← Back to Qopy

Privacy Policy

1. Introduction

This Privacy Policy describes how Qopy ("we," "our," or "us") collects, uses, and protects your personal information when you use our military-grade secure text sharing service (the "Service"). Qopy is a web-based, open-source text sharing platform that prioritizes privacy and security through zero-knowledge client-side encryption with hybrid security architecture.

2. Information We Collect

2.1 Shared Content

• What we collect: Qopy allows you to share text content temporarily through our web service.
• Military-grade client-side encryption: All content is encrypted in your browser using AES-256-GCM with PBKDF2 key derivation before being transmitted to our servers.
• Zero-knowledge architecture: We literally cannot see your plain text content - only encrypted data is stored in our database.
• Hybrid security: URL secrets and passwords are combined for defense in depth protection.
• Duration: Content is automatically deleted after your chosen expiration time (5 minutes to 24 hours).
• Quick Share mode: 4-character codes for ultra-fast sharing with simplified security.

2.2 Service Usage Data

• Anonymous statistics: We collect basic, anonymous usage statistics (number of clips created, access patterns) to improve our service.
• No content analysis: We never analyze, read, or mine the content you share.
• Rate limiting data: We temporarily process IP addresses for rate limiting purposes to prevent abuse and ensure fair service usage. This data is not stored permanently and is only used to enforce usage limits.
• Error reporting: In the event of service errors, anonymous diagnostic information may be collected to help resolve issues.

2.3 Technical Information

• Browser information: Basic browser type and version to ensure compatibility and optimize performance.
• Service version: The version of Qopy service you are using to provide updates and support.
• Encryption support: Information about your browser's encryption capabilities to ensure secure content sharing.

3. How We Use Your Information

3.1 Primary Functions

• Secure text sharing: To provide the core functionality of sharing text content securely and temporarily.
• Client-side encryption: To encrypt your content in the browser before transmission to our servers.
• Automatic expiration: To automatically delete content after your chosen time period.
• Password protection: To provide optional password protection for sensitive content.

3.2 Service Improvement

• Performance optimization: To identify and resolve performance issues and improve application speed.
• Feature development: To understand user needs and develop new features that enhance the user experience.
• Bug fixes: To identify and resolve software bugs and technical issues.

3.3 Communication

• Updates and notifications: To inform you about important updates, security patches, and new features.
• Support requests: To respond to your support inquiries and provide technical assistance.
• Legal compliance: To fulfill legal obligations and respond to lawful requests from authorities.

4. Data Storage and Security

4.1 Encrypted Storage

• Client-side encryption: All content is encrypted in your browser using AES-256-GCM before being stored in our database.
• Zero-knowledge architecture: We never see your plain text content - only encrypted data is stored on our servers.
• Automatic deletion: Encrypted content is automatically deleted after your chosen expiration time.
• No content access: Even if our servers were compromised, attackers could not read your content without the encryption keys.

4.2 Security Measures

• AES-256-GCM encryption: Military-grade encryption algorithm for all content.
• PBKDF2 key derivation: 100,000 iterations for password-protected content.
• Hybrid security system: URL secrets and passwords combined for defense in depth.
• Deterministic IV derivation: IV derived from combined secrets for password-protected clips.
• Binary storage: Encrypted content stored as BYTEA for efficiency and security.
• HTTPS transmission: All data is transmitted over encrypted HTTPS connections.
• Rate limiting: Multi-layered IP-based rate limiting system to prevent abuse and ensure fair usage for all users.
• Temporary IP processing: IP addresses are temporarily processed for rate limiting but are not permanently stored or used for tracking.
• Browser extension blocking: Chrome extensions and other potentially malicious origins are blocked.

4.3 Data Retention

• Automatic expiration: Content is automatically deleted after your chosen time (5 minutes to 24 hours).
• One-time access: Content can be set to self-destruct after first read.
• Database cleanup: Expired content is permanently removed from our database.
• No manual deletion: Once shared, content cannot be manually deleted before expiration.

5. Data Sharing and Disclosure

5.1 No Third-Party Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties for commercial purposes. Your clipboard data remains private and is not shared with advertisers, marketers, or other third parties.

5.2 Service Providers

• Hosting services: If you enable cloud synchronization, your data may be stored on secure cloud hosting services.
• Analytics providers: Anonymous usage statistics may be shared with analytics providers to improve the application.
• Support services: In the event of support requests, limited technical information may be shared with support service providers.

5.3 Legal Requirements

• Law enforcement: We may disclose information if required by law or in response to valid legal requests.
• Court orders: Information may be disclosed in response to court orders or subpoenas.
• Protection of rights: We may disclose information to protect our rights, property, or safety, or that of our users.

