Skip to main content

Privacy policy

Written by Filip Bukovina

QUIPEE — PRIVACY POLICY

Last updated: 22 June 2026

Effective date: 22 June 2026

1. WHO WE ARE

Quipee ("Quipee", "we", "us", or "our") is a social mobile application for iOS. Quipee is operated by Filip Bukovina, an individual established in the European Union (Czech Republic). For the purposes of the EU General Data Protection Regulation (GDPR), Filip Bukovina is the data controller for personal data processed through Quipee.

If you have any questions about this policy or how we handle your data, contact us at [email protected].

This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have. It applies to your use of the Quipee app and related services (the "Service").

2. QUICK SUMMARY

What we collect: Account and profile details, content you create (posts, comments, Quips, messages, live streams), music "now playing" presence (if you connect it), identity-verification status, subscription status, support messages, and technical/usage data.

Why: To run the Service, show your content to the people you intend, keep the community safe, process subscriptions, provide support, and improve the app.

Who we share with: Service providers that power features (Apple, Google Firebase, Mux, Didit, RevenueCat, Intercom, ElevenLabs, Spotify, Hugging Face) and other users (for content you choose to make visible).

Selling data: We do not sell your personal data and do not use it for cross-app advertising tracking.

Your controls: Edit/delete your content, block and report users, manage notifications, disconnect music services, delete your account, and exercise your GDPR/CCPA rights by emailing us.

Age: Quipee is for users 16 and older.

3. PERSONAL DATA WE COLLECT

3.1 Account and profile information

When you create an account and set up your profile, we collect:

• Email address and password — handled by Firebase Authentication. We store your email; passwords are managed and hashed by Firebase and are not visible to us in plain text.

• Username (your unique @handle) and display name.

• Profile photo (optional).

• Bio and bio link (optional).

• Profile customization (theme colors, avatar border, background image/color — available with Quip+).

• Account creation date and verification/badge status.

If you sign in with Sign in with Apple, Apple provides us with an identifier and, if you allow it, your name and a relay or real email address according to your Apple settings.

3.2 Content you create

Quipee is a social product, so most of what you do is content you choose to create and share:

• Posts — text, images, videos, polls, and (with Quip+) rich-formatted text.

• Comments and replies, including likes/reactions.

• Quips — short, time-limited media (photos, videos, collages) with optional captions, animated text overlays, drawings, emoji reactions, and a place label if you add one. Quips can include a 15-second music clip you select.

• Direct messages (DMs) — text and reactions you send to other users.

• Live streams — your video broadcast, stream title/topic, and live chat.

• Reports and block lists you create for safety (see 3.8).

Some content is ephemeral (e.g. Quips expire) and some is editable or deletable by you. Content you post publicly can be seen, and in some cases re-shared or screenshotted, by other users — please think before you post.

3.3 Location data

Quipee does not track your precise device location and does not request background or GPS location permission. If you choose to add a place label to a Quip, that label is stored with the Quip and shown to viewers. You are always in control of whether to add it.

3.4 Music "now playing" presence (optional)

If you connect Apple Music (via Apple's MusicKit) or Spotify (via Spotify OAuth), we collect your currently playing and recently played track metadata — song title, artist, album, and artwork — to display a "now playing" presence on your profile. For Spotify, we store OAuth access and refresh tokens so we can refresh this presence; you can disconnect at any time, which revokes our access. We do not collect your full listening history beyond what is needed to show recent presence.

3.5 Identity verification (KYC)

For trust, safety, and verification badges, Quipee may offer or require identity verification, which is performed by our provider Didit. When you go through verification, Didit collects and processes identity information directly (for example your name, a government-issued ID document, and a liveness/selfie check). We do not receive or store your raw ID documents. We receive and store the outcome (status such as approved/declined, a session identifier, and the verification date) so we can grant a badge or apply our policies. Didit's handling of your identity data is governed by Didit's own privacy policy.

