Privacy Policy
Last updated: July 2026
Queath exists to help you organize sensitive information for the people who may one day need it. That only works if you can trust how we handle it. This policy describes what we collect, why, and the controls you have.
What we collect
- Account information: email, name, and profile details you provide.
- Content you add: vault items, document references, uploads, instructions, legacy entries, and people you list. You control all of it.
- Usage events: privacy-respecting, first-party product analytics (e.g. “report generated”). We do not use third-party ad trackers.
- Security logs: sign-ins, permission changes, document access, and similar events, kept to protect your account and shown to you in your settings.
What we never do
- We do not sell or rent your data.
- We do not run advertising or share data with ad networks.
- We do not train AI models on your content.
- We do not look at your content except with your consent to resolve a support issue, or where required by law.
How your content is protected
- Uploaded documents are encrypted before they reach storage and access is signed and logged.
- Sharing is explicit: nothing is visible to trusted contacts unless you grant it.
- Emergency access requires your configured workflow, with notification, a waiting period, and your ability to deny.
AI and OCR processing
AI/OCR processing runs only when you explicitly request it for a specific document, with the scope and credit cost shown first. Outputs are suggestions you review; you can delete extracted text, summaries, and suggested fields at any time. Highly sensitive documents are excluded by default.
Your controls
- Export your data from Settings at any time.
- Request account deletion from Settings; content is removed from production systems and backups on a fixed schedule.
- Manage email preferences, sharing, and consents from your account.
Cookies
Queath sets one essential cookie (your sign-in session) and, only with your consent, records first-party analytics events. You can choose “Essential only” in the cookie banner, and change your mind at any time by clearing the queath_consent cookie. We use no advertising or third-party tracking cookies.
For users in the EU/EEA, UK, and Switzerland (GDPR)
Queath processes personal data as a controller under the following legal bases:
- Contract: providing the service you signed up for (account, vault, sharing, reports, reminders).
- Consent: optional analytics, AI/OCR processing of your documents, sharing with people you designate, and referral introductions. Consent can be withdrawn at any time from your settings.
- Legitimate interest: security logging, fraud prevention, and service operations.
- Legal obligation: records we must keep by law.
You have the right to:
- Access and receive a copy of your data (Settings → Export, machine-readable JSON).
- Rectify inaccurate data (editable throughout the app).
- Erasure (Settings → Delete account; completed within 30 days including backup rotation).
- Restrict or object to processing, and withdraw consent, without affecting prior processing.
- Data portability.
- Lodge a complaint with your local supervisory authority.
Data is hosted with infrastructure providers that may process it in the United States; transfers rely on Standard Contractual Clauses or an adequacy framework. Retention: account data is kept while your account is active and deleted on account deletion; security and audit logs are retained up to 24 months.
For California residents (CCPA/CPRA)
Queath does not sell your personal information and does not share it for cross-context behavioral advertising.Because we do not sell or share personal information, no “Do Not Sell or Share” opt-out is required; this statement serves as our notice. We also do not use or disclose sensitive personal information for purposes beyond providing the service you request.
California residents have the right to:
- Know what personal information we collect, use, and disclose (described in this policy).
- Access and receive a copy of it (Settings → Export).
- Correct inaccurate information.
- Delete it (Settings → Delete account).
- Non-discrimination: exercising these rights never changes your service or pricing.
You may exercise any right yourself in the app or through our contact form, including through an authorized agent. We verify requests via your account email.
Other regions
Residents of other jurisdictions with privacy laws (including Virginia, Colorado, Connecticut, Utah, Canada's PIPEDA, and similar) have equivalent rights of access, correction, deletion, and portability, exercisable through the same in-app tools or through our contact form.
Contact
Privacy questions, data-rights requests, and data protection inquiries all go through our contact form, which routes to the responsible person.