6. Your Rights and Choices

6.1 Access and Control

• View your data: You can view all stored clipboard data through the application interface.
• Export data: You can export your clipboard history in various formats for backup or transfer purposes.
• Delete data: You can delete individual entries or clear all clipboard history at any time.

6.2 Privacy Settings

• Data collection preferences: You can control what types of data are collected and how they are used.
• Analytics opt-out: You can opt out of anonymous usage analytics collection.
• Notification preferences: You can control what types of notifications you receive from the application.

6.3 Account Management

• Account deletion: You can delete your account and all associated data at any time.
• Data portability: You can request a copy of all your data in a portable format.
• Correction rights: You can request correction of any inaccurate personal information.

7. Children's Privacy

Qopy is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

8. International Data Transfers

Qopy is designed to store data locally on your device. However, if you enable cloud synchronization features, your data may be transferred to and stored on servers located in different countries. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

9. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you promptly in accordance with applicable laws. We will provide information about the nature of the breach, the data affected, and the steps we are taking to address the situation.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of Qopy after such changes constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

12. GDPR Compliance

For users in the European Union, this Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR). You have the following additional rights under GDPR:

• Right to be informed: You have the right to be informed about how your data is collected and used.
• Right of access: You have the right to access your personal data and information about how it is processed.
• Right to rectification: You have the right to have inaccurate personal data corrected.
• Right to erasure: You have the right to have your personal data deleted in certain circumstances.
• Right to restrict processing: You have the right to restrict the processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, machine-readable format.
• Right to object: You have the right to object to the processing of your personal data.
• Rights related to automated decision making: You have rights related to automated decision making and profiling.

13. California Privacy Rights

For California residents, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: You have the right to know what personal information is collected, used, shared, or sold.
• Right to delete: You have the right to request deletion of your personal information.
• Right to opt-out: You have the right to opt-out of the sale of personal information.
• Right to non-discrimination: You have the right to not receive discriminatory treatment for exercising your privacy rights.

14. Rate Limiting and IP Processing

14.1 Rate Limiting System

Qopy implements a multi-layered IP-based rate limiting system to prevent abuse and ensure fair service usage for all users. This system helps protect against spam, automated attacks, and service overload.

14.2 How Rate Limiting Works

• IP Address Processing: When you access our service, we temporarily process your IP address to enforce rate limits.
• Usage Limits: The system enforces different limits for different types of requests:
  • Burst protection: 30 requests per IP per minute
  • General API protection: 100 requests per IP per 15 minutes
  • Share API protection: 20 share requests per IP per 15 minutes
  • Retrieval API protection: 50 retrieval requests per IP per 15 minutes
• Temporary Storage: IP addresses are only processed in memory for the duration of the rate limiting window and are not permanently stored.
• No Tracking: Rate limiting data is not used for user tracking, analytics, or any other purpose beyond preventing abuse.

14.3 Rate Limit Exemptions

• Health Checks: Health check endpoints (/health, /api/health, /ping) are exempt from rate limiting.
• Admin Endpoints: Admin endpoints are protected by authentication rather than rate limiting.

14.4 Rate Limit Responses

When rate limits are exceeded, the service returns a 429 "Too Many Requests" status code with information about the limits and when they reset. This helps users understand and adjust their usage patterns.

15. Cookies and Tracking Technologies

Qopy is a desktop application and does not use cookies or web-based tracking technologies. However, if you access our website or use web-based features, we may use cookies and similar technologies as described in our website privacy policy.

16. Third-Party Services

Qopy may integrate with third-party services for specific functionality. These services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

17. Data Minimization

We follow the principle of data minimization, collecting only the information necessary to provide our services. We do not collect unnecessary personal information and regularly review our data collection practices to ensure compliance with this principle.

18. Security Best Practices

To protect your privacy and security when using Qopy:

• Keep the application updated: Regularly update Qopy to ensure you have the latest security patches.
• Use strong passwords: If you enable password protection, use strong, unique passwords.
• Be mindful of sensitive data: Be cautious about copying sensitive information to your clipboard.
• Regular cleanup: Regularly review and delete old clipboard entries.
• Respect rate limits: Be aware of usage limits to avoid service interruptions.

19. Open Source Transparency

Qopy is open-source software, which means the source code is publicly available for review. This transparency allows the community to verify our privacy and security practices. You can review the source code at our GitHub repository.

20. Data Protection Officer

For data protection inquiries, you can contact our data protection officer at qopy@lit.services. We will respond to your inquiries within the timeframes required by applicable law.

21. Complaints and Dispute Resolution

If you have concerns about our data practices, we encourage you to contact us first. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

22. Conclusion

At Qopy, we are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy reflects our commitment to transparency and user control. We believe that privacy is a fundamental right, and we design our products with this principle in mind.

Last Updated: July 2025