Legal

Privacy Policy

Effective date: June 6, 2026 · Last updated: June 6, 2026

Quis is built around one promise: your address book stays yours. This policy explains, in plain language, what data Quis touches, what leaves your device, and what we never see. It is written to match how the app actually works, not how a generic template thinks it works. If anything here is unclear, write to privacy@quis.co.

1. Who we are

Quis is provided by Quis Technologies, LLC, a Delaware (USA) limited liability company (“Quis”, “we”, “us”). You can reach us at privacy@quis.co for any privacy question, deletion request, or complaint.

For users in the European Economic Area, the United Kingdom, or Switzerland, Quis Technologies, LLC acts as the data controller for the limited personal data described below.

2. The short version

  • Your contacts live on your device. Quis reads them from your phone's native address book to organize them and add context (where you met, when, notes, groups). The contact data itself (names, phone numbers, emails) is not copied to our servers.
  • A few things have to leave your device for the app to work: approximate coordinates when you want a meeting place looked up, the text you type into a location search, and the photo of a business card when you scan one. These are processed by Google Cloud on our behalf and not used to build a profile of you.
  • There are no ads, no ad trackers, and no advertising identifiers. We do not sell or rent your data. Ever.
  • You sign in anonymously. No email, phone, or account name required to use Quis. We identify your installation only by a random pseudonymous identifier.
  • You can delete everything by deleting the app. All Quis-managed data on your device is removed. Server-side caches auto-expire (see §7).

3. What stays on your device, always

The following data never leaves your device through Quis:

  • Contact names, phone numbers, email addresses, postal addresses, photos, birthdays, notes, social handles, and groups read from and written to your native address book.
  • Your favorites marked on contacts.
  • The timestamps and coordinates of your meetings, once captured (see §4 for the brief moment coordinates may be sent for a place lookup).
  • Your app settings and preferences.
  • The insights and statistics Quis computes about your network. These are calculated entirely on your device and are not transmitted.

All of this is stored in a local database on your device, alongside your phone's native address book.

4. What Quis sends off-device, and to whom

Quis makes network calls only when needed for a specific feature. Each call below is the complete list of personal data transmitted, the recipient, and the purpose.

4.1 Anonymous sign-in (Firebase Authentication)

  • What: A randomly generated pseudonymous identifier (a Firebase UID) is created the first time you launch the app.
  • Where: Google Firebase Authentication (Google LLC, USA).
  • Why: To prove to our backend that requests come from a real Quis install, so we can throttle abuse.
  • What it is not: It is not linked to your name, email, phone, advertising ID, or any social account.

4.2 App integrity check (Firebase App Check)

  • What: A device attestation token issued by Google Play Integrity (Android) or Apple App Attest / DeviceCheck (iOS).
  • Where: Google and Apple, then validated by our backend.
  • Why: To block bots and tampered builds from calling our APIs.

4.3 Place name lookup (“reverse geocoding”)

  • What: The approximate latitude/longitude of a meeting (rounded for caching) and your language preference.
  • Where: A Quis Cloud Function in Google Cloud (us-central1), which queries the Google Maps Geocoding API and caches the result for up to 120 days in Cloud Firestore.
  • Why: To turn coordinates into a human-readable place name (“245 Main St, San Francisco”).
  • When: When you add a contact, when the background listener stamps a new contact added outside Quis, or when you manually trigger a refresh.

4.4 Place search

  • What: The text you type into a location field, optionally biased by your current approximate coordinates, and your language preference.
  • Where: A Quis Cloud Function, which calls the Google Places API. Place suggestions are cached for up to 14 days.
  • Why: To suggest places as you type.

4.5 Business card scan

  • What: The JPEG or PNG image of the business card, cropped to the card frame you align it in, that you confirm before scanning.
  • Where: A Quis Cloud Function, which passes the image to an AI model running in Google Cloud for field extraction. The image is held in memory only for the moment it takes to read the card, then discarded. We do not store the image, and we do not store the contact fields the model returns — those are sent straight back to your device. We keep only an anonymous record that a scan happened (see §4.8 and §7).
  • Why: To extract name, company, phones, emails, addresses, and social handles from the card.
  • Your control: This only happens when you choose to scan a card. You can always type contacts in by hand instead.

