Privacy Policy

Last Updated: 10/04/25

1. INTRODUCTION

Quos ("we," "our," "us") operates a mobile-first web application ("Service") that provides joke and prank content in the form of dialogue or action-based instructions for entertainment purposes. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with applicable privacy laws, including the Virginia Consumer Data Protection Act (VCDPA), California Consumer Privacy Act (CCPA), and General Data Protection Regulation (GDPR).

2. INFORMATION WE COLLECT

2.1 Account Information

Email address, username, and securely hashed passwords
Google OAuth information when using Google authentication
Profile information you choose to provide
Age verification data (to confirm 16+ eligibility)

2.2 User Activity and Preferences

Meme categories and styles you select
Content preferences and customization choices
Favorite or saved memes
Usage patterns and interaction history

2.3 Technical and Usage Data

IP address, device information, browser type, and operating system
Application interactions, feature usage, and performance analytics
Session information and access logs
Error logs and diagnostic data

2.4 Payment and Subscription Information

Subscription status and billing cycle information
Payment processing is handled by third-party providers (such as Stripe)
We do not store complete credit card information on our systems
We retain transaction records, billing history, and subscription dates

2.5 Cookies and Tracking Technologies

Essential cookies for authentication and service functionality
Analytics cookies to understand usage patterns and improve the Service
Local storage for user preferences and application state
Session tokens and security identifiers

3. HOW WE USE YOUR INFORMATION

We process your information for the following purposes:

Providing and maintaining the Service
Authenticating users and managing accounts
Processing subscription payments and managing billing
Customizing content recommendations based on your preferences
Detecting and preventing abuse, fraud, and security threats
Analyzing usage trends and optimizing Service performance
Communicating with users about Service updates, billing, and support
Enforcing our Terms of Service and acceptable use policies
Complying with legal obligations and protecting our rights
Improving content quality and developing new features

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Union, our legal bases for processing include:

Contract performance: Processing necessary to provide the Service and manage subscriptions
Legitimate interests: Improving the Service, preventing fraud, ensuring security, and analyzing usage
Consent: Where you have provided explicit consent for specific processing activities
Legal obligations: Compliance with applicable laws and regulations

5. INFORMATION SHARING AND DISCLOSURE

5.1 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties.

5.2 Service Providers

We may share limited information with trusted third-party service providers who assist in:

Hosting and infrastructure services
Analytics and performance monitoring
Payment processing and subscription billing (e.g., Stripe)
Email delivery and communications
Security and fraud prevention
Customer support tools

All service providers are contractually obligated to protect your information and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information when required by law, legal process, or to:

Comply with valid legal requests, subpoenas, or court orders
Protect the rights, property, or safety of Quos, our users, or the public
Investigate potential violations of our Terms of Service
Respond to claims of illegal activity, harassment, or policy violations
Cooperate with law enforcement or regulatory authorities

5.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, user information may be transferred as part of the transaction. Users will be notified of any such change via email or prominent notice on the Service at least 30 days in advance.

5.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you for research, analytics, or business purposes.

6. CONTENT RESPONSIBILITY AND DISCLAIMERS

6.1 User Activity

Users are fully responsible for how they use meme content with others
We do not monitor or control how users apply jokes or pranks in real-world situations
We do not pre-review or endorse specific meme content choices

6.2 Prohibited Uses

Misuse of the Service for harassment, bullying, stalking, threats, or any unlawful purpose is strictly prohibited and may result in:

Account suspension or termination
Reporting to law enforcement
Cooperation with legal proceedings

6.3 Content Moderation

We reserve the right to:

Review reported content for Terms of Service violations
Remove content that violates our policies or applicable laws
Suspend or terminate accounts for repeated violations
Implement automated filtering for prohibited content

7. DATA RETENTION

7.1 Retention Periods

We retain personal information only as long as necessary to:

Provide the Service and fulfill the purposes outlined in this Policy (active accounts)
Comply with legal obligations, tax requirements, and resolve disputes (typically 7 years)
Maintain security logs and prevent fraud (up to 2 years)
Process subscription billing and refund requests (up to 1 year after cancellation)

7.2 Account Deletion

You may request deletion of your account and personal data at any time by contacting privacy@quos.app
Upon deletion request, we will remove your data within 30 days, except where retention is legally required
Some anonymized usage data may be retained for analytics purposes
Deleted accounts cannot be recovered

7.3 Inactive Accounts

Accounts inactive for more than 2 years may be automatically deleted after email notification.

