenAI: AI model providers for code generation (content is processed but not stored by these providers)
• Cloud Infrastructure: Hosting and storage providers
• Analytics Services: To help us understand usage patterns

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, including:

• Court orders or legal processes
• Protecting our rights, property, or safety
• Preventing fraud or security issues

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption
• Access Controls: Strict access controls and authentication mechanisms
• Regular Security Audits: Periodic reviews of our security practices
• Secure Development: Following secure coding practices and regular security updates
• Incident Response: Procedures to detect, respond to, and recover from security incidents

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Generated Content: Retained while your account is active unless you delete it
• Usage Analytics: Aggregated and anonymized after 24 months
• Legal Records: Retained as required by applicable law (typically 3-7 years)

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 GDPR Rights (European Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw previously given consent

8.2 CCPA Rights (California Users)

• Know: Right to know what personal information we collect, use, and share
• Delete: Right to request deletion of your personal information
• Opt-Out: Right to opt-out of the sale of personal information (we do not sell personal data)
• Non-Discrimination: Right not to receive discriminatory treatment

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

9.1 Types of Cookies We Use

• Essential Cookies: Required for the platform to function properly (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our service
• Performance Cookies: Monitor and improve platform performance

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

10. Third-Party Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Key Third-Party Services:

• Google OAuth: For authentication - Google Privacy Policy
• Supabase: For database and authentication - Supabase Privacy Policy
• Anthropic Claude: For AI code generation - Anthropic Privacy Policy

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring recipients are in countries with adequate data protection laws
• Implementing appropriate security measures during transfer

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

For complaints, you also have the right to contact your local data protection authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).