This privacy policy describes how we collect, use, share, and otherwise process your personal data in connection with your use of:
Quince Chat is rated 17+ on the App Store and is intended for use only by persons aged 17 or older. We do not knowingly collect personal information from minors. If you believe we might have unintentionally collected data from or about a minor, please contact us and we will promptly delete such data from our records.
Please read the following carefully to understand our practices regarding your personal data and how we treat it.
GORAN OU is the data controller and is responsible for your personal data ("Company", "we", "us", or "our" in this Policy). GORAN OU is a company registered in Estonia, EU.
Full name of legal entity: GORAN OU
Contact: contact form
Postal address: Suur-Sojamae tn 6, 11415, Tallinn, Estonia
You have the right to make a complaint at any time to a data protection supervisory authority applicable to your jurisdiction.
As a company registered in Estonia, EU, we comply with the General Data Protection Regulation ("GDPR") and the Estonian Personal Data Protection Act. For users in the United Kingdom, we also comply with UK GDPR. Where US state privacy laws apply to you, see Section 14.
We regularly review this privacy policy. If we introduce changes, we will post them on this page and notify you via push notification, email, or when you next open the App. You may be required to read and acknowledge material changes to continue using the App or the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
We collect only the data that is necessary for the purposes described in this Privacy Policy. The personal data we collect will depend on the App you use and how you use it.
We collect data in three ways: data you provide to us; data we collect automatically; and data we receive from our partners.
If you contact us via email or another direct communication channel, we may collect:
If you subscribe to an App directly through the Company:
If you use AI-powered features within an App:
When you use our App or Services, we may automatically collect:
App Store platforms. When you purchase a subscription through the Apple App Store or Google Play Store, we do not access, collect, or store your financial data such as your credit card number. You provide payment details directly to the relevant platform. We may receive limited non-financial transaction data, such as a transaction ID, purchase token, currency, plan type, and purchase date ("Purchase Data"). Post-purchase processes are controlled by the platforms. We encourage you to review the privacy policies of Apple and Google before subscribing.
Web payment processor. If you subscribed via quince.chat (web), your payment was processed by our web billing partner. We do not process or store web payment card data.
We will only collect and use your personal data when we have a lawful basis to do so. Most commonly, we will use your personal data on the following bases:
| Purpose or activity | Type of personal data | Lawful basis |
|---|---|---|
| Install the App, register you as a user, recognise you on return, and deliver core Services | User ID / IP Address; Purchase Data or Transaction Data | Performance of a contract |
| Send subscription auto-renewal notifications and receipts | User ID; Contact data; Transaction Data | Performance of a contract / Legal obligation |
| Respond to support requests | Contact data; User ID; Device and OS data; Subscription data | Performance of a contract |
| Operate AI-powered features and deliver AI-generated responses to you | AI Input Data; User ID | Performance of a contract |
| Diagnose App crashes and technical issues | Crash logs; Device data; App version | Legitimate interests (maintaining App quality) |
| Improve the App based on aggregated, anonymised usage patterns | Anonymised usage events | Legitimate interests (improving our Services) |
| Apply security measures and prevent fraud and abuse | All personal data under this policy | Legal obligation / Legitimate interests (protecting our business and users) |
| Comply with tax, accounting, and other legal obligations | All personal data under this policy | Legal obligation |
| Notify you of changes to the App, Services, or these policies | User ID; Contact data (if available) | Performance of a contract |
| Respond to your requests to exercise your data subject rights | As relevant to your request | Legal obligation |
We do not use your personal data for behavioural advertising, sell it to third parties, or share it with data brokers.
Some of our Apps include AI-powered features (such as AI-generated suggestions, content creation assistance, smart recommendations, or similar functionality). This section explains how we handle data in connection with those features.
When you use an AI feature, the text, images, or other content you submit as input ("AI Input Data") is sent to a third-party AI model provider to generate a response. The response is delivered to you within the App. The App's specific in-app description or onboarding will identify which AI provider powers each feature.
We use the OpenAI API (ChatGPT) to power AI features in our Apps. OpenAI processes your AI Input Data solely to generate the requested output and acts as our data processor under a data processing agreement. Under OpenAI's API usage policy, data submitted via the API is not used to train OpenAI's models by default. You can review OpenAI's enterprise privacy commitments at openai.com/enterprise-privacy.
Your AI Input Data is not used to train AI models without your explicit prior consent. We do not use the content you submit to AI features for our own model training purposes.
You should not submit the following through AI features in our Apps:
AI-generated outputs may be inaccurate, incomplete, or inappropriate. You are responsible for reviewing and verifying any AI-generated content before relying on it. AI outputs do not constitute professional advice (legal, financial, medical, or otherwise).
We retain AI Input Data only for as long as necessary to deliver the requested output and for a short operational period thereafter for debugging and quality purposes, as described in Section 12. We do not maintain long-term conversation histories linked to your identity unless the App explicitly offers and you enable a memory or history feature.
We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you or have similarly significant effects, except where required by law or where you have given explicit consent.