3.6 Subscriptions and purchases (Quip+)

Quip+ subscriptions are sold through Apple In-App Purchase and managed with RevenueCat. Apple processes your payment; we never receive your full payment card details. We receive your subscription/entitlement status (for example whether Quip+ is active and since when) linked to your account identifier, so we can unlock features.

3.7 Device, technical, and usage data

• Push notification token (Firebase Cloud Messaging / APNs) so we can send notifications you have enabled.

• Device and app information and diagnostic/crash data (via Google Firebase) to keep the app working.

• App Check / App Attest attestation tokens, used to confirm requests come from a genuine, untampered Quipee app and to deter abuse.

• Usage analytics (Firebase Analytics) — for example screen views and feature events, associated with your account identifier — to understand how the app is used and improve it.

• Storage usage — the cumulative size of media you upload, calculated on our servers to manage storage limits.

• Notification preferences you set.

3.8 Safety and moderation data

• Reports you submit about posts or users (the reason and any notes).

• Blocked-user lists you create.

• Moderation outcomes that may be applied to your account (for example a suspension or ban and the reason), stored in a private area of your account record.

3.9 Support data

If you contact support through the in-app messenger, this is powered by Intercom. We and Intercom process your account identifier, email address, and the messages you send so we can help you.

4. HOW AND WHY WE USE YOUR DATA (AND LEGAL BASES)

We use your personal data for the purposes below. Where GDPR applies, the legal basis is noted in brackets.

• Provide the Service — create your account, host and display your content, deliver DMs, run Quips and live streams, and operate core features. (Performance of a contract — Art. 6(1)(b).)

• Music presence, AI voice, and other optional features you turn on. (Consent — Art. 6(1)(a). You can withdraw consent at any time.)

• Safety, moderation, and integrity — review reports, enforce our Terms, detect abuse and fraud, run identity verification, and apply App Check. (Legitimate interests in a safe community and, where applicable, legal obligations — Art. 6(1)(f)/(c).)

• Subscriptions — process and verify Quip+ entitlements. (Performance of a contract — Art. 6(1)(b).)

• Notifications — send push notifications you have enabled. (Consent / legitimate interests.)

• Support — respond to your questions. (Legitimate interests / performance of a contract.)

• Analytics and improvement — understand usage and improve the app. (Legitimate interests — Art. 6(1)(f). You may object.)

• Legal compliance — comply with applicable law and respond to lawful requests. (Legal obligation — Art. 6(1)(c).)

5. AI FEATURES AND HOW YOUR DATA IS HANDLED

Quipee offers AI-assisted features such as AI summaries of posts and comment threads, and an optional AI chat about those summaries.

• On-device processing. Summaries and chat are generated on your device using a local AI model (and, on supported devices, Apple Intelligence). The content used to generate a summary is processed locally and is not sent to our servers for that purpose. AI model files may be downloaded from Hugging Face; downloading a model does not send your personal content to Hugging Face.

• Optional voice (ElevenLabs). If you enable spoken AI replies, the text to be read aloud is sent to ElevenLabs for text-to-speech. This feature is optional and may require you to configure your own ElevenLabs API key.

• AI output may be wrong. AI-generated summaries and replies can be inaccurate or incomplete. Do not rely on them as fact, advice, or a substitute for reading the original content.

6. WHO WE SHARE DATA WITH

We share personal data only as described here. We do not sell your personal data.

6.1 Other users

Content you choose to make visible (posts, public profile details, comments, Quips, live streams and their chat) is shared with other users according to the audience you select. Reports you file are treated as confidential and are not revealed to the reported user.

6.2 Service providers (sub-processors)

We use trusted providers to deliver the Service. Each processes only the data needed for its function:

• Apple — App distribution, Sign in with Apple, In-App Purchase, push (APNs), and Apple Music presence. Data: purchase/entitlement data, push tokens, Apple ID identifiers, now-playing metadata.

• Google (Firebase) — Authentication, database (Firestore), media storage, cloud functions, push (FCM), analytics, app integrity (App Check), and diagnostics. Data: account data, content, identifiers, usage and diagnostic data.

• Mux — Live video streaming infrastructure. Data: stream metadata and media.

