← Back to Quiva
Privacy Policy
Effective date: 19 March 2026 · Last updated: 23 April 2026
Quiva is operated by COSARCA ST DANIEL MARIUS PERSOANA FIZICA AUTORIZATA. This Privacy Policy explains how we collect, use, and protect your information when you use the Quiva iOS app ("App") or visit our website at getquiva.app ("Site").
1. Information We Collect
A. Information you provide directly
- Onboarding profile — when you first open the app, we ask for your occupation, interests, goals, pain points, and usage frequency. This is stored locally on your device and used to personalise your experience.
- Raffle entries — if you enter our launch raffle on getquiva.app, we collect your email address to run the raffle and notify winners. Your email is stored securely in Firebase Firestore; your IP address is stored only in hashed (non-reversible) form.
- Marketing consent — when entering the raffle, you may optionally consent to receive product updates. You can withdraw this consent at any time by contacting us.
We use your email to communicate with you about Quiva and your raffle entry. We do not sell your personal data. If you choose to receive updates, we may also use your email for our own marketing purposes, including helping us reach people who may be interested in Quiva. This may involve working with platforms such as Meta and Google. We only use your data for these purposes and handle it securely.
B. Information collected automatically
- Usage data — via Firebase Analytics, we collect information about how you use the App: features used, summaries created, mind maps generated, settings changed, and time spent on screens.
- Video content — when you summarise a YouTube video, the video's transcript is sent to our backend server (hosted on Railway) to generate your summary. We do not store transcripts on our servers after processing.
- Crash reports — via Firebase Crashlytics, we collect crash and error data to improve app stability. This may include device type, iOS version, and app state at the time of the crash.
- Subscription status — we record whether you are a free or Pro subscriber to enforce usage limits. Payments are processed entirely by Apple and we never receive your payment details.
C. Information we do NOT collect
- We do not collect your name, phone number, or any contact information through the App.
- We do not collect precise location data.
- We do not use advertising identifiers (IDFA) or track you across other apps or websites.
2. How We Use Your Information
| Data |
Purpose |
Legal Basis (GDPR) |
| Onboarding profile |
Personalise your experience |
Legitimate interest |
| Usage analytics |
Understand how the app is used and improve it |
Legitimate interest |
| Crash data |
Fix bugs and improve stability |
Legitimate interest |
| Video transcripts |
Generate AI summaries (processed and discarded) |
Performance of contract |
| Subscription status |
Enforce free/Pro usage limits |
Performance of contract |
| Raffle email addresses |
Run the launch raffle and notify winners |
Consent |
| Marketing-consented emails |
Product updates, targeted ads on Meta and Google |
Consent (separate opt-in) |
3. Third-Party Services
We use the following third-party services that may process your data:
- Firebase Analytics & Crashlytics (Google LLC) — usage analytics and crash reporting. Data may be transferred to and stored in the United States. Google is certified under the EU-US Data Privacy Framework. See Google's Privacy Policy.
- Railway — our backend server that processes video transcripts and generates AI summaries. Transcripts are not retained after processing.
- Supadata — a third-party service used as a fallback to retrieve YouTube transcripts.
- Apple StoreKit — handles all subscription payments. We never receive your payment details. See Apple's Privacy Policy.
4. Data Retention
- Onboarding profile and preferences — stored locally on your device indefinitely, or until you delete the app.
- Video history — stored locally on your device. You can delete it at any time via Settings → Clear History.
- Analytics data — retained by Firebase for up to 14 months per Google's standard retention policy.
- Raffle email addresses — deleted within 30 days after the raffle ends.
- Marketing-consented emails — retained until you unsubscribe or request deletion.
5. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Deletion — request that we delete your personal data.
- Rectification — request that we correct inaccurate data.
- Portability — request your data in a machine-readable format.
- Objection — object to our processing of your data based on legitimate interests.
- Withdraw consent — if you entered the raffle, you may withdraw consent and have your email removed at any time.
To exercise any of these rights, contact us at support@getquiva.app. We will respond within 30 days.
6. Data Security
We take reasonable measures to protect your data. All data transmitted between the App and our backend is encrypted in transit using HTTPS. Sensitive keys are stored in the iOS Keychain. However, no method of transmission over the internet is 100% secure.
7. Children's Privacy
Quiva is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at support@getquiva.app.
8. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
9. Contact