AI-generated suggestions and recommendations within our Apps are presented to you as inputs to assist your own decision-making. No automated decision replaces your control over your actions within the App.
We do not intentionally collect criminal offence data about you. However, we may process information relating to suspected criminal activity in monitoring the use of our Apps for security purposes - for example, where we suspect a fraudulent purchase or an attempt to circumvent the security of an App or Service. In such circumstances, we will provide that information to law enforcement and/or use it to establish, exercise, or defend a legal claim, relying on legitimate interests and legal obligation as our lawful basis.
We do not knowingly collect special categories of personal data such as data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify a person, data concerning health, or data concerning a person's sex life or sexual orientation.
You should not submit special category data through AI features or support channels. If we become aware that special category data has been submitted unintentionally, we will delete it promptly.
We share personal data with third parties only where we have a lawful basis to do so or where those third parties process data on our behalf under a data processing agreement that restricts further use.
| Recipient | Purpose | Data shared |
|---|---|---|
| Amazon Web Services, Inc. (AWS) Privacy Policy |
Cloud infrastructure - hosting, storage, and computing services for our Apps and backend systems. | All data categories necessary to operate the App |
| Apple Inc. / Google LLC (App Store / Google Play) |
In-app subscription billing and purchase processing. These platforms act as independent controllers for payment data collected directly from you. | Purchase Data (transaction ID, purchase token, plan type) |
| OpenAI, L.L.C. (OpenAI) Privacy Policy |
AI model processing - powering AI features within our Apps via the OpenAI API (ChatGPT). OpenAI processes AI Input Data as our data processor under a data processing agreement. OpenAI does not use your data submitted via API to train its models by default. You can learn more at openai.com/enterprise-privacy. | AI Input Data you submit to AI features |
| Crash reporting and analytics providers | Crash diagnostics and aggregated, anonymised usage analytics to improve App quality. | Crash logs; device data; anonymised usage events |
| Regulators, law enforcement, and public authorities | Where required to comply with a legal obligation or exercise or defend legal claims. | As required by law |
We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers, data brokers, or any party not listed in this policy without first updating this policy.
GORAN OU is based in Estonia, EU. Our service providers — including cloud infrastructure and AI model providers — may be located in the United States and other countries outside the European Economic Area and the United Kingdom.
Whenever we transfer personal data from the EEA or UK to a third country not deemed adequate by the European Commission or UK authorities, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards recognised under UK law, to protect your data.
Reach us via the contact form if you would like further information about the specific safeguards used for international transfers.
We implement appropriate technical and organisational measures to protect your personal data from loss, unauthorised access, alteration, or disclosure:
No transmission over the internet is 100% secure. While we take every reasonable precaution, we cannot guarantee the absolute security of data transmitted to our Apps or Services. We have procedures in place to detect, investigate, and respond to suspected data breaches and will notify affected individuals and regulators where required by law.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations.
| Data type | Retention period |
|---|---|
| Account and user ID data | Duration of active account + 90 days after deletion request |
| AI Input Data (session inputs) | Up to 30 days for operational and debugging purposes, then deleted. Longer if you have enabled an in-App history or memory feature. |
| Crash logs and diagnostic data | 90 days, then deleted |
| Anonymised usage analytics | 12 months, then aggregated further and retained indefinitely in non-identifiable form |
| Subscription and transaction records | Duration of subscription + 7 years for tax and accounting compliance |
| Support correspondence | 3 years from ticket close date |
| IP address logs | 30 days, then deleted |
Once we no longer have a lawful basis to retain your personal data, we will delete it or irreversibly anonymise it. Anonymised data may be retained and used indefinitely for research or statistical purposes without further notice.
Under applicable data protection law, you may have the following rights regarding your personal data:
For Hong Kong residents, you have equivalent rights under the PDPO, including the right to access and correct personal data we hold about you.
Send a request via the contact form, mentioning the subject line "Data Request - [Right type]" (e.g., "Data Request - Deletion"). We aim to respond within 30 calendar days. We may verify your identity using information already associated with your account.
There is no fee for a standard request unless it is manifestly unfounded, repetitive, or excessive.
You may request deletion of your account and associated personal data by submitting a request via the contact form with the subject "Delete my account". Where the App includes an in-app account deletion feature, you may also use it directly.
If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU/EEA authorities is available at edpb.europa.eu. Estonian residents may contact the Estonian Data Protection Inspectorate (AKI). UK-based users may contact the Information Commissioner's Office at ico.org.uk.
This section applies to residents of US states that have enacted state privacy laws, including California, Virginia, Colorado, Connecticut, Texas, Utah, and Oregon ("US Privacy Laws").
We will respond to your request within 45 days. In more complex cases, we may extend our response time by an additional 45 days and will inform you of the extension. We reserve the right to verify your identity before processing your request.
If you are a Virginia, Colorado, or Connecticut resident, you have the right to appeal our decision to deny a rights request by contacting us via the contact form.
We do not sell personal data of our users.
For any questions about this privacy policy or to exercise your rights, please contact:
GORAN OU
Suur-Sojamae tn 6, 11415, Tallinn, Estonia
contact form
