Privacy Policy

QuickProto provides shareable, versioned prototype previews for product teams. References to QuickProto, we, us, or our mean the QuickProto service available at quick-proto.co.uk and related product surfaces.

For privacy questions or requests, contact us at privacy@quick-proto.co.uk.

We collect account information such as your name, email address, profile image, authentication details, email verification status, organization memberships, roles, invitations, and settings. If you sign in with Google, we receive the account information needed to authenticate you.

We process product content you choose to upload or create, including project and organization names, prototype bundle files, starter bundles, version metadata, route paths, screenshots, preview comments, comment threads, mentions, notification snippets, and optional chat or agent summaries attached to versions.

We collect technical and security information such as session tokens, API key metadata, OAuth client and token records for MCP connections, IP address, user agent, request logs, rate-limit signals, upload sizes, scan status, and diagnostic information needed to protect and operate the service.

For paid plans, we store billing status and Stripe identifiers such as customer, subscription, price, plan, renewal, and cancellation metadata. We do not store full payment card numbers.

We use information to provide the service, authenticate users, maintain organizations and projects, host uploaded prototypes, serve preview links, preserve version history, enable comments and notifications, process billing, send account and invitation emails, and support API, CLI, and MCP workflows.

We also use information to secure the service, prevent abuse, enforce limits, debug issues, improve reliability, comply with legal obligations, and communicate important product or account updates.

QuickProto uses cookies and similar local storage technologies for authentication, session management, cross-subdomain preview access, security checks, product preferences, and remembering privacy choices, including analytics rejection. Some preview flows may set short-lived cookies to authorize capture or access to a specific preview.

Optional browser analytics is provided by PostHog and only runs on this device after you accept analytics. If enabled, PostHog helps us understand product usage, improve reliability, and decide where to improve QuickProto. You can change this choice below.

You can also control cookies through your browser settings, but blocking required cookies or local storage may prevent sign-in, dashboard access, preview access, privacy preferences, or security checks from working correctly.

We do not sell personal data. We share information with service providers that help us operate QuickProto, including Cloudflare for hosting, storage, database, rate limiting, and browser rendering; Stripe for billing and payment processing; Resend for transactional email; PostHog for product analytics, reliability, and service improvement; and Google when you use Google OAuth. Browser analytics is sent to the configured PostHog EU host at https://eu.i.posthog.com only after you opt in on this device.

Separately, operational server-side events such as signup, upload, billing, comment, abuse-prevention, and reliability events may be sent to PostHog under our legitimate interests in operating, securing, and improving the service. These events do not depend on optional browser analytics consent.

If malware scanning is enabled for uploads, uploaded files or related metadata may be processed by the configured scanning provider. We may also disclose information if required by law, to protect rights and safety, or as part of a business transfer.

Prototype bundles, screenshots, comments, and related metadata are processed so QuickProto can host and display your previews. Preview visibility may be public, private, organization-only, or invite-only depending on your project settings and plan features.

Anyone with access to a public or shared preview link may be able to view the content exposed by that link. You should avoid uploading secrets, production credentials, regulated data, or content you are not authorized to share.

We retain account, organization, project, billing, and uploaded content for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Some plan features may affect how long preview links and stored bundles remain available.

When data is deleted, residual copies may remain in backups, logs, or security records for a limited period before they are overwritten or removed according to normal operational processes.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to complain to a data protection authority.

To make a request, contact privacy@quick-proto.co.uk. We may need to verify your identity before fulfilling a request.

We use technical and organizational safeguards designed to protect personal data, including authentication controls, authorization checks, signed download links, rate limiting, and upload safety checks. No online service can guarantee absolute security.

QuickProto and its providers may process information in the United Kingdom, the United States, the European Economic Area, and other locations where our providers operate. Where required, we rely on appropriate safeguards for international transfers.

QuickProto is not intended for children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can take appropriate action.

We may update this Privacy Policy as the service changes. When we make material changes, we will update the date above and take additional steps where legally required.