8. DATA SECURITY

8.1 Security Measures

We implement appropriate technical and organizational security measures, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure password hashing using industry-standard algorithms
Multi-factor authentication options
Row-level security (RLS) through our database provider
Regular security assessments and vulnerability monitoring
Access controls and authentication protocols
Secure payment processing through PCI-DSS compliant providers

8.2 Security Limitations

Despite our security measures, no online platform can guarantee 100% security. You acknowledge and accept the inherent risks of internet-based services. You are responsible for:

Maintaining the confidentiality of your account credentials
Using strong, unique passwords
Logging out of shared devices
Promptly reporting suspicious activity

9. CHILDREN'S PRIVACY

9.1 Age Restrictions

The Service is intended for users 16 years of age and older. We do not knowingly collect personal information from individuals under 16.

9.2 Parental Rights

If we discover that a user under 16 has provided personal information, we will:

Promptly delete their account and associated data
Notify the email address on file (if applicable)
Block further access to the Service

Parents or guardians who believe their child has provided information to us should contact privacy@quos.app immediately.

9.3 Verification

We may request age verification for accounts where we suspect the user may be under 16.

10. YOUR PRIVACY RIGHTS

10.1 General Rights

You have the right to:

Access your personal information and obtain a copy
Correct inaccurate or incomplete data
Delete your personal data (subject to legal retention requirements)
Object to or restrict certain processing activities
Data portability (receive your data in a structured, machine-readable format)
Withdraw consent where processing is based on consent

10.2 California Residents (CCPA/CPRA)

California residents have additional rights including:

Right to know what personal information is collected, used, and shared
Right to delete personal information
Right to correct inaccurate personal information
Right to opt-out of the sale or sharing of personal information (we do not sell data)
Right to limit use of sensitive personal information
Right to non-discrimination for exercising privacy rights
Shine the Light Law: California residents may request information about third-party disclosures for direct marketing (we do not share data for this purpose)

10.3 Virginia Residents (VCDPA)

Virginia residents have rights including:

Right to access and data portability
Right to correct inaccuracies
Right to delete personal data
Right to opt-out of targeted advertising (we do not engage in targeted advertising)
Right to opt-out of profiling in furtherance of decisions with legal or similarly significant effects
Right to appeal our decision regarding your rights request

10.4 European Union Residents (GDPR)

EU residents have rights including:

Right of access and data portability
Right to rectification and erasure ("right to be forgotten")
Right to restrict or object to processing
Right to withdraw consent at any time
Right to lodge complaints with supervisory authorities (see Section 15.3)
Right not to be subject to automated decision-making or profiling

10.5 Other Jurisdictions

Residents of other jurisdictions may have additional privacy rights under local laws. Contact us to learn about rights applicable to your location.

11. EXERCISING YOUR RIGHTS

11.1 How to Submit Requests

To exercise your privacy rights, contact us at privacy@quos.app with:

Your full name and email address associated with your account
Specific rights you wish to exercise (e.g., "delete my account," "access my data")
Any additional information needed to verify your identity
Preferred format for data delivery (if requesting data portability)

11.2 Verification Process

To protect your privacy, we must verify your identity before processing requests. We may:

Send a verification email to your registered address
Request answers to security questions
Ask for additional identifying information

11.3 Response Time

We will respond to verified requests within:

30 days for most requests
45 days for complex requests (with notification of extension)
Timeframes required by applicable law (GDPR: 30 days, CCPA: 45 days)

11.4 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must provide:

Written authorization signed by you
Proof of their identity
Verification of your identity

11.5 Fees

We do not charge fees for most privacy requests. However, we may charge a reasonable fee for:

Excessive or repetitive requests
Requests requiring disproportionate technical effort
Additional copies of data beyond the first copy

12. INTERNATIONAL DATA TRANSFERS

12.1 Data Location

Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws different from your jurisdiction.

12.2 Safeguards

We implement appropriate safeguards for international transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other legally recognized transfer mechanisms

12.3 EU-US Data Transfers

For EU residents, we ensure compliance with GDPR requirements for international data transfers and provide appropriate safeguards.

13. DO NOT TRACK SIGNALS

Some browsers support "Do Not Track" (DNT) signals. Our Service does not currently respond to DNT signals because there is no universal standard for handling them. We will update this Policy if industry standards develop.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Updates

We may update this Privacy Policy periodically to reflect:

Changes in our practices or features
Legal or regulatory requirements
Security improvements
User feedback

14.2 Notification

Material changes will be communicated through:

Email notifications to registered users (at least 30 days in advance)
In-app notifications
Prominent notices on our website
Updated "Last Updated" date at the top of this Policy

14.3 Your Options

If you do not agree to updated terms:

You may delete your account before the changes take effect
You may contact us with concerns at privacy@quos.app
Your continued use after the effective date constitutes acceptance

15. CONTACT INFORMATION

For questions about this Privacy Policy or our privacy practices:

Email: michael@quos.app

By using Quos, you acknowledge that you have read, understood, and agree to this Privacy Policy.