Privacy Policy
Quill is an end-to-end encrypted private messaging application published by Clare Infotech. Quill is designed so that we cannot read your messages, calls, or files — encryption keys live only on your devices. This page explains exactly what data the Quill apps and the Quill server handle, and what they do not.
1. What we collect on the server
The Quill server stores the minimum information needed to deliver messages between devices:
- Account: the username your administrator created for you, and a salted Argon2id hash of your password. We never store your password in clear text.
- Public cryptographic keys: identity keys, signed prekeys, and one-time prekeys that other users need in order to send you encrypted messages (Signal Protocol X3DH).
- Encrypted message envelopes: when a recipient is offline, encrypted message blobs are queued on the server and automatically deleted after delivery or expiry. The server cannot read the contents.
- Device registration: a per-device identifier and, if you have push notifications enabled, an opaque push token (FCM for Android, WNS for Windows, APNs for iOS). Tokens are used only to wake your device when a new encrypted message is waiting; they do not contain message content.
- Connection metadata: IP address, timestamps, and a small audit log of authentication and administrative actions. Used only for security, debugging, and rate limiting.
The server does not store: your message text, voice messages, photos, files, call audio/video, contact lists, location, or any data Quill considers content. Those are encrypted on your device and only your intended recipients can decrypt them.
2. What permissions the apps ask for, and why
- Camera: to take photos and to make encrypted video calls. Captured media is encrypted on your device before transmission.
- Microphone: to record voice messages and to make encrypted voice / video calls.
- Photo library: to let you pick existing photos to share. Quill only reads photos you explicitly select.
- Location: only when you choose to share your location in a chat. Quill never tracks your location in the background.
- Notifications: to alert you to incoming messages and calls. Notification payloads contain only sender and conversation identifiers, never message content.
- Biometrics / device passcode: handled entirely by your operating system; Quill receives only a yes/no result and never your fingerprint or face data.
3. End-to-end encryption
All chat messages, files, voice messages, and live calls in Quill use end-to-end encryption. Messages use the Signal Protocol (X3DH for key agreement and the Double Ratchet for forward secrecy). Voice and video calls use DTLS-SRTP. Encryption keys are generated and stored only on your devices. The Quill server relays encrypted bytes; it does not have, derive, or hold the keys needed to decrypt them.
4. How we share data
We do not sell, rent, or share your data with advertisers, data brokers, or analytics companies. The Quill apps contain no third-party advertising or tracking SDKs.
The only third parties involved in normal operation are the platform push services that wake your device for new messages:
- Firebase Cloud Messaging (Google) on Android.
- Windows Notification Service (Microsoft) on Windows.
- Apple Push Notification service on iOS.
These services only see opaque device tokens and a small wake-up payload. They never see message content because messages are end-to-end encrypted.
5. Data retention
- Account records and public keys remain until your administrator deletes your account.
- Encrypted offline messages are deleted as soon as they are delivered, and in any case auto-purge from the server queue after a short retention window.
- Audit and security logs are retained for as long as necessary for operational security, then rotated.
- Your administrator can permanently destroy all server-side data at any time using Quill's built-in destroy-everything action.
6. Local storage on your device
The Quill apps store conversations, attachments, and your private keys locally in an encrypted SQLite database (SQLCipher). You can choose Ephemeral mode in settings, which keeps no message history on disk. Uninstalling the app permanently deletes the local database and all keys it contains.
7. Your rights
Because Quill is operated as a private messenger for the people your administrator authorises, the most reliable way to exercise data rights (access, correction, deletion) is to ask your administrator. You can also contact us directly using the details below.
8. Children
Quill is intended for business communication and is not directed at children under 13 (or the equivalent minimum digital-consent age in your jurisdiction). We do not knowingly collect data from children.
9. Changes
If we change this policy, we will update the date at the top and, for material changes, post a notice in the app.
10. Contact
Clare Infotech
Email: support@clareinfotech.com