QUINAPSE LEGAL
Privacy Policy
Last updated: 2026-05-24 Effective date: 2026-05-17
This Privacy Policy describes how Quinapse ("we," "us," "our") collects, uses, and shares personal data when you use the Quinapse mobile application or website (collectively, the "Service").
If you do not agree with this Policy, do not use the Service.
1. Data controller
The controller of your personal data is:
Andrei Romaniuk Natural person (individual), Kazakhstan Postal address: 57 Tole Bi St, Astana 010000, Kazakhstan
Contact for privacy questions and data-subject requests: legal@quinapse.com.
We have not appointed a Data Protection Officer; for GDPR matters, all correspondence should be sent to the address above.
2. What we collect, and why
We collect only what we need to run the Service. We do not sell personal data, and we do not share it for cross-context behavioural advertising.
2.1 Account data
When you sign in via Apple, Google, or email one-time code, we receive:
- a stable user identifier from the identity provider;
- the email address associated with that identity (or a private relay address in the case of Sign in with Apple);
- a display name and avatar if the provider supplies them.
Purpose: to create and maintain your account, authenticate your sessions, and contact you for account or security matters. Legal basis (GDPR Art. 6): performance of a contract (Art. 6(1)(b)). Retention: for the life of your account plus up to 12 months for backup and dispute-resolution purposes.
2.2 Reading and recall data
We store the articles you have opened, your reading progress, your recall session answers, and aggregated reading statistics.
Purpose: to deliver the core reading experience, schedule spaced repetition, and provide personal reading statistics. Legal basis: performance of a contract. Retention: for the life of your account.
2.3 Subscription and payment data
If you purchase a subscription, the transaction is processed by Apple or Google Play, depending on your device. We do not receive your full payment card number. We do receive, through RevenueCat, a subscription identifier, the product purchased, status (active, trial, cancelled), and country of purchase.
Purpose: to entitle you to premium features and reconcile our records with the stores. Legal basis: performance of a contract. Retention: for the life of your account plus the period required by tax and accounting law of the operator's jurisdiction (typically 5–7 years).
2.4 Device and diagnostic data
When the app encounters an error or crash, we collect a crash report containing:
- device model, operating system, app version, locale;
- a stack trace of the failing operation;
- a small breadcrumb trail of the in-app navigation immediately preceding the crash (no article body content, no email, no message content).
Purpose: to detect and fix bugs, prevent regressions, and maintain Service quality. Legal basis: legitimate interest in providing a reliable service (Art. 6(1)(f)). Retention: crash reports are kept for 90 days, then aggregated or deleted.
2.5 Communications
If you write to us at legal@quinapse.com or any other published address, we store your message and our reply.
Purpose: to respond to your request and keep an audit trail. Legal basis: legitimate interest (Art. 6(1)(f)) or, where the request relates to a contract, performance of a contract. Retention: 24 months from the last reply.
2.6 What we do NOT collect
- We do not request or store your phone number.
- We do not access your contacts, photos, microphone, or location.
- We do not track you across other apps or websites for advertising.
- We do not use third-party advertising SDKs.
- Sentry crash reports are filtered to exclude email addresses, message bodies, and full article content; only stable identifiers, durations, and error codes flow through.
3. How we share data with third parties
We share personal data only with the processors below, and only to the extent necessary for them to deliver their part of the Service. Each processor is bound by a data processing agreement.
| Processor | Purpose | Location | Data shared |
|---|---|---|---|
| Apple (Sign in with Apple, App Store) | Authentication, subscription billing | United States, Ireland | User identifier, subscription state |
| Google LLC (Sign in with Google, Google Play, Firebase Cloud Messaging) | Authentication, subscription billing, push notifications | United States, Ireland | User identifier, subscription state, FCM device token |
| Amazon Web Services, Inc. (Cognito, Lightsail, RDS, S3, CloudFront, Route 53) | Authentication, hosting, content delivery | United States, primary region varies | Account data, reading data, infrastructure logs |
| RevenueCat, Inc. | Subscription state aggregation across stores | United States | User identifier, subscription identifier, country code |
| Functional Software, Inc. (Sentry) | Crash and error reporting | United States | Device model, OS, app version, stack traces, PII-redacted breadcrumbs |
We may also disclose personal data:
- when required by law, court order, or other legal process;
- to protect the rights, property, or safety of Quinapse, our users, or the public;
- in connection with a corporate transaction (merger, acquisition, sale of assets) — in which case we will provide notice before your data becomes subject to a different privacy policy.
4. International transfers
The processors above operate in the United States and the European Economic Area. When we transfer personal data outside your country of residence, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA / UK to the United States;
- Adequacy decisions where applicable (for example, transfers between EEA countries);
- the EU–US Data Privacy Framework for processors certified under it.
You may request a copy of the safeguards in place by emailing legal@quinapse.com.
5. Your rights
Under the GDPR (if you are in the EEA / UK), the CCPA / CPRA (if you are in California), or comparable laws elsewhere, you may have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data (subject to legal retention requirements);
- restrict or object to certain processing;
- portability — receive your data in a structured, machine-readable format;
- withdraw consent at any time where we rely on consent;
- lodge a complaint with your local data protection authority.
We do not sell personal data, so the CCPA "do not sell" right does not apply in practice — but you can confirm this in writing if needed.
To exercise any of these rights, write to legal@quinapse.com. We respond within 30 days. We may ask you to verify your identity by signing in to the account whose data is being requested.
6. Account deletion
You can delete your account at any time:
- from the Profile screen in the Quinapse app;
- by writing to legal@quinapse.com from the email address on the account.
Account deletion removes your reading data, recall data, profile, and access to the Service within 30 days. We retain pseudonymised analytics and financial records as required by law (see retention periods above).
Note that deleting your account from Quinapse does not cancel an active Apple or Google subscription — you must cancel it in your store account separately (see Terms of Service §5).
7. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, write to legal@quinapse.com and we will delete it.
In jurisdictions where the age of digital consent is higher than 16, that higher age applies.
8. Security
We use industry-standard measures to protect personal data: encryption in transit (HTTPS / TLS 1.2+), encryption at rest for managed databases, scoped IAM roles, network isolation in AWS VPC, secrets management, and short-lived access tokens. No system is perfectly secure; we cannot guarantee absolute security.
If we become aware of a personal data breach affecting your data, we will notify the relevant supervisory authority and, where required, you, in line with applicable law.
9. Cookies and similar technologies
The Quinapse mobile app does not use browser cookies. The Quinapse website uses only essential cookies and local storage strictly necessary to operate the site (for example, to keep you signed in to the admin area). We do not use advertising or third-party analytics cookies on the website at this time.
10. Changes to this Policy
We may update this Policy. Material changes will be announced through the Service or by email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
11. Contact
For any privacy question, request, or complaint:
Quinapse (operated by Andrei Romaniuk) 57 Tole Bi St, Astana 010000, Kazakhstan Attn: Privacy Email: legal@quinapse.com
Adapted, with modifications, from the open-source policy templates published by Basecamp under CC BY 4.0 (https://github.com/basecamp/policies) and from the public reference language of the iubenda open template set. The original templates have been substantially edited to fit Quinapse's data flows; remaining mistakes are ours.