Privacy Policy
Effective Date: May 13, 2026
Last Updated: May 13, 2026
1. Introduction
This Privacy Policy describes how Grizzilla, Inc. ("Quilt," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Quilt desktop application, mobile application, web services, Model Context Protocol ("MCP") server, application programming interfaces, and any related services (collectively, the "Service").
Quilt is a unified messaging surface that connects to your existing email, calendar, and messaging accounts to provide a single inbox, relational intelligence about your contacts and conversations, and optional artificial-intelligence-powered features that act on the data you authorize Quilt to access.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
This Privacy Policy is incorporated into and forms part of our Terms of Service.
The Service is currently offered only to users located in the United States. If you are accessing the Service from outside the United States, you may not use the Service.
2. Privacy-First Architecture (Plain-Language Summary)
We want you to understand at a glance what makes Quilt's privacy posture different from a typical email or messaging app:
- Zero-Body Storage. Quilt does not store the body text of your messages on Quilt's servers. Message bodies are fetched on demand from the underlying provider (Gmail, Microsoft 365, Slack, etc.) each time you read them, and are kept only in memory on your device or in your local encrypted cache. This architectural choice is patent-pending.
- Metadata-Only Cloud. We store metadata (sender email, recipient email, subject line, timestamp, message ID, classification tags) in our cloud to power the unified inbox, AI prioritization, and relational features. We do not store message bodies in the cloud.
- End-to-End Encryption for Cross-Device Sync. When you enable multi-device sync, your personal data is encrypted on your device using a 24-word seed phrase and an additional passphrase you choose. Quilt cannot decrypt this data; only your devices holding the seed can.
- You Own Your Data. You can export your Quilt data as Markdown files to a local folder at any time. You can delete your account, which removes your metadata from our servers within thirty (30) days.
- No Advertising. Quilt does not show advertisements and does not sell your identifiable personal data for advertising purposes.
- Optional Anonymized Metadata Program. If you opt in to our Metadata Insights Program, we may share aggregated, de-identified metadata patterns with research and commercial partners for compensation. See Section 6 for details and opt-out instructions.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information. Email address, password (stored as a salted hash via our authentication provider Supabase), full name (optional), and pronouns (optional).
- Personal Inventory. If you opt to complete the Personal Inventory questionnaire, we collect the information you provide such as: location, languages, education, professional background, role, current work focus, relationship preferences, interests, AI behavior preferences, and writing style. This information is used to personalize AI features in the Service.
- Payment Information. When you subscribe to a paid tier, payment card information is collected and processed by our payment provider, Stripe, Inc. We do not store full payment card numbers on our servers; we receive only a tokenized reference and basic billing metadata (last four digits, billing zip code, transaction history).
- Communications. If you contact us (e.g., for support), we collect the contents of your communication and any attachments.
3.2 Information from Connected Accounts (Email, Calendar, Messaging)
When you authorize Quilt to access an external account (Gmail, Microsoft 365 Outlook, Slack, Yahoo Mail, WhatsApp Business via Meta Graph API, Meta Messenger, LinkedIn, Apple iMessage via the Quilt Relay App, or SMS via the Quilt Mobile App), we collect the following from that account through the provider's official API:
- Message Metadata: sender address, recipient addresses, subject line, send/receive timestamp, thread ID, message ID, read/unread status, flags or labels, and conversation membership.
- Message Body Access on Demand: message body content is fetched live from the provider when you read a message. Bodies are not retained in our cloud servers, but may be briefly cached on your device and processed transiently in memory.
- Contact Information: names, email addresses, phone numbers, addresses, and other fields surfaced by the provider's contacts or directory API.
- Calendar Information: event titles, times, locations, attendees, and recurrence rules from connected calendars.
3.3 Information from AI Processing
When you use AI-powered features in Quilt:
- Inputs: the prompt or content you submit to an AI feature, plus the relevant context Quilt assembles automatically (for example, the messages in the thread being summarized, or your Personal Inventory if you have opted in to instruction injection).
- Outputs: the AI-generated response, draft, summary, or classification.
- Usage Records: function called, model used (Haiku, Sonnet, GPT-4o, or other), estimated input/output token counts, latency, cost estimate, and any user feedback (accept/reject).
If you use "Bring Your Own Key" ("BYOK") providers, your AI inputs and outputs are sent directly from your device or our infrastructure to the third-party provider you selected (Anthropic, OpenAI, Google, etc.) using credentials you have provided. We do not store the contents of those exchanges on our servers, though we may log non-content metadata such as the fact that a BYOK call was made.
3.4 Information from External AI Agents (MCP Server)
If you enable Quilt's MCP server, external AI agents (e.g., Claude.ai, Cursor, Continue) that you authorize may read your Quilt context and, optionally, write new facts or notes into your Quilt memory. We log every such read and write call (calling agent identifier, tool used, timestamp, argument hash) in an audit log visible to you in the application.
3.5 Automatically Collected Information
- Device Information. Operating system, application version, locale, time zone.
- Usage Information. Features used, screens viewed, error reports, sync timing, performance metrics.
