// Legal

Privacy Policy

Effective date: June 13, 2026 · Last updated: June 13, 2026

The short version: Qrynt processes your documents in memory only by default. We do not store, log, or sell your document content. Storage is strictly opt-in. You control your data and can delete it at any time.

1. Overview

Qrynt ("we", "us", "our") is a text reconstruction and document structuring service operated by Qrynt. This Privacy Policy explains how we collect, use, and protect information when you use our service at moonlit-grail-386316.web.app and through our API.

By using Qrynt, you agree to the practices described in this policy.

2. Data we collect

We collect the following categories of information:

      Account data
      Email address, authentication credentials (managed by Firebase Auth),
      account tier, and billing information (managed by Stripe).
      We never store payment card details directly.
    

      Usage data
      Request counts, timestamps, API key prefixes (not full keys),
      file formats processed, and session telemetry
      (segment counts, quality scores, processing times).
      We do not log document content in usage data.
    

      Technical data
      Hashed IP addresses (for free tier rate limiting),
      browser type, and error logs.
      Raw IP addresses are never stored — only SHA-256 hashes.
    

3. Document processing

Default behaviour — ephemeral processing: Documents submitted to Qrynt are processed in memory only. After processing is complete, the document content is not written to disk, not retained in any database, and not accessible after your session ends.

Opt-in storage (Pro and Team tiers only): If you explicitly enable document storage in your dashboard, processed documents are stored in Google Cloud Firestore under your account. You control the retention period (7, 30, or 90 days) and can delete any stored document at any time.

We do not use your document content to train models, improve our classifiers, or share with third parties. Document content is processed deterministically — no machine learning is applied to your data.

4. How we use data

We use the data we collect to:

Provide, operate, and improve the Qrynt service
Enforce rate limits and fair use policies
Process payments and manage subscriptions
Send transactional emails (account creation, billing receipts)
Detect and prevent abuse
Comply with legal obligations

We do not use your data for advertising, profiling, or sale to third parties.

We share data with the following third parties only as necessary to operate the service:

Google Firebase / Firestore — authentication and optional document storage. Google Cloud infrastructure in europe-west1 (Belgium).
Stripe — payment processing. Stripe handles all card data. We receive only subscription status and customer IDs.
Google Analytics — aggregate usage analytics on public pages. No document content is shared.

We do not sell, rent, or trade your personal data. We do not share data with advertisers.

6. Storage and retention

Account data is retained while your account is active and for 30 days after deletion for legal compliance purposes.

Usage data (request counts, telemetry) is retained for up to 12 months for billing and abuse prevention.

Document content is retained only if you have opted in to storage. Retention period is set by you (7, 30, or 90 days). Documents are automatically deleted when the retention period ends if auto-delete is enabled.

Hashed IP counters are reset daily and not retained beyond 48 hours.

7. Security

We implement the following security measures:

All data transmitted over TLS 1.2 or higher
API keys stored as SHA-256 hashes — never in plaintext
IP addresses stored as SHA-256 hashes — never in plaintext
Firebase Auth handles password storage and authentication
Cloud Run services run in isolated containers
Access to production systems limited to authorised personnel

No security system is perfect. If you discover a vulnerability, please contact us at qrynttech@gmail.com before public disclosure.

8. Your rights

Depending on your location, you may have the following rights under GDPR and other applicable laws:

Access — request a copy of your personal data
Correction — correct inaccurate data
Erasure — delete your account and all associated data
Portability — receive your data in a portable format
Objection — object to certain processing activities
Restriction — request restriction of processing

You can exercise most of these rights directly from your dashboard. For requests not covered by the dashboard, contact us at qrynttech@gmail.com. We will respond within 30 days.

9. Cookies

Qrynt uses minimal cookies:

Authentication cookies — set by Firebase Auth to maintain your session. Required for the service to function.
Analytics cookies — set by Google Analytics on public pages only. You can opt out via browser settings or the Google Analytics opt-out extension.

We do not use advertising cookies or cross-site tracking cookies.

10. Children

Qrynt is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to registered users at least 14 days before taking effect. The effective date at the top of this page reflects the most recent version.

Continued use of Qrynt after changes take effect constitutes acceptance of the updated policy.

12. Contact

Questions about this policy?

Email: qrynttech@gmail.com

We respond to privacy inquiries within 5 business days.