4.6 Map tiles

  • What: Your current map viewport (the region you're looking at).
  • Where: Mapbox (Mapbox, Inc., USA), used to render maps.
  • Why: To display the map. Mapbox processes this under its own privacy policy.

4.7 Font loading

  • The first time you launch Quis, font files (Fraunces, Manrope) may be fetched from Google Fonts so the app renders with our typography. No personal data is sent beyond a standard HTTPS request.

4.8 Error monitoring and product analytics

Quis uses two narrow telemetry signals so we can keep the app working and understand which features matter. They are treated differently because they serve different purposes.

Crash and error reports (Sentry) (Functional Software, Inc., USA). Always on.

  • What: Uncaught exceptions and error events, with the stack trace, the file and line where the error happened, the Quis app version, the device model and OS version, the network reachability state, and a short breadcrumb trail of the user actions that preceded the crash (e.g. “opened scanner”, “tapped save”). Your pseudonymous install ID (see §4.1) is attached so we can tell whether one install hit the same crash twice or two installs hit it once.
  • What it is not: Contact names, phone numbers, emails, addresses, notes, photos, business-card images, search text, and coordinates are stripped before transmission by a beforeSend scrubber. Sentry session replay is off.
  • Why: Crash reporting is necessary for the basic reliability of the Service; without it we cannot tell that a feature is broken in the field. For users in the EEA / UK / Switzerland, our legal basis is legitimate interests (Art. 6(1)(f) GDPR) in keeping the app operational and secure, balanced against your interests by the heavy PII scrubbing above. You can object to this processing at any time by writing to privacy@quis.co (see §9).
  • Retention: Per our Sentry configuration, 30 days, then automatically deleted.

Anonymous product events (PostHog) (PostHog, Inc., USA). Always on.

  • What: A small, fixed list of coarse events with no personal data attached. For example: app_launched, scan_started, scan_succeeded (with a duration bucket and the model latency), scan_failed (with the error code), contact_added (with the source: manual / scan / vCard import / background listener), background_wake (with the outcome and a coarse latency), feature_opened (with the feature name), setting_changed (with the setting name and the new value when it is a boolean or enum). Each event includes the install's pseudonymous Firebase UID, the app version, the platform (iOS/Android), and the device class (e.g. “iPhone 15”, “Pixel 8”). PostHog also derives an approximate location — city, region, and country — from the IP address of the request at ingestion; the IP itself is not stored on the event.
  • What it is not: No contact data, no place names, no search text, no card payloads, no free-text notes, no precise coordinates, no advertising or attribution identifiers, and no session replay.
  • Why: To see which features get used, where the app underperforms, and whether the changes we ship actually improve things. For users in the EEA / UK / Switzerland, our legal basis is legitimate interests (Art. 6(1)(f) GDPR) in understanding and improving the Service, balanced against your interests by the anonymisation above. You can object at any time by writing to privacy@quis.co (see §9).
  • Retention: Per our PostHog configuration, raw events are retained for 12 months and aggregated metrics indefinitely.

5. Permissions, and exactly why we ask

PermissionWhy Quis asksWhat happens if you decline
Contacts (read/write)To show your contacts in Quis, add Quis-specific context to them, and write back changes you make.Quis cannot function; there are no contacts to organize.
Location (while in use)To stamp where you met a contact at the moment you add them.You can still add contacts; they will not have a location.
Location (always / background)So Quis can notice when a contact appears in your address book outside the app (e.g. you added it in iOS Contacts) and stamp the place automatically. iOS uses Significant Location Change (~500 m); Android uses periodic ~15-minute wakes. We do not continuously track your location.Contacts added outside Quis are saved with no location.
CameraTo scan business cards and to set contact photos.You can still add and edit contacts manually.
Photo LibraryTo pick a contact photo or a card image from your library.You can use the camera or skip the photo.
NotificationsReserved for a future feature, not currently used to send messages.No effect today.

You can change any of these at any time from your operating system's settings.

6. Background processing

When you enable the background listener in Settings:

  • On iOS, Quis registers for Significant Location Change and Visit events. The OS wakes Quis briefly when you move ~500 meters or after lingering somewhere. Quis checks whether any new contacts appeared in your native address book since the last wake. If so, it stamps them with the current approximate coordinates and asks our backend for a place name (see §4.3).
  • On Android, WorkManager runs Quis approximately every 15 minutes (the OS minimum) to do the same check.