- Cookies and Similar Technologies. Our website uses cookies for session management and basic analytics. The desktop and mobile applications do not use third-party advertising cookies.
- Crash and Performance Diagnostics. Stack traces, application state at the time of error, and other diagnostic data necessary to debug issues. Diagnostic reports are sent directly to our own servers via the Tauri framework's built-in reporting; no third-party crash-reporting vendor is used. These reports are scrubbed of message content before transmission.
4. How We Use Information
We use the information we collect for the following purposes:
- Provide the Service. Authenticate your account, sync your messages and contacts, present your unified inbox, render person profiles, populate the Quilt grid, and execute AI features.
- Personalize the Service. Apply your customization preferences (display mode, fabric, threads, voice instructions), use your Personal Inventory to tailor AI outputs, and rank your inbox by AI priority.
- Improve the Service. Analyze aggregated, anonymized usage data to understand which features are valuable, debug issues, and prioritize improvements.
- Communicate with You. Send transactional emails (account notices, billing receipts, security alerts) and, with your consent, occasional product updates. You may unsubscribe from non-essential communications at any time.
- Billing and Payments. Process subscription fees, manage trials, and reconcile usage against your tier's caps.
- Security and Fraud Prevention. Detect and prevent abuse, including coordinated misuse, unauthorized access, and account compromise.
- Legal Compliance. Comply with applicable laws, respond to lawful government requests, enforce our Terms of Service, and protect the rights, property, and safety of Quilt, our users, and the public.
We do NOT use your information for:
- Advertising or ad targeting
- Profiling for ad networks
- Sale of personally identifiable information
5. AI Processing and Third-Party AI Providers
5.1 Default AI (Quilt-Provided)
Quilt's default AI features (suggested replies, tone adjustment, thread summarization, natural-language inbox search, voice-to-reply, fact extraction, topic clustering, AI chat with tools, sender override parsing, support chat) are powered by Anthropic, PBC ("Anthropic"), through Anthropic's API. When you use one of these features:
- We send the relevant prompt and context to Anthropic's API endpoint
- Anthropic processes the request and returns a response
- Anthropic's data-handling practices apply during processing; see Anthropic's Privacy Policy
- We do not train AI models on your personal data
- Anthropic does not train its models on data sent through the API (per Anthropic's API Terms of Service as of the Effective Date of this policy)
5.2 BYOK Providers
If you connect an Anthropic, OpenAI, or Google account via Bring Your Own Key, your AI inputs and outputs are sent to that provider using your credentials. Your relationship with that provider is governed by that provider's terms and privacy policy. Quilt does not see the cost of those API calls; you are billed directly by the provider.
5.3 Data Minimization for AI
Where feasible, we minimize the data sent to AI providers by:
- Sending message metadata before message bodies whenever possible
- Excluding messages classified as personal-sensitive (e.g., medical, legal) from AI features unless you explicitly request processing
- Allowing you to disable AI features entirely
6. Optional Anonymized Metadata Insights Program
This section describes a feature that is OFF BY DEFAULT and requires your explicit opt-in.
If you opt in to the Quilt Metadata Insights Program through Settings → Privacy:
- We may extract de-identified aggregate patterns from your message metadata (such as: domain-level communication frequencies, contact-graph density measurements, topic clusters, calendar density patterns)
- These patterns are aggregated across many users so that no individual user's data can be re-identified
- We may share these aggregated patterns with research institutions, market research firms, and commercial partners
- We may receive monetary or non-monetary compensation for sharing such aggregated patterns
- You can withdraw consent at any time through Settings → Privacy → Disable Metadata Insights, and within thirty (30) days of withdrawal we will exclude your data from any new aggregations
You can also choose at any time to "Anonymize my profile" within Memory Privacy, which excludes your data from this program even if it is otherwise enabled.
We do not share your raw message content, sender/recipient identities, or any directly-identifying information through this program. We do not sell personally identifiable information.
7. How We Share Information
We share information only as described below.
7.1 With Connected Service Providers
We share authentication tokens and minimal request data with the email, calendar, and messaging providers you connect, solely to fetch and send messages on your behalf. We do not share data with these providers beyond what is required to operate the Service.
7.2 With Service Providers and Subprocessors
We use the following categories of subprocessors:
| Category | Provider | Purpose |
|---|
| Authentication | Supabase, Inc. | Account authentication, session management |
| Cloud Database | Supabase, Inc. (built on AWS) | Storage of metadata and Personal Inventory |
| AI Inference (default) | Anthropic, PBC | Generative AI features |
| Payments | Stripe, Inc. | Subscription billing |
| Email (transactional) | Resend, Inc. | Account emails, receipts, password resets |
| Application Distribution | Apple, Inc., Google LLC, Microsoft Corporation | App distribution; subject to those platforms' policies |
A current list of subprocessors is maintained at /subprocessors. We update this page when we add or remove a subprocessor.
7.3 With External AI Agents (MCP)
If you enable the MCP server, the external AI agents you authorize may read your Quilt context and, with your further consent, write new facts. You control which agents have access, what permissions they have, and may revoke access at any time. All such accesses are logged in a per-user audit log.
