Skip to content
Privacy

What we collect. What we don’t.

Last updated: May 24, 2026

The short version

Quiver is a research tool. We collect what we need to run it, we don’t sell your data, and we don’t track you across the web. Public stuff (projects you publish, sources you submit, takes you post) is public. Private stuff (drafts, notes, follows) stays private. You can delete your account at any time by emailing auth@quiver.fyi and we’ll wipe your data within 7 days.

What we collect

  • Your email — for sign-in (magic-link codes or Google OAuth) and important account notifications. Never sold, never shared with marketers.
  • Sign-in identity — the Google account subject ID, when you sign in with Google. Lets us recognize you across sessions without storing your Google password.
  • Your contributions — the projects you create, SKUs you add, sources you submit, takes and questions you post, photos you upload, notes you save. Some of this is public by design (you chose to publish it); some is private to you.
  • Your profile — username, optional bio, optional social handles, optional per-category profile fields (e.g. handicap for golf, life stage for pets). You control which fields are public or private.
  • Basic analytics — pageview counts and product events via PostHog and Vercel Analytics. No cross-site tracking cookies; no advertising profile.

What we don’t collect

Location data. Device fingerprints. Contact lists. Health data. Financial information. We don’t buy data about you from third parties.

Who processes your data

Quiver runs on a small set of third-party services. Each only sees what it needs to do its job:

  • Supabase — hosts the database. Your account row, contributions, and profile live here.
  • Vercel— hosts the app + serves the site. Sees request metadata (IP, user agent) for routing and security logging; doesn’t see request bodies.
  • Resend— sends sign-in code emails when you use magic-link login. Sees your email address; doesn’t store the code body beyond delivery.
  • Google OAuth— verifies your identity when you choose “Continue with Google.” Quiver only requests your email and name; we never see your Google password.
  • Cloudflare Images — stores avatar and product photos you upload.
  • Anthropic — powers the multi-SKU extraction and enrichment features. Receives the article URL you paste; never receives your email, name, or other profile data.
  • Skimlinks (when enabled)— rewrites outbound retailer links to include affiliate tracking codes. Sees the outbound URL; doesn’t see your account.

Cookies

One first-party cookie for your sign-in session. No third-party tracking cookies. We don’t use cookies to follow you across other sites.

Children

Quiver is intended for users 13 and older. Don’t create an account or contribute if you’re under 13.

Account deletion + data export

Email auth@quiver.fyi from your account email. We’ll delete your account and associated data within 7 days. Public contributions (published projects, sources, takes) may be retained in anonymized form so other users’ research surfaces don’t break — your name and email are removed; the underlying data stays as community-authored.

Want an export of your data first? Same email address. We’ll send a JSON dump of your account, contributions, and notes before deletion.

Changes to this policy

We’ll update this page when policy changes meaningfully, and we’ll notify you by email for material changes (new third parties, new data collection categories). The “last updated” date at the top reflects the most recent revision.

Questions

Anything unclear? Email auth@quiver.fyi and we’ll answer.

Read the Terms →