Quiet LoonQuiet Loon

Privacy Policy

Last updated: April 2026 — cookie policy updated to reflect analytics consent

Who we are

Quiet Loon is a family organisation tool that processes emails on your behalf to extract events, tasks, and reminders. The service is operated by Quiet Loon Limited, a company registered in England and Wales. Quiet Loon Limited is the Data Controller for personal data processed through this service.

If you have any questions about this policy or how we handle your data, contact us at hello@quietloon.com.

Our lawful basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract performance — processing your emails to extract events, tasks, and reminders is the core service you signed up for. Delivering your weekly digest, reminders, and account communications falls under the same basis.
  • Legal obligation — retaining billing records to comply with UK tax law (HMRC requires retention for 7 years).
  • Legitimate interests — understanding how the product is used in aggregate (never at an individual level) to improve it. We have carried out a balancing test and are satisfied this does not override your rights.

What data we collect

  • Account information — your name and email address, provided when you sign up via Google or email.
  • Email content — emails you forward to your personal Quiet Loon address. We store the raw email and the structured information extracted from it (events, tasks, dates, locations, deadlines).
  • Family data — events, tasks, and reminders extracted from your emails. Where emails mention family members by name (including children), those names may appear as tags on extracted items.
  • Usage data — basic, aggregated analytics to help us understand how the product is used. We do not build individual profiles for this purpose.
  • Billing information — handled entirely by Stripe. We do not store card details.
  • WhatsApp number — only if you choose to enable WhatsApp reminders. You can remove this at any time in Settings.

Data about children

Quiet Loon is designed for use by parents and adults. We do not knowingly provide the service directly to anyone under 18, and we do not collect data directly from children.

However, the emails you forward will often contain information about your children — school events, nursery schedules, activity clubs, and similar. This information is processed solely to provide the service to you (the account holder) and is not used for any other purpose. We do not create profiles of children, share child-related data with third parties for their own purposes, or use it in any way beyond extracting the events and tasks you asked us to find.

If you close your account, all data including information relating to your children will be deleted within 30 days.

How we use your data

  • To extract events, tasks, and reminders from emails you forward and display them on your dashboard.
  • To send your weekly digest and event/task reminders by email and WhatsApp (if enabled).
  • To process your subscription payment via Stripe.
  • To provide customer support when you contact us.
  • To improve the product using aggregated, anonymised usage patterns.

We do not sell your data. We do not use your emails for advertising. Staff may access raw email content only for the purpose of debugging a specific issue you have reported to us — we do not routinely read forwarded emails.

AI processing

Emails you forward are processed using AI (Google Gemini) to extract structured information such as dates, times, locations, and tasks. This processing happens on secure infrastructure. We do not use your emails to train AI models. Please also read our AI Disclaimer.

Who we share data with

We share data only with the third-party providers necessary to operate the service:

  • Google (USA) — AI processing of email content via Google Gemini.
  • Convex (USA) — secure database storage and backend infrastructure.
  • Clerk (USA) — authentication and account management.
  • Postmark (USA) — transactional email delivery (digests, reminders, welcome emails).
  • Twilio (USA) — WhatsApp reminder delivery. Only receives your phone number if you opt in to WhatsApp notifications.
  • Stripe (USA) — payment processing and subscription management.
  • Vercel (USA) — website hosting and, if you consent, anonymous product analytics (page views, navigation patterns). No personal data is included in analytics.

All providers are based in the United States. Data transfers to the USA are made under appropriate safeguards, including Standard Contractual Clauses approved by the UK Information Commissioner. Each provider is contractually bound to process your data only as instructed and in accordance with applicable data protection law.

We do not share your data with any other third parties, and we never sell it.

How long we keep your data

  • Raw email content — email body text is automatically purged 90 days after receipt. The email record (subject, sender, date) is retained while your account is active so that links between emails and extracted events remain intact, and deleted within 30 days of account closure.
  • Extracted events, tasks, and reminders — retained while your account is active. Individual items can be deleted by you at any time from your dashboard.
  • Support messages — retained for 2 years for support audit purposes, then deleted.
  • Account information — deleted within 30 days of account closure.
  • Billing records — retained for 7 years as required by UK tax law (HMRC).

Your rights

Under UK GDPR you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to ask us to correct inaccurate data.
  • Right to erasure — to ask us to delete your data (subject to legal retention obligations).
  • Right to restriction — to ask us to pause processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent (e.g. WhatsApp reminders), you can withdraw at any time in Settings.

To exercise any of these rights, email us at hello@quietloon.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Security

We take reasonable technical and organisational measures to protect your data, including encrypted data storage, encrypted data transmission (TLS), and access controls limiting which staff can access personal data. No system is completely secure, and we cannot guarantee absolute security, but we take our obligations seriously and will notify you promptly in the event of a data breach that affects you.

Cookies and similar technologies

We use the following cookies on this site:

CookieProviderPurposeRequired?
__session, __clerk_*ClerkAuthentication and session managementYes — essential
__stripe_mid, __stripe_sidStripeFraud prevention during checkoutYes — essential
__cf_bmCloudflareBot mitigation and securityYes — essential
__ql_consentQuiet LoonRemembers your cookie preferenceYes — essential
_va (visitor hash)Vercel AnalyticsAnonymous page view analytics — no personal data, 24-hour session hash onlyNo — consent required

We do not use advertising or cross-site tracking cookies. Analytics cookies are only set if you click Accept on the cookie banner. You can withdraw consent at any time by clicking in the footer of any page.

Changes to this policy

If we make material changes to this policy we will notify you by email at least 30 days before the changes take effect. The updated policy will be posted at this URL with a revised “last updated” date. If you do not agree with the changes, you may close your account before they take effect.