7.4 With Other Quilt Users (Closed Network)
When another Quilt user attempts to contact you or appears in your contact list, the Service may indicate that the contact is "on Quilt" (a small badge in the user interface). This is a single-bit signal indicating Quilt membership; no other user data is exchanged without your explicit action. You may disable this signal in Settings → Privacy.
7.5 For Legal Reasons
We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.
We do not voluntarily provide your data to government agencies and will challenge overbroad requests to the extent permitted by law.
7.6 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy. You will have the option to delete your account before such a transfer.
7.7 With Your Consent
For any other sharing not described above, we will obtain your prior consent.
8. Geographic Scope
The Service is currently offered only to users located in the United States. Your information is processed and stored in the United States. We do not currently offer the Service to users in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States. If we expand to other regions in the future, we will update this Privacy Policy and notify users.
9. Data Security
We implement reasonable and appropriate technical and organizational security measures to protect your information, including:
- TLS encryption for data in transit
- Encryption at rest for sensitive fields stored in our cloud database
- End-to-end encryption (E2EE) for multi-device sync using a passphrase + 24-word seed phrase that we cannot recover
- Tokenization of payment card data via Stripe (we do not store full card numbers)
- Salted, hashed storage of passwords via Supabase
- Role-based access controls limiting internal access to user data
- Regular security reviews and audits
No security system is impenetrable. We cannot guarantee absolute security of your information.
10. Data Retention
We retain your information for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account and Personal Inventory: retained until account deletion
- Message Metadata: retained until you disconnect the underlying account or delete your account
- AI Usage Records: retained for twelve (12) months from creation for billing reconciliation and abuse detection
- MCP Audit Logs: retained for twelve (12) months from creation
- Crash Reports and Diagnostics: retained for ninety (90) days from creation
- Stripe Billing Records: retained per Stripe's policies (typically seven years) for tax compliance
- Backups: retained per industry-standard backup rotations; deletion may take up to thirty (30) days to propagate through backups
When you delete your account, we will delete your information from our active systems within thirty (30) days. Backups containing your information are cycled out within an additional thirty (30) days. Certain information may be retained where required by law (e.g., tax records).
11. Your Rights and Choices
You have the following rights regarding your personal information:
- Access. Request a copy of the personal information we hold about you.
- Correction. Request correction of inaccurate or incomplete information.
- Deletion. Request deletion of your personal information.
- Portability. Receive your information in a structured, commonly used, machine-readable format. Quilt's filesystem mirror feature provides this directly within the application.
- Restriction. Request restriction of processing in certain circumstances.
- Objection. Object to certain types of processing, including direct marketing.
- Withdraw Consent. Withdraw any consent you have provided.
You can exercise many of these rights directly in the application:
- Export data via Settings → AI & connections → Local mirror → Re-export now
- Delete your account via Settings → Account → Delete account
- Toggle AI processing on/off via Settings → My Profile → Memory privacy
- Toggle the Metadata Insights Program via Settings → Privacy
- Disable the "on Quilt" closed-network badge via Settings → Privacy
For requests not handled in-app, contact us at hello@joinquilt.app. We will respond within thirty (30) days, or longer if required by applicable law.
11.1 California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:
- The right to know what personal information we collect, use, disclose, and sell
- The right to request deletion of personal information
- The right to opt out of the sale or sharing of personal information (we do not sell personal information; the Metadata Insights Program is opt-in only and concerns aggregated, de-identified data)
- The right to limit use and disclosure of sensitive personal information
- The right to non-discrimination for exercising your rights
To exercise California rights, contact hello@joinquilt.app. We do not knowingly sell personal information of minors under sixteen (16) years of age.
11.2 Other U.S. State Laws
We honor consumer rights under the Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Washington My Health My Data Act, and other state privacy laws as applicable.
12. Children's Privacy
The Service is not intended for individuals under sixteen (16) years of age, and we do not knowingly collect personal information from children under sixteen (16). If you believe we have collected information from a child under sixteen (16), please contact us at hello@joinquilt.app and we will promptly delete it.
13. Do Not Track Signals
Our Service does not currently respond to "Do Not Track" browser signals, because there is no widely-accepted industry standard for interpreting these signals. We provide more granular controls within the application as described in Section 11.
14. Third-Party Services and Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party services you access through the Service.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the email address associated with your account), by prominent notice within the Service, or by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.
Material changes will not apply retroactively to information collected before the change without your consent.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, contact us:
- Email: hello@joinquilt.app
- Mail: Grizzilla, Inc., 19522 95th Dr SE, Snohomish, WA 98296, United States
17. Specific Notices
17.1 Patent Notice
Aspects of Quilt's privacy-preserving architecture (including the zero-body-storage retrieval pattern and the metadata-only relational model) are the subject of one or more pending United States patent applications.
17.2 No Warranties Regarding Privacy
While we describe our practices in detail, we make no warranties regarding the privacy of your data beyond what is described in this Privacy Policy and our Terms of Service. We disclaim implied warranties to the maximum extent permitted by applicable law.