Privacy policy

1. Introduction

Quickfix AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and services ("Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies, please do not use the Service.

2. Information we collect

2.1 Account information

When you create an account, we collect:

• Name
• Email address
• Password (encrypted and hashed)
• Account creation date
• Subscription plan information

2.2 Usage data

We collect basic usage statistics to improve our Service:

• Number of AI requests made
• Timestamp of requests
• Browser type and version
• Extension version
• Error logs and diagnostics

2.3 Payment information

Payment processing is handled by Stripe, our secure payment provider. We do not store your credit card information. Stripe may collect:

• Billing name and address
• Payment method details
• Transaction history

2.4 What we don't collect

We prioritize your privacy and do NOT collect or store:

• Content of your conversations or the text you're replying to
• AI-generated responses after they're delivered
• Browsing history or website visit data
• Personal messages or communication content
• Any data from websites you visit

3. How we use your information

We use the collected information for the following purposes:

• To provide and maintain the Service
• To process your subscription and payments
• To enforce usage limits based on your plan
• To send important service notifications
• To provide customer support
• To detect and prevent fraud or abuse
• To improve and optimize the Service
• To comply with legal obligations

We will never sell, rent, or share your personal information with third parties for marketing purposes.

4. Data processing and storage

4.1 Real-time processing

When you use our Service, your input text is sent to our servers and processed in real-time by AI models. The AI-generated response is immediately returned to you and then deleted from our systems. We do not retain copies of your conversations or AI-generated content.

4.2 Data security

We implement industry-standard security measures to protect your data:

• End-to-end encryption for all data in transit (TLS/SSL)
• Encrypted storage for sensitive data at rest
• JWT-based authentication with 7-day token lifetime
• Regular security audits and penetration testing
• Secure, isolated infrastructure

4.3 Data retention

We retain your account information for as long as your account is active or as needed to provide the Service. You may request deletion of your account at any time.

• Account data: Retained until account deletion
• Usage statistics: Retained for 12 months
• Payment records: Retained for 7 years (legal requirement)
• Conversation content: Not stored (deleted immediately after processing)

5. Third-party services

We use trusted third-party services to operate our business:

5.1 Payment processing

Stripe: Handles all payment processing and billing. Stripe has its own privacy policy and security practices.

5.2 AI services

We use AI service providers to generate responses. Your input text is sent to these providers for processing. These providers have committed to not using customer data for training their models.

5.3 Infrastructure

Our Service is hosted on secure cloud infrastructure providers that comply with industry security standards.

6. Error monitoring and performance tracking

We use Sentry, a third-party error monitoring service, to help us identify and fix bugs quickly. When an error occurs in our application, Sentry may collect:

• Technical information: Browser type and version, device information, operating system
• Error details: Error messages, stack traces, and the page where the error occurred
• User context: Your email address and subscription tier (to help us prioritize fixes)
• Performance metrics: API response times and page load speeds (10% sample rate)

What we DON'T collect in error reports:

• Passwords or authentication tokens
• Private message content
• Payment information
• API keys or secrets

Error data is retained for 30 days and is used solely for debugging and improving our service. For more information about how Sentry processes data, see Sentry's Privacy Policy.

7. Cookies and tracking

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and Service functionality
• Analytics: Basic usage analytics to improve the Service (anonymized)

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

8. Your privacy rights

You have the following rights regarding your personal data:

8.1 Access and portability

You can request a copy of your personal data at any time.

8.2 Correction

You can update your account information through your account settings or by contacting us.

8.3 Deletion

You can request deletion of your account and associated data at any time. We will delete your data within 30 days of your request, except where we're required by law to retain certain information.

8.4 Withdraw consent

You can withdraw consent for optional data collection at any time.

9. GDPR compliance (EU users)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise these rights, please contact us at help.quickfix.ai.

For business customers, please refer to our Data Processing Agreement for detailed information about our data processing practices and GDPR compliance measures.

10. CCPA compliance (California users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to deletion of personal information
• Right to non-discrimination for exercising your rights

We do not sell your personal information to third parties.

11. Children's privacy

Our Service is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

12. International data transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

For EU users, we comply with GDPR requirements for international data transfers through appropriate mechanisms such as Standard Contractual Clauses.

13. Data breach notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by law. We will provide information about the breach and steps we're taking to address it.

14. Changes to this privacy policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

15. Contact us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please visit our help center.