1. Who We Are
The Quiet Room is a digital SaaS product (web application) operated by JMClarity ("we", "us", "our"). This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it when you use our service at thequietroom.app.
2. Data We Collect
We collect the following categories of information:
- Account data: email address and authentication credentials when you sign up.
- Writing content: entries, collections, and associated metadata you create within the service. All writing content is encrypted at rest (see Section 6) but may be decrypted server-side for AI feature processing.
- Preferences data: settings you configure such as font size, writing reminder preferences, and cadence.
- Billing data: payment and transaction information is collected and processed by Polar (see Section 5). We do not store credit card numbers or full payment details on our servers.
- Usage data: feature usage metrics, AI companion interaction counts, visual generation counts, and session information to deliver and improve the service.
- Device and browser data: IP address, browser type, operating system, and referral source, collected automatically through standard web technologies.
3. How We Use Your Data
We use the data we collect to:
- Provide, maintain, and improve The Quiet Room.
- Process subscriptions and manage your account.
- Deliver AI-powered features including the thinking companion, visual companion, weekly growth digest, and collection insights (see Section 6).
- Send transactional emails (account verification, password reset, billing receipts).
- Send optional writing reminder emails (see Section 7).
- Monitor for abuse and enforce our Terms of Service.
- Generate anonymized, aggregated analytics to improve the product.
We do not sell your personal data to third parties. We do not use your writing content or generated output to train models for other customers.
4. Cookies
We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies.
5. Third-Party Processors
We share data with the following processors to operate the service:
- Polar processes payments, subscriptions, and receipts for paid plans. See the Polar privacy policy.
- OpenAI and Anthropic provide AI language models that power the thinking companion, weekly growth digest, and collection insights features. Decrypted entry content is sent to these providers via encrypted API connections (TLS) for processing. These providers do not use your content for model training.
- FAL provides image generation for the visual companion feature. Text prompts derived from your writing are sent to FAL to generate images. FAL does not receive or store your full entry content.
- Supabase provides authentication and database hosting.
- Vercel provides application hosting and serverless infrastructure.
- AWS provides additional infrastructure services.
Each processor is bound by their own privacy policies and data protection obligations.
6. Encryption and AI Processing
All writing content (entries, titles, and associated text) is encrypted at rest using AES-256-GCM with per-user derived encryption keys. Your entries are unreadable in the database without your key.
Content is decrypted server-side only when needed for:
- Displaying your entries to you in the editor.
- AI thinking companion responses (when you request feedback on your writing).
- Visual companion generation (a text prompt derived from your entry is sent to the image generation provider).
- Weekly growth digest and collection insights analysis.
Decrypted content is transmitted to AI providers exclusively over encrypted connections (TLS). AI providers process your content in real-time and do not retain it for training purposes.
You can turn off automated AI in Settings (companion notes, weekly digest, and collection insights). With that off, we do not queue those background jobs. Your entries stay encrypted at rest and are only decrypted for display. Optional features you start yourself in the editor (for example thinking companion or image generation) still send content to providers only when you use them.
7. Email Communications
We send the following types of emails from no-reply@thequietroom.app:
- Transactional emails: account verification, password reset, and other account-related communications. These are necessary for the operation of the service and cannot be disabled.
- Writing reminders: periodic emails encouraging you to write, enabled by default. You can disable these at any time in your Settings page.
We do not send marketing emails to non-users or sell your email address to third parties.
8. Data Retention
We retain your account and usage data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it longer (for example, financial records for tax purposes).
9. Security
We use industry-standard measures to protect your data, including AES-256-GCM encryption at rest for all writing content, encrypted connections (TLS) for data in transit, secure credential storage, and access controls. No system is perfectly secure; we cannot guarantee absolute security but take reasonable steps to protect your information.
10. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Object to or restrict certain processing.
- Request a portable copy of your data.
To exercise any of these rights, contact us at support@thequietroom.app. We will respond within 30 days.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a notice on the service. Your continued use after changes take effect constitutes acceptance of the revised policy.