• Didit — Identity verification (KYC). Data: identity documents and verification data (processed by Didit; we receive status only).

• RevenueCat — Subscription management. Data: account identifier, subscription/entitlement status.

• Intercom — In-app customer support. Data: account identifier, email, support messages.

• ElevenLabs — Text-to-speech for optional AI voice. Data: text submitted for synthesis.

• Spotify — Music "now playing" presence (if connected). Data: OAuth tokens, current/recent track metadata.

• Hugging Face — Hosting of downloadable on-device AI models. Data: model download requests (no personal content).

6.3 Legal, safety, and business transfers

We may disclose data if required by law or valid legal process, to enforce our Terms, to protect the rights, safety, and security of our users or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

7. PUSH NOTIFICATIONS

We send push notifications (for example for likes, comments, follows, mentions, and new messages) using Firebase Cloud Messaging and Apple Push Notification service. You can control notification categories within the app and turn notifications off entirely in your device settings.

8. ADVERTISING AND TRACKING

Quipee does not show third-party ads, does not use advertising SDKs, and does not track you across other companies' apps or websites. We do not request App Tracking Transparency permission and do not use the advertising identifier (IDFA). We use first-party analytics (Firebase Analytics) only to operate and improve Quipee.

9. INTERNATIONAL DATA TRANSFERS

Some of our providers are located in the United States and other countries outside the EEA. Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and/or adequacy decisions. You can contact us for more information.

10. HOW LONG WE KEEP DATA

• Account and profile data — for as long as your account is active.

• Content — until you delete it or your account, except where retention is required for legal, safety, or moderation reasons; Quips and other ephemeral content expire automatically.

• Identity-verification status — for as long as needed for the related badge or safety purpose, then deleted or anonymized.

• Support messages — as needed to resolve your request and for our records.

• Backups and logs — for a limited period before being overwritten.

When you delete your account, we delete or anonymize your personal data within a reasonable period, except data we must keep for legal compliance, dispute resolution, or to enforce our agreements.

11. HOW WE KEEP DATA SECURE

• Data is encrypted in transit (HTTPS/TLS).

• DMs can be end-to-end encrypted if you enable encryption for a conversation; when enabled, message contents are encrypted on your device and we cannot read them. Encryption keys are stored in your device's secure Keychain.

• Face ID can be used to sign back in; biometric data is handled by Apple on your device and never reaches us.

• We use App Check / App Attest to help ensure requests come from a genuine app.

No method of transmission or storage is 100% secure, but we work to protect your data and to notify you and regulators of breaches as required by law.

12. YOUR PRIVACY RIGHTS

12.1 If you are in the EEA / UK (GDPR / UK GDPR)

You have the right to:

• Access the personal data we hold about you;

• Rectify inaccurate or incomplete data;

• Erase your data ("right to be forgotten");

• Restrict or object to certain processing (including processing based on legitimate interests);

• Data portability (receive your data in a portable format);

• Withdraw consent at any time, where processing is based on consent; and

• Lodge a complaint with your local data protection authority. (In the Czech Republic, this is the Úřad pro ochranu osobních údajů — uoou.gov.cz.)

12.2 If you are in California (CCPA/CPRA)

You have the right to know what personal information we collect and how we use it, to access and delete it, to correct it, and to not be discriminated against for exercising your rights. We do not sell or "share" (for cross-context behavioral advertising) your personal information.

12.3 How to exercise your rights

You can edit much of your information directly in the app (profile, content, notification settings, connected music services) and delete your account in the app's settings. For any request, email [email protected]. We will respond within the timeframes required by law and may need to verify your identity before acting on a request.

13. CHILDREN

Quipee is intended for users 16 years of age and older. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us personal data, contact [email protected] and we will take steps to delete it. Where required, we will seek verifiable parental consent or restrict the account.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by other reasonable means and update the "Last updated" date above. Your continued use of Quipee after changes take effect means you accept the updated policy.

15. CONTACT US

Filip Bukovina — OpenSide CEO

Email: [email protected]

Did this answer your question?