Privacy Policy

This Privacy Policy explains how Quill collects, uses, and shares information when you use our non-custodial invoicing Service. By using Quill you agree to this Policy.

• Account data — name, email, profile picture (via Google sign-in), business name, country, default currency.
• Invoice data — invoice numbers, line items, amounts, client names and emails you enter, due dates, notes.
• Wallet data — public crypto wallet addresses you choose to associate with your Quill account. We never collect or store private keys or seed phrases.
• Payment confirmations — public on-chain transaction hashes and confirmation status fetched from public block explorers.
• Billing data — handled by our third-party payments provider. Quill stores a customer/subscription ID and your current tier, not card details.
• Usage logs — IP address, user agent, request timestamps, basic device info for security and reliability.

We do not collect private keys, seed phrases, KYC documents, social security numbers, or full payment card data. We do not custody funds.

• To provide, secure, and improve the Service.
• To send transactional emails (invoice receipts, payment confirmations) which you can toggle in Settings.
• To process subscription payments via our billing provider.
• To detect abuse, fraud, and violations of our Terms.
• To comply with legal obligations.

We do not sell your personal data.

We share data with service providers only as needed to run the Service:

• Google (authentication)
• Resend (transactional email)
• Our SaaS billing provider (subscription payments)
• Public block explorers (mempool.space, Etherscan, Solscan) — only public wallet addresses and tx hashes
• Cloud infrastructure providers (hosting, database)

We may also disclose information when required by law or to protect rights and safety.

Crypto wallet addresses and transactions you process through Quill are recorded on public blockchains. Anyone can view this information; Quill cannot delete or anonymize on-chain data.

We retain account, invoice, and billing data for as long as your account is active and for a reasonable period afterwards for legal, tax, and audit purposes. You can request deletion of your account by emailing privacy@quillpay.org.

Depending on your jurisdiction (e.g. GDPR/EEA, UK, California, Brazil), you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to lodge a complaint with a supervisory authority. To exercise these rights, email privacy@quillpay.org.

Quill uses a session cookie and a local-storage token to keep you signed in. We do not use third-party advertising cookies.

We use industry-standard security controls (HTTPS, encrypted storage, scoped API credentials). No system is 100% secure; you use the Service at your own risk and are responsible for protecting your wallet credentials.

The Service is not directed to anyone under 18, and we do not knowingly collect data from them.

Your data may be processed in countries other than your own. Where required, we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.

We may update this Policy. Material changes will be communicated through the Service or by email. The "Last updated" date above shows the latest revision.

For privacy questions, email privacy@quillpay.org.