QurioLens

Privacy Policy

Last Updated: January 30, 2026

1. Introduction

QurioLens ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using QurioLens, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information that you provide directly to us, including:

  • Email Address: Used for account authentication, communication, and password recovery (collected via Supabase Auth)
  • Name: Your first and last name, if provided during registration or profile setup
  • Phone Number: Optional information that you may provide in your account profile
  • Account Credentials: Passwords are securely hashed and stored by Supabase Auth. We do not have access to your plain-text password.

2.2 User Content

When you use our Service, we collect and store:

  • Postcard Images: Images of postcards (front and back) that you upload for processing
  • Processed Data: AI-extracted text, metadata, and other information generated from your uploaded images
  • Batch Information: Details about your processing batches, including titles, settings, and export preferences

2.3 Usage Information

We automatically collect certain information about how you use the Service, including:

  • Usage logs (number of postcards processed, batches created, etc.)
  • Subscription tier and billing information
  • Credit balance and transaction history
  • IP address and browser information (for security and analytics purposes)
  • Device information and access timestamps

2.4 Payment Information

Payment information is collected and processed by Stripe, our third-party payment processor. We do not store your full credit card number or payment card details. We only receive and store:

  • Payment method type (e.g., credit card, debit card)
  • Billing address (if provided)
  • Transaction history and subscription status

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process your postcard images using AI technology, extract text and metadata, and generate exportable data
  • Maintain Your Account: Authenticate your identity, manage your subscription, track usage, and provide customer support
  • Improve the Service: Analyze usage patterns, identify technical issues, and enhance AI model performance (subject to your consent and our data processing practices)
  • Communicate with You: Send you service-related notifications, respond to your inquiries, and provide important updates about the Service
  • Process Payments: Handle subscription billing, manage credits, and process transactions through Stripe
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access to the Service
  • Comply with Legal Obligations: Meet legal requirements, respond to legal requests, and enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your information for advertising purposes or share it with advertisers.

4. Third-Party Service Providers

We use third-party service providers to help us operate the Service and process your data. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

4.1 Authentication & Database (Supabase)

We use Supabase for user authentication and database storage. Supabase processes and stores:

  • Your account credentials (email, hashed passwords)
  • User profile information
  • Uploaded images and processed data
  • Usage logs and batch information

Supabase's privacy practices are governed by their Privacy Policy. Data is stored in secure, encrypted databases with access controls.

4.2 Payment Processing (Stripe)

We use Stripe to process subscription payments and manage billing. Stripe collects and processes:

  • Payment card information (encrypted and tokenized)
  • Billing address
  • Transaction history

Stripe is PCI-DSS compliant and handles all payment card data according to industry security standards. Stripe's privacy practices are governed by their Privacy Policy.

4.3 AI Processing (LLM Providers)

We use third-party AI/LLM providers (including Google Generative AI/Gemini) to process your images and extract information. When processing your images:

  • Your images are transmitted to the AI provider's servers for analysis
  • The AI provider processes the images to extract text, metadata, and other information
  • Processed results are returned to our Service and stored in your account

AI providers may retain images and processing data according to their own privacy policies and data retention practices. We recommend reviewing the privacy policies of our AI service providers.

4.4 Email Services

We use Resend and other email service providers to send transactional emails, notifications, and service updates. These providers process your email address and may track email delivery and engagement for service improvement.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted using industry-standard encryption methods
  • Access Controls: We use authentication and authorization mechanisms to restrict access to your data to authorized personnel only
  • Secure Infrastructure: Our Service and data are hosted on secure cloud infrastructure with regular security updates and monitoring
  • Regular Security Audits: We conduct regular security assessments and updates to address potential vulnerabilities

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Account Information: We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your account information, subject to legal retention requirements
  • User Content (Images): We store your uploaded postcard images to allow you to view your processing history and access past results. Images are retained until you delete them or your account is terminated
  • Processed Data: AI-extracted text, metadata, and batch information are stored to enable you to access and export your data. This data is retained until you delete it or your account is terminated
  • Usage Logs: We retain usage logs for analytics and billing purposes. Logs may be retained for up to 2 years after account termination
  • Payment Records: Payment and transaction records are retained as required by law (typically 7 years for tax and accounting purposes)

You can delete your User Content and processed data at any time through your dashboard. Upon account termination, we will delete your data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You have the right to access your personal information and request a copy of your data. You can view and export your processed data through your dashboard.

7.2 Correction

You can update your account information (name, email, phone) at any time through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information. You can:

  • Delete individual batches and postcard images through your dashboard
  • Request deletion of your entire account by contacting us at support@quriolens.com

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., payment records, legal compliance).

7.4 Objection and Restriction

You have the right to object to certain processing of your information or request restriction of processing. Contact us to exercise these rights.

7.5 Data Portability

You can export your processed data in CSV format through your dashboard at any time.

8. Children's Privacy

QurioLens is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries. We take appropriate measures to ensure your information receives adequate protection in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@quriolens.com