Quill Privacy Policy

Effective date: August 23, 2025
Who we are: Quill is operated by Delver Sciences LLC (“Quill,” “we,” “us,” “our”).
Contact: privacy@quillshops.com | Delver Sciences LLC, Denver, CO, USA.

This Privacy Policy describes how we collect, use, disclose, and protect information about: (a) shoppers who use the Quill iOS app, and (b) merchants who use QuillShops.com and our merchant tools. It also explains your choices and rights under U.S. and international laws.

By using Quill or visiting QuillShops.com, you agree to this Policy.

1) What we collect

A. Information you provide

  • Account & profile: name, email, phone number (including for SMS/phone verification), password or sign-in tokens, tier selection, and optional profile details.
  • Merchant business info: business name, address, category, descriptions, images, funding/balance settings, and offer configuration.
  • Communications: messages or requests sent to us (support, feedback), email/SMS preferences, and content you submit in forms.
  • Referrals: if you participate in our referral program, we record participation and reward attribution.

B. Information we collect automatically

  • Device & app data: device model, OS version, app version, language, crash logs, diagnostics, and performance signals.
  • Approximate & precise location (with permission): used for geofencing (detecting when you’re near a participating merchant) and for verifying in-person visits. On iOS, you control location permissions (Never/Ask Next Time/While Using the App/Always). If you choose Always Allow, we may process location events in the background solely to support visit verification and rewards.
  • Network & identifiers: IP address, in-app identifiers (e.g., Firebase IDs), push token; we do not use IDFA for cross-app behavioral advertising.
  • Website usage (QuillShops.com): cookies and similar technologies for necessary site features, analytics, and session security (see Section 9).

C. Information we create or derive

  • Visit & claim logs: timestamps, geofence events, merchant ID, market/event ID, claim cooldown status, tier at time of claim, reward amount, anti-fraud signals.
  • Balances & receipts: shopper rewards, merchant funding balances, gift-card redemptions (if used), and transaction metadata.
  • Quality & safety signals: device/usage patterns that help prevent spam, abuse, or fraudulent claims.

D. Information from third parties

  • Auth & messaging: email delivery (e.g., Twilio SendGrid) and SMS/phone verification (e.g., Twilio Verify).
  • Maps & places: Google Maps/Places for mapping, merchant lookup, and geocoding.
  • Payments: Stripe (merchant deposits, card processing). For shopper cash-outs, we may use gift-card providers (e.g., Tango Card) or other payment partners (e.g., PayPal/Venmo) when enabled.
  • Public & merchant-submitted data: business images, descriptions, and location details you or a third party provide.

2) How we use information

We use personal information to:

  • Provide and improve Quill: account creation/authentication, geofencing and location-based visit verification, cooldown enforcement, rewards issuance, balances/receipts, and app features.
  • Show nearby offers & markets: display relevant pins, vendors, and market events based on location and preferences.
  • Communicate with you: verification codes, transactional notices (claims, balances, receipts), support updates, and—where permitted—product/news communications (you can opt out).
  • Merchant services: set up merchant accounts, accept deposits via Stripe, display offers, track redemptions, and provide analytics/insights.
  • Safety, security & fraud prevention: detect suspicious activity, enforce claim cooldowns, investigate abuse, and protect accounts.
  • Legal compliance: tax/financial recordkeeping, responding to lawful requests, and enforcing our terms.

What we share with merchants when you claim a reward. When a shopper CLAIMS a reward tied to a specific merchant, we transmit: first and last name; email and/or phone number; visit timestamp; tier level; reward amount; and device/location-based verification identifiers needed to validate that the visit occurred. We do not send payment-card numbers, government IDs, or health information.

3) Legal bases (EEA/UK/Switzerland only)

Where GDPR/UK GDPR applies, our processing relies on:

  • Performance of a contract (providing the app/services you request),
  • Legitimate interests (fraud prevention, service improvement, security),
  • Consent (e.g., precise/background location, marketing emails/SMS, cookie categories), and
  • Legal obligations (recordkeeping, responding to lawful requests).

You can withdraw consent at any time in iOS settings (e.g., revoke location) or via in-app/email preference links.

4) How we disclose information

We disclose personal information to:

  • Merchants (upon your reward claim) as described above.
  • Service providers & processors under contract (e.g., Firebase/Google Cloud for hosting and analytics, Stripe for payments, Twilio/Twilio SendGrid for SMS/email, Apple/Google push notification services, gift-card/payments partners for cash-outs). They may only use data to provide services to us.
  • Business transfers: if we undergo a merger, acquisition, or asset sale, information may be transferred as part of that transaction.
  • Legal & safety: to comply with law, enforce our terms, or protect rights, safety, and property.

We do not sell personal information and do not share it for cross-context behavioral advertising as those terms are defined under certain U.S. state laws.

5) Location & geofencing details

  • Why we collect location: to detect when you’re at or near participating merchants/markets, enable “claim” actions, and prevent fraudulent or premature re-claims (cooldowns).
  • Background processing: if you select Allow Always on iOS, the app may process geofence events in the background to recognize visits reliably.
  • Control: you can change or revoke location permissions in iOS Settings at any time. Without location access, core features (visit verification and rewards) may not function.
  • Storage: we log geofence events and verified claim points; we do not store continuous raw GPS trails.

