Privacy policy

Last updated: March 2026

Our commitment

Quipd is designed with privacy in mind. We collect the minimum data necessary to operate and do not require accounts, logins, or personal information.

What we collect

When you submit a response, we store:

• Your six-word text
• The daily word it responds to
• The date of submission
• A heart count
• An anonymous device token (a random UUID)

We do not collect:

• Your name, email, or phone number
• Your Apple ID or iCloud account
• Your location
• Your device model or operating system version
• Your IP address (though Apple CloudKit may log IPs for security)
• The Apple Identifier for Advertisers (IDFA)

Anonymous device token

Your device token is a random identifier (UUID) created the first time you use the app. It serves two purposes: preventing duplicate submissions and preventing duplicate hearts. The token is:

• Generated randomly on your device
• Stored locally in your device's UserDefaults
• Stored in CloudKit alongside your responses
• Not linked to your Apple ID, iCloud account, or any other identity
• Never shared with third parties other than Apple CloudKit

If you uninstall and reinstall the app, a new token is generated. Your previous responses will remain in CloudKit but will no longer be associated with your device.

Content filtering

Quipd uses an automated profanity filter that scans your response text before submission. This filtering happens locally on your device. No data about filtered content is transmitted or logged.

CloudKit storage

All data is stored in Apple CloudKit (container: iCloud.app.quipd.Quipd), a cloud database service operated by Apple Inc. We use CloudKit's public database, which means:

• Data may be stored in Apple data centres in the United States or other regions
• Apple handles all encryption in transit and at rest
• Apple's security standards and infrastructure protections apply
• We do not operate our own servers

For details on how Apple handles CloudKit data, see Apple's Privacy Policy.

Data retention

Quipd retains data as follows:

• Non-winning responses: Automatically deleted after 48 hours
• Winning responses: Preserved indefinitely as part of the word chain history (the response text, word, and heart count are kept; no personal data is included)
• Hearts: Deleted when the associated response is deleted
• Word chain history: Kept indefinitely (contains words and winning response text only)
• Device token in CloudKit: Retained as long as associated responses exist

Advertising

The free version of Quipd shows one interstitial advertisement after you submit a response each day. Ads are provided by Google AdMob. Google may collect:

• Device identifiers
• IP address
• General usage data

This data is used by Google for ad delivery and measurement. You can opt out of personalised advertising in iOS Settings > Privacy & Security > Apple Advertising. For more information, see Google's Privacy Policy and How Google uses data.

Quipd+ users see no advertisements and no data is shared with Google AdMob.

Analytics

We use Apple's built-in App Store Connect analytics to understand aggregate usage patterns such as installs, sessions, and retention. This data is anonymised and aggregated by Apple. We do not use any third-party analytics SDKs other than Google AdMob.

Children's privacy

Quipd is rated 12+ on the App Store. We do not knowingly collect data from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has used the app, please contact us at support@quipd.app and we will address it promptly.

Your rights

Depending on your location, you may have rights under privacy laws such as GDPR (EU) or CCPA (California). Here's how we address common requests:

• Right to know: This policy describes all data we collect
• Right to access: Your responses are visible to you in the app while they exist
• Right to delete: Non-winning responses are automatically deleted after 48 hours. To delete your device token and disassociate from your responses, uninstall and reinstall the app
• Right to opt out of sale: We do not sell personal data

Winning responses that become part of the word chain cannot be deleted as they contain no personal information and are integral to the service. If you have concerns, contact us at support@quipd.app.

Data security

We rely on Apple CloudKit's security infrastructure, which includes encryption in transit (TLS) and at rest. We do not store sensitive data and do not have access to Apple's infrastructure security measures directly.

Data breach notification

In the unlikely event of unauthorised access to CloudKit data, we will notify affected users via the app and relevant authorities as required by applicable law within 72 hours of becoming aware of the breach.

Third-party services

Quipd uses the following third-party services:

• Apple CloudKit: Data storage — Privacy Policy
• Google AdMob: Advertising (free users only) — Privacy Policy
• Apple App Store: Distribution and purchases — Privacy Policy

International transfers

Data stored in Apple CloudKit may be transferred to and processed in countries outside your country of residence, including the United States. Apple provides appropriate safeguards for such transfers in accordance with applicable law.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app at least 14 days before taking effect. The current version is always available at quipd.app/privacy.

Contact

Questions about privacy? Email support@quipd.app.