Privacy Policy.

QED is built around a single principle: the minimum data, the minimum scope, the minimum time. We collect only what we need to operate the Service, we request only the OAuth scopes the feature requires, and we delete what we no longer need.

This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. If anything here is unclear, write to us at privacy@qed.gg.

We collect information in three categories:

Account information. When you create a QED account, we collect your name, email address, password hash, and basic profile data. If you sign in via a third-party identity provider, we receive the information that provider shares.

Connected mailbox content. When you connect an email account, we access messages, drafts, attachments, contacts, calendar events, and metadata from that mailbox to provide the Service. Content is fetched at your direction and processed on your behalf.

Usage and device data. We collect limited diagnostic and telemetry data, including device type, OS version, app version, error reports, and feature-use counters. We do not log message bodies, search queries, or AI prompts in our analytics pipelines.

We use the information we collect to:

• Operate, maintain, and secure the Service.
• Authenticate you and prevent fraud or abuse.
• Process messages, run search, and surface AI-assisted features.
• Provide customer support and respond to your requests.
• Send service-related notices, security alerts, and billing receipts.
• Improve the reliability and quality of the Service.

We do not use your message content, contacts, or AI-feature prompts to train general-purpose machine-learning models. We do not sell your personal information.

Wherever practical, QED stores data on your device rather than on our servers. Your full-text search index, drafts in progress, and cached message bodies live in encrypted local storage on the machine where you installed the application. OAuth tokens and IMAP passwords are stored in the operating system’s secure enclave (Keychain on macOS, Credential Manager on Windows, libsecret on Linux).

Server-side, we keep only what we need to keep the Service working across devices: account metadata, sync state, billing records, and short-lived caches required for AI features.

When you use AI-assisted features such as drafting, summarization, or agent handoff, the relevant message content is sent to a model provider for processing. We use enterprise tiers from established AI vendors that contractually agree not to retain or train on the data we send them.

Agent handoff invokes an autonomous browser session. The agent sees only the data you authorize for the task. Agent activity is logged in a per-task audit trail that you can review and revoke at any time.

You may disable AI features entirely from Preferences → AI.

The QED web application uses strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies and we do not embed third-party tracking pixels in the application.

Open-tracking and click-tracking pixels in outbound mail are off by default. You may enable them on a per-message basis when composing.

We share personal information only with the parties below, and only as needed:

• Email providers. Gmail, Outlook, and IMAP/SMTP servers, to send and receive your messages.
• Infrastructure providers. Supabase and Cloudflare for database, storage, edge compute, and content delivery.
• AI providers. Anthropic and other model vendors, under zero-retention agreements, to power AI-assisted features.
• Payment processors. Stripe to process subscription payments. We never store full payment-card numbers.
• Legal and safety. When required by law, court order, or to protect the rights, safety, and property of QED or others.

We do not sell, rent, or trade your personal information to third parties for marketing.

We retain account data for as long as your account is active. When you delete your account, we delete or de-identify your personal information within 30 days, except where retention is required for legal, accounting, or fraud-prevention purposes.

You may export your QED data at any time from Preferences → Data.

We use industry-standard administrative, technical, and physical safeguards to protect your information, including TLS in transit, encryption at rest, secure secret storage, and the principle of least privilege for internal access. We perform regular security reviews and have a responsible-disclosure program at security@qed.gg.

No system is perfectly secure. If we discover a breach that affects you, we will notify you in accordance with applicable law.

Depending on where you live, you may have rights under the GDPR, CCPA, or similar laws to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your personal data.
• Object to or restrict certain processing.
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.

You can exercise most of these rights directly from Preferences → Data or by writing to privacy@qed.gg.

QED is based in the United States. By using the Service, you understand that your information may be transferred to and processed in the United States and other jurisdictions where our infrastructure providers operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the Service before the changes take effect. The “Effective” date at the top of this page indicates when this policy was last revised.

Questions about this Privacy Policy or our data practices may be sent to privacy@qed.gg.