6) Retention

We keep personal information only as long as necessary to provide the services, for our legitimate business needs (e.g., fraud prevention), and to comply with legal obligations. Typical periods:

  • Account, receipts & balances: up to 7 years (tax/financial recordkeeping and fraud/audit).
  • Diagnostic logs: up to 12 months.
  • Marketing preferences & consent records: for the life of the account and as required by law.
  • Location events: retained as part of visit/claim logs (see above) rather than full path histories.

We may anonymize or aggregate data so it no longer identifies you; we may use such data indefinitely.

7) Security

We use technical and organizational measures to protect information (e.g., encryption in transit, role-based access, least-privilege controls). No system is 100% secure; please use strong credentials and keep your device OS updated. If you believe your account was compromised, contact us immediately at privacy@quillshops.com.

8) Your choices

  • Location: manage in iOS Settings → Privacy & Security → Location Services.
  • Notifications: manage in iOS Settings → Notifications.
  • Email/SMS: opt out via the link or instructions in the message or by contacting us.
  • Account data: you can request access, correction, or deletion (see Rights below).
  • Merchant funding: Stripe handles card details; Quill does not store full card numbers.

9) Cookies & website technologies (QuillShops.com)

We use necessary cookies for sign-in, session security, and forms. We may use analytics cookies (e.g., privacy-friendly measurement) to understand site performance. You can manage non-essential cookies via your browser or our banner (where provided). We do not use cookies for cross-site behavioral advertising.

10) State & international privacy rights

Depending on where you live (e.g., California, Colorado, Virginia, Connecticut, Utah, and countries in the EEA/UK/Switzerland), you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete information (subject to legal exceptions).
  • Port your data in a usable format.
  • Opt out of certain processing, including targeted advertising or profiling (we do not engage in cross-context behavioral advertising).
  • Appeal a decision if we deny a request (for states with an appeals right).

Submit requests to privacy@quillshops.com. We will verify your identity and respond as required by law.
Authorized Agents (CA): You (or your authorized agent) can submit a request with proof of authorization.
Do Not Sell/Share (CA/CO): We do not sell or share personal information as defined by those laws.
Sensitive Data (CO/CT/VA): If we ever process “sensitive” data, we will obtain consent as required.

11) Notice of Financial Incentive (U.S. states like CA/CO)

Quill offers cash-back rewards for verified in-person visits. Participation is optional and constitutes your opt-in.

  • Categories of personal information used: identifiers (name, email, phone), geolocation (visit verification), commercial/transactional data (claims, rewards), and device/technical data for fraud prevention.
  • How the incentive works: when you claim at a participating merchant, you may receive a randomized reward within a published range (e.g., $0.05–$0.40 per visit based on your selected tier).
  • How we value data: a good-faith estimate based on the costs and practical value of operating the rewards program, including service, infrastructure, and anticipated benefits from improved merchant insights and platform growth.
  • Opt-out: stop claiming rewards or contact us at privacy@quillshops.com. You may continue to use non-reward features where feasible.

12) Children’s privacy

Quill is not intended for individuals under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact privacy@quillshops.com and we will take appropriate steps.

13) International transfers

We primarily process data in the United States. If you access Quill from outside the U.S., your information may be transferred to and processed in countries with different data protection laws. Where required, we use appropriate safeguards for such transfers.

14) Third-party services & links

Quill and QuillShops.com may link to third-party sites/services (e.g., Stripe checkout pages, Google Maps content). Your use of those services is governed by their privacy policies and terms. We are not responsible for third-party practices.

15) Your rights & how to exercise them

Submit a request: privacy@quillshops.com
Please specify your request (access, correction, deletion, portability, opt-out, etc.). We’ll verify your identity, then respond within the time required by applicable law.

Appeals (where applicable): If we deny your request, you may appeal by replying to our decision email with “APPEAL” in the subject. If you remain unsatisfied, you may contact your state or national data protection authority.

16) Specific product disclosures

  • Firebase/Google Cloud: hosting, authentication, Firestore database/storage, and analytics/diagnostics.
  • Geofencing & Maps: Google Maps/Places and iOS location services for pins, merchant search, and visit verification.
  • Messaging: Twilio Verify (SMS phone verification), Twilio SendGrid (email delivery).
  • Payments: Stripe for merchant deposits and funding; Quill does not store full card numbers.
  • Cash-outs (optional): if enabled, providers such as Tango Card (gift cards) or PayPal/Venmo; we share the minimal data needed to fulfill payouts.
  • WordPress (QuillShops.com): used for our merchant portal/marketing site; forms you submit there are received by us and/or our processors to set up or support your account.

17) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version and change the Effective date above. Material changes will be highlighted in-app or on the website where feasible.

18) How to contact us

Delver Sciences LLC
Denver, Colorado, USA
Email: privacy@quillshops.com