What we keep, what we don't, and why.

Who we are

Quippy App, Inc. ("Quippy", "we", "us") operates the Quippy mobile app, the website at quippyapp.com, and related features (together, the "Service"). This policy explains what data we collect when you use the Service, what we do with it, and the choices you have. It is part of our terms of service.

What we collect

We collect only what we need to run the Service:

Information you give us. Your email address when you join the waitlist or create an account, account details like display name and authentication tokens, the scenarios you run, the lines you write or speak during practice, the feedback Quippy returns to you, and any messages you send us when you contact support.

Voice input (when you use it). If you practice with your voice, we send the audio to a speech-to-text provider so we can turn it into a transcript. The transcript becomes part of the session record; the raw audio is not stored long-term unless we tell you otherwise.

Device and usage data. Device type, operating system version, app version, language, time zone, IP address, crash reports, and basic events describing how you move through the app (for example, "started a session", "completed a session"). This helps us keep the app working and improve flows that are confusing.

Website analytics and waitlist data. When you use this website or join the waitlist, we may collect the email address you submit, the page URL, referral source, browser and device details, approximate location from IP address, and interaction events such as opening or submitting the waitlist form.

Purchase data. If you subscribe, the Apple App Store handles payment and shares a receipt with us so we can grant access. We do not receive your full payment card details.

Communications. If you email us or reply to a Quippy email, we keep that correspondence so we can follow up and improve support.

How we use your data

We use what we collect to:

• Run your practice sessions, including generating scene partner responses and feedback after each rep.
• Shape the next set of scenarios Quippy suggests, based on the patterns we notice in your work.
• Keep a private history of your sessions so you can revisit your own progress.
• Authenticate you, sync your data across your devices, and recover your account.
• Process subscriptions and entitlements.
• Send transactional messages (receipts, account notices, security alerts) and, if you opt in, occasional product updates.
• Monitor reliability, debug crashes, and prevent abuse of the Service.
• Comply with legal obligations and enforce our terms.

Language model providers

Quippy's scene partners and feedback are produced with help from third-party language model providers. To generate a response, we send the relevant parts of your session (such as the scenario setup and the recent turns of dialogue) to these providers over an encrypted connection.

We choose providers that contractually agree not to train their general-purpose models on the content we send them. Providers may retain inputs and outputs for a short period for abuse monitoring and trust-and-safety review, then delete them. We do not use your session content to train any model that is shared across users, and we do not share your session content with model providers for any purpose other than generating your own scene partner responses.

What we do not do

We do not sell your personal information. We do not share your transcripts with advertisers, researchers, or other companies for their own purposes. We do not use your conversations to train models that benefit other users or other companies. Quippy is not a social network: you do not follow other users, and other users cannot see your activity or your content.

Legal bases (EEA and UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on these legal bases under the GDPR:

• Contract. To provide the Service you have signed up for, including processing sessions, syncing devices, and managing your subscription.
• Legitimate interests. To secure the Service, prevent abuse, debug issues, and understand how the product is used in aggregate, balanced against your interests.
• Consent. Where we ask for it, for example for optional product marketing emails or for voice input. You can withdraw consent at any time.
• Legal obligation. To meet tax, accounting, and other legal requirements.

Who we share data with

We share data only with service providers that help us run the Service, and only to the extent they need it. The categories of providers we use include:

• Cloud infrastructure and storage (for hosting the Service and storing your data).
• Authentication providers (for sign-in and account recovery).
• Language model providers (for generating scene partner responses and feedback).
• Speech-to-text providers (when you use voice input).
• Email delivery providers (for receipts, account notices, and product updates).
• Analytics and product telemetry providers (for usage events and feature flags).
• Crash and error reporting providers (for diagnosing app problems).
• Payment processors via the Apple App Store (for subscription billing).

Each provider is bound by a contract that requires them to handle your data only to deliver their service to us, and to follow appropriate security practices.

We may also share data when required by law, to enforce our terms, to protect the safety of users or the public, or as part of a corporate transaction such as a merger or acquisition. If the company that operates Quippy changes hands, we will let users know and your data will continue to be protected under a privacy policy at least as protective as this one.

How long we keep things

We keep your data only as long as we need it for the purposes described above:

• Account and session data: for as long as your account is active. When you delete your account, this data is removed from the live Service within thirty days and from backups within ninety days.
• Voice audio: processed in transit and not stored long-term once the transcript is produced, unless you opt in to a feature that requires keeping it.
• Crash logs and analytics events: kept in identifiable form for up to thirteen months, then aggregated or deleted.
• Subscription and billing records: kept as long as legally required for tax and accounting.
• Support correspondence: kept for up to two years so we can reference past requests.

Storage, security, and transfers

Your data is stored with our cloud infrastructure provider and is encrypted in transit (using TLS) and at rest. We follow standard security practices for a small product team: principle-of-least-privilege access, audit logging, secret management, regular dependency updates, and prompt response to reported issues. No system is perfectly secure, so we cannot guarantee absolute security, but we treat your data with the care it deserves and will notify you of a breach affecting your data as required by law.

Quippy is operated from the United States. If you use the Service from another country, your data will be transferred to and processed in the United States and in any other country where our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses for international transfers.

Your rights

Depending on where you live, you may have the right to access the personal data we hold about you, to correct it if it is wrong, to delete it, to receive a portable copy, to object to or restrict certain processing, and to withdraw consent you have given us. You also have the right to lodge a complaint with your local data protection authority.

You can delete your account inside the app, or email hello@quippyapp.com to make any of these requests. We will respond within thirty days, or sooner where the law requires. We may need to verify your identity before acting on a request.

California privacy rights

If you live in California, you have the rights described above under the California Consumer Privacy Act, including the right to know what categories of personal information we collect and disclose, the right to delete personal information, the right to correct inaccurate information, and the right to not be discriminated against for exercising these rights.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined by the CCPA. You can submit requests by emailing hello@quippyapp.com.

Children's privacy

Quippy is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child under 16 has given us their information, please email hello@quippyapp.com and we will delete it.

Marketing and push notifications

We send a small number of optional product update emails. Every marketing email has an unsubscribe link, and opting out does not affect transactional messages like receipts and security alerts.

The Quippy app can send push notifications (for example, daily practice nudges). You control these in the app settings or in your device's notification settings.

Cookies and similar technologies

Our website uses a small set of strictly necessary cookies and local storage to remember preferences and to measure aggregate site usage. We do not use third-party advertising cookies. The Quippy app does not use web cookies but uses device identifiers and local storage to keep you signed in and to sync your data.

Changes to this policy

We may update this policy as the product or the law changes. If an update materially affects how we handle your data, we will let you know inside the app or by email before it takes effect. The "last updated" date at the top of this page always reflects the most recent revision.

Reach us

Questions about anything on this page, or want to exercise a privacy right? Send a note to hello@quippyapp.com and we will reply within a few days.