Site privacy policy.

This policy describes how Quietfield ("we", "us", "our") collects, uses, and protects information in connection with the quietfield.in website. It does not cover any Quietfield products; those have their own policies linked from quietfield.in/legal/.

§1 Who we are

Quietfield is a software studio operating from Delhi, India. Quietfield is the entity responsible for the data processing described in this policy — the data controller under the EU/UK GDPR, the data fiduciary under India's DPDPA 2023, and the business under the California CCPA/CPRA. You can reach us through the contact page.

§2 What this site collects

This site processes personal data in five places. Each is described in full below; this section is the summary.

• Google Analytics 4 — two persistent cookies and aggregate page-view data (§3).
• Contact form at /contact/ — name, email, message; emailed and logged (§4).
• Waitlist forms on product pages — email address and IP, stored in a per-product append-only file (§5).
• Support form at /products/<product>/support/ — name, email, message; emailed and logged (§6).
• CSP violation reports sent by your browser when the page tries to load a script or style not on our allow-list — page URL, violated directive, your IP and User-Agent, stored in a daily-rotated log for security analysis (§7).

In addition, our hosting provider's servers generate standard HTTP access logs (IP, request path, timestamp, user agent) as part of infrastructure operation. Those logs are governed by the hosting provider's own privacy policy.

§3 Google Analytics 4

This site uses Google Analytics 4 (GA4) to measure aggregate traffic. GA4 loads a script from googletagmanager.com and sets two persistent cookies in your browser: _ga and _ga_KYY6N65TB7, both expiring after two years. These cookies assign a random identifier to your browser so that repeat visits can be counted as one user. The data collected includes pages visited, approximate geographic location (country/city, derived from IP address), device type, browser, and referral source. GA4 does not collect your name, email address, or any directly identifying information. IP addresses are anonymised by GA4 before storage as a default platform behaviour.

This data is sent to Google LLC and processed on Google's servers, which are primarily located in the United States. Google's use of this data is governed by the Google Privacy Policy. Quietfield uses this data only to understand which pages are read and where visitors come from. It is not used for advertising, remarketing, or cross-site tracking. Google Signals, advertising features, and data sharing with Google products are all disabled for this property.

We automatically opt you out of GA4 measurement when your browser sends a Sec-GPC: 1 Global Privacy Control signal (Brave, Firefox with the setting enabled, Safari in private mode, the GPC browser extension), or when it sends Save-Data: on. In either case the GA tag is disabled before it fires. No consent banner is needed because nothing is set or transmitted until after the opt-out gate. You can also opt out manually by installing the Google Analytics Opt-out Browser Add-on, or by blocking the googletagmanager.com domain with a content blocker. Google may temporarily cache a measurement identifier in your browser's localStorage as part of its standard library behaviour.

§4 Contact form

The contact form at quietfield.in/contact/ submits data via POST to a server-side handler running on the same server. The fields collected are your name, email address, and message. The handler does two things with this data:

1. For valid submissions, sends the submission as an email to hello@quietfield.in so we can reply.
2. Appends a record of every submission attempt — including those rejected as automated spam (a hidden honeypot field was filled, or the form was submitted faster than a human could), as invalid (missing fields, malformed email) — to an append-only operational log file data/contact_log.jsonl on the same server. Each log entry includes an outcome tag so accepted submissions can be triaged separately from rejected ones.

The log is used only by Quietfield to triage replies (including recovering submissions if email delivery fails), to detect abuse, to diagnose form-design issues, and to maintain a basic audit trail. It is not shared with third parties, not used for marketing, and not combined with any other data. Retention is described in §10.

Legal basis: legitimate interests (Article 6(1)(f) GDPR) for processing the message you have chosen to send us. If you are in the EU or UK, you may request deletion of your submitted message by contacting us; we will remove it from our email archive and operational log within 30 days.

§5 Waitlist signups

Product pages may carry a "Join the waitlist" form. When you submit it we store one line in an append-only file at data/waitlist_<product>.log containing: the submission timestamp (ISO 8601 UTC), your email address, and your IP address. We also email a copy of the same signup to hello@quietfield.in so we can prepare your launch notification.

We use this data for one purpose only: to email you once when the named product becomes generally available. We do not share it, send newsletters from it, or combine it with any other dataset. The waitlist is capped at 5 000 signups per product; once full, you will see a "waitlist full" message and your address is not stored.

Legal basis: consent (Article 6(1)(a) GDPR) — submitting the form is the consent action. You can withdraw consent and request deletion at any time via the contact page; we will delete your line within 30 days. Waitlist files are deleted in full no later than 90 days after the corresponding product launches.