Quis does not continuously stream your location, build a movement history, or share location with anyone other than Google for the single reverse-geocoding lookup described in §4.3. You can disable the listener at any time in Settings.

7. How long we keep data

  • On your device: until you delete the contact, clear the data, or uninstall the app.
  • Reverse-geocode cache (server): up to 120 days, then automatically deleted.
  • Place-search cache (server): up to 14 days, then automatically deleted.
  • Business card images (server): held in memory only during extraction, then discarded. They are never written to storage or logs, and the extracted fields are returned to your device without being stored on our servers. We retain only an anonymous event recording that a scan occurred (no image, no contact data).
  • Authentication and App Check tokens: retained while your install is active; recreated as needed.
  • Server logs (Google Cloud Logging): standard short retention windows defined by Google Cloud Platform, used only for operational debugging.

8. Who else processes your data (“subprocessors”)

We use the following third parties to operate Quis. We choose providers with strong security practices and configure them to process only what is strictly necessary.

ProviderRoleData
Google LLC: Firebase Auth, App Check, Cloud Functions, Cloud Firestore, Vertex AI, Maps Geocoding, Places, Cloud LoggingBackend, AI extraction, geocodingAnonymous UID, coordinates, search text, card images, cache entries
Mapbox, Inc.Map renderingMap viewport coordinates
Google LLC: Google FontsFont deliveryStandard HTTPS request metadata
Functional Software, Inc. d/b/a SentryCrash and error monitoringScrubbed exception traces, install ID, app/device version
PostHog, Inc.Anonymous product analyticsCoarse event names, install ID, app/device version
Resend (Plus Five Five, Inc.)Email delivery for feedback you choose to send usYour message and, if you provide it, your email address

We do not use ad networks, attribution SDKs, social-graph SDKs, or data brokers.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Specifically:

  • EEA / UK / Switzerland (GDPR / UK GDPR): rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.
  • California (CCPA / CPRA): rights to know, delete, correct, and opt out of “sale” or “sharing” of personal information. We do not sell or share your personal information.
  • Other US states (Virginia, Colorado, Connecticut, Utah, and others with comprehensive privacy laws): similar access, correction, and deletion rights.

To exercise any right, write to privacy@quis.co from the email you'd like us to reach you at, and describe what you would like us to do. Because Quis does not store an email or name for you, you will need to help us identify the install in question (we may, for example, ask for the pseudonymous Firebase UID visible in Settings → About in a future build).

Most data can be deleted directly by you: remove a contact in Quis, clear app data in your OS settings, or uninstall the app. Server-side caches expire automatically as described in §7.

10. Legal basis for processing (EEA / UK / Switzerland)

  • Performance of a contract (the Terms of Service): so that the app, scanner, geocoding, and search work for you.
  • Legitimate interests: anti-abuse (App Check), crash reporting, product analytics, short-lived diagnostic logs, and security (see §4.8).
  • Consent: background-location use, which you explicitly enable in Settings.

You can withdraw consent at any time by disabling the relevant feature in Settings or by uninstalling Quis.

11. International data transfers

Quis's backend runs in Google Cloud's us-central1 region (United States). If you use Quis from outside the United States, the data described in §4 will be transferred to the US. Where required, we rely on the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum, together with the supplementary measures imposed by our subprocessors.

12. Security

We use HTTPS for all network traffic, Firebase App Check to gate our APIs, anonymous authentication tokens, and least-privilege server roles. No system is perfectly secure, but the surface area we expose is intentionally small: there is no account to take over, no central directory of users, and no copy of your contacts on our servers.

13. Children

Quis is not directed at children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal data from children. If you believe a child has used Quis, write to privacy@quis.co and we will delete the relevant install.

14. Changes to this policy

When we change this policy materially, we will update the Effective date above and post the revised policy. Material changes take effect when posted, and your continued use of Quis afterward means you accept the updated policy. Minor edits (typos, clarifications) will only update the Last updated date.

15. Contact

  • General privacy questions and data-subject requests: privacy@quis.co
  • Security reports: security@quis.co
  • Postal: Quis Technologies, LLC, c/o Legalinc Corporate Services, Inc., 651 N Broad St, Suite 206, Middletown, DE 19709, USA

← Back to home