Privacy Policy for Quill

Last updated: April 23, 2026

Quill ("we", "us", "our") is a personal expense tracker built by Adam Kovacovich ("Developer"). This Privacy Policy explains what information Quill collects, how it is used, and your rights.

By using Quill you agree to the terms of this Privacy Policy. If you do not agree, do not use the app.

Who we are

Developer: Adam Kovacovich Contact: ajkproductionapps@gmail.com Address: Available upon request via support email above

Information we collect

Information you provide

  • Account identity: when you sign in with Apple, we receive an Apple ID "subject" identifier and optionally your name and email, depending on your Apple sign-in choices.
  • Profile details: name, business name, accountant email, default currency, mileage rate, and other preferences you enter in Settings.
  • Expense data: amounts, merchants, dates, categories, notes, tags, receipts (photos), line items, approval statuses, mileage trips, vehicles, trip itineraries, and related records you create in Quill.
  • Payment card metadata: card nicknames, card types, last 4 digits. Quill does NOT store full card numbers, CVVs, or expiration dates.

Information collected automatically

  • Usage data on-device: app settings, last-viewed screens, and similar state that powers normal app functionality. This data is stored locally or in your private iCloud container and is not transmitted to our servers.
  • Location (optional, opt-in): if you grant location permission and use the "Add current location" feature on an expense, we capture the coordinates and a reverse-geocoded place name and attach them to that expense record. Location data is stored locally (and in your iCloud if iCloud sync is enabled); we do not upload it to our servers.

Information from third-party services

  • Bank and transaction data: if you connect a bank account via Plaid, Plaid retrieves your account balances, account metadata, and transactions and sends them through our backend to your device. Plaid is a regulated financial data network; their privacy policy applies to data they process on your behalf. See https://plaid.com/legal/ for Plaid's terms.

Where your data is stored

On your device

Nearly all of your data (expenses, receipts, settings, categories, etc.) lives in a local SwiftData database on your iPhone.

In your private iCloud container

If you have iCloud enabled on your device and you don't disable iCloud sync in Quill Settings, your data syncs to your own private iCloud container. Apple stores this data; we do not have access to it. Apple's privacy policy governs this storage.

On our backend (minimal)

Our backend (hosted on Render, US-based) stores only what is required to operate Plaid integration and Sign in with Apple:

  • An encrypted Plaid access token per connected bank (AES-256-GCM, key held only in the backend environment, never sent to devices or logged).
  • Cached account metadata and recent transactions, so we can re-serve them quickly when you open the Banking tab.
  • A JWT session token linked to your Apple ID subject identifier.

We do not collect, retain, or transmit your receipts, expense notes, approval history, or any other detail beyond what is listed above. The backend has no access to your iCloud data.

How we use your information

  • Provide the app's features (record expenses, sync bank data, generate reports, detect subscriptions, etc.).
  • Authenticate you through Sign in with Apple.
  • Facilitate the Plaid bank linking and transaction sync flow.
  • Respond to support requests you send us.
  • Comply with legal obligations if they apply.

We do NOT:

  • Sell or rent your data to anyone.
  • Use your data for advertising.
  • Share your data with analytics providers.
  • Train any machine-learning models on your data.

Sharing your information

We share data only with:

  • Plaid, when you initiate a bank link — Plaid is the processor of your bank credentials and transaction data.
  • Apple, through Sign in with Apple and iCloud — Apple provides authentication and storage; we don't share additional data with them.
  • Service providers that run our infrastructure (Render for hosting, our database provider) under contracts that limit their use to operating Quill.
  • Legal authorities if required by law, subpoena, or court order.

Your rights and choices

  • Access and portability: use the Export feature in Quill to produce a CSV, QBO, IIF, or ZIP of all your expense data at any time.
  • Deletion: delete expenses, categories, receipts, or accounts from within the app. To delete your backend account (Plaid tokens, JWT, cached accounts and transactions), contact us at the email above. We will delete backend records within 30 days of request.
  • Revoke bank access: use Manage Connections in Quill's Banking tab to disconnect any bank at any time. This revokes Plaid's access to your bank and removes the related data from our backend.
  • Disable iCloud sync: toggle iCloud sync off in Settings if you prefer on-device-only storage.

If you are a resident of California, the EU, UK, or another jurisdiction with data-subject rights (CCPA, GDPR, etc.), those rights apply to the limited data we hold on our backend. Contact us to exercise them.

Data retention

  • On your device / iCloud: kept until you delete it or uninstall the app.
  • Plaid tokens + cached transactions on our backend: kept while the bank connection is active, deleted within 30 days of disconnect or account deletion.

Children

Quill is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

Security

Bank access tokens are encrypted at rest on the backend with AES-256-GCM. Sign in with Apple uses industry-standard OAuth/JWT. All network communication between the app and the backend is HTTPS-only (TLS 1.2+). No system is perfectly secure, so we cannot guarantee absolute security.

Changes to this policy

We may update this policy as the app evolves. The "Last updated" date at the top will reflect the latest revision. Material changes will be announced in-app.

Contact

Questions? Contact us at ajkproductionapps@gmail.com.