§6 Support form

The support form at quietfield.in/products/<product>/support/ behaves identically to the contact form (§4): name, email, message are emailed to hello@quietfield.in and an outcome-tagged record is appended to data/support_log.jsonl for the same triage, abuse-detection, and audit-trail purposes. Same legal basis (legitimate interests), same 30-day deletion path on request, same 12-month retention ceiling (§10).

§7 CSP violation reports

The site uses a strict Content Security Policy that prevents the browser from loading scripts, styles, or other resources we did not declare. When your browser detects an attempted violation — usually because a browser extension injected code into the page, or because of an attempted attack — it automatically POSTs a small JSON report to /csp-report. We store these reports in a daily-rotated append-only file at data/csp_violations.<YYYY-MM-DD>.jsonl. Each line contains the timestamp, your IP and User-Agent, and the violation payload (the page URL and the directive that was violated). We use these reports exclusively to detect attacks, find browser-extension compatibility issues, and tighten the policy.

Legal basis: legitimate interests (Article 6(1)(f) GDPR) — network and information security per Recital 49 GDPR. Retention: 90 days from rotation, after which the daily file is archived or deleted.

§8 Where IP addresses are stored

For full transparency, your IP address may be stored in any of these locations: the hosting provider's HTTP access logs (operational), data/contact_log.jsonl if you submit the contact form, data/support_log.jsonl if you submit the support form, data/waitlist_<product>.log if you join a waitlist, data/csp_violations.<date>.jsonl if your browser sends a violation report, and data/rate_limit_log.jsonl if you exceed the rate limit on any form (in which case only your IP, User-Agent, and timestamp are stored — never the message body). GA4 anonymises your IP before it is transmitted to Google. The 12-month retention ceiling in §10 applies to every store listed here.

§9 Fonts and external resources

All fonts are self-hosted. No requests are made to Google Fonts, Adobe Fonts, or any external font service. Apart from Google Analytics, no other third-party scripts are loaded. There are no embedded social media widgets, video players, or comment systems.

§10 Data retention

Every server-side log named in §4 through §8 is retained for no longer than 12 months from creation, after which entries are deleted or rotated out. CSP violation files are kept for 90 days. Waitlist files are deleted no later than 90 days after the named product's general availability. The hello@quietfield.in mailbox is also kept under a 12-month retention policy.

You may request earlier deletion of any record we hold about you at any time via the contact page — we will action your request within 30 days.

§11 Your rights (EU / UK / EEA)

If you are located in the European Union, United Kingdom, or European Economic Area, you have the following rights under the GDPR (or UK GDPR) with respect to personal data we hold:

• Right of access — request a copy of any personal data we hold about you.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure — ask us to delete personal data we hold (subject to legal obligations to retain it).
• Right to restriction — ask us to restrict processing while a dispute is resolved.
• Right to object — object to processing based on legitimate interests.
• Right to data portability — request data in a machine-readable format.
• Right to lodge a complaint — contact your national supervisory authority. For India-based users, this is the Data Protection Board of India. For EU users, the relevant national Data Protection Authority. For UK users, the ICO.

For any of these rights, contact us via the contact page. For Google Analytics data, use Google's opt-out tools or ask us and we will apply a deletion request to our GA4 property.

§12 Your rights (California — CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights:

• Right to know — ask what personal information we collect and how it is used.
• Right to delete — ask us to delete personal information we collected from you.
• Right to opt out of sale — we do not sell or share personal information for cross-context behavioural advertising. There is nothing to opt out of.
• Right to non-discrimination — we will not discriminate against you for exercising any CCPA rights.

To exercise CCPA rights, contact us via the contact page. We will respond within 45 days as required by law.

§13 India — Digital Personal Data Protection Act 2023 (DPDPA)

Quietfield operates from India and complies with the Digital Personal Data Protection Act 2023. The personal data processed through this site (described in §3–§7) is processed on the basis of consent (§5, §3) and legitimate use (§4, §6, §7, §8). You have the right to access, correct, and request erasure of your personal data. Contact us via the contact page to exercise these rights.

§14 International transfers

Contact and support form submissions are delivered via email to an inbox accessed in India. Our hosting provider's infrastructure may be distributed globally; access logs may be processed outside of India. If you are in the EU and concerned about cross-border transfers, contact us via the contact page.

Google Analytics data (§3) is transferred to and processed by Google LLC in the United States. Google relies on Standard Contractual Clauses (SCCs) as the legal mechanism for transferring personal data from the EU/EEA to the USA. For more information, see Google's data transfer frameworks.

§15 Children

This site is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If we become aware that a child has submitted personal data, we will delete it promptly.

§16 Changes

Material changes to this policy will be reflected with a new effective date at the top of this page. We will not retroactively reduce your rights under this policy without explicit notice.

§17 Contact and complaints

Privacy enquiries: contact page. We aim to respond within 5 business days. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.