Legal
Privacy Policy
Last updated: June 2026
What we collect
Quey collects only what is necessary to operate the service. When you sign in with GitHub or Google, we store your name, email address, and OAuth identity token so we can identify your account across sessions. When you purchase a plan, Stripe processes your payment details — we never store card numbers or billing data on our servers. We receive a Stripe customer ID and subscription status only.
What the Chrome extension does
The Quey Chrome extension uses the following permissions: storage (to save your enabled/color/crosshair preferences locally), activeTab and scripting (to inject the inspection toolbar into the page you are viewing), and captureVisibleTab (to take a screenshot of the visible browser area when you use region-capture mode). None of this data leaves your browser unless you explicitly copy a payload to the clipboard or send a capture to a locally running MCP bridge. The extension does not transmit screenshots, DOM data, or clipboard contents to Quey servers.
Local MCP bridge
If you run the optional @uitoolbar/mcp server, captures are sent over localhost only. The MCP server does not forward data to external services unless you configure it to do so (for example, by wiring it to a third-party AI agent). Quey has no visibility into data sent through your local MCP setup.
Analytics and error tracking
We may collect anonymised usage analytics (page views, feature interactions) to understand how the product is used. We do not sell this data. Error monitoring may capture stack traces and request context to help us diagnose bugs. Any error reports are retained only as long as necessary and are not used for advertising.
Data retention
Account data is retained for as long as your account is active. You can request deletion of your account and associated data at any time by emailing us. Stripe subscription records are subject to Stripe's own data retention policies for financial compliance.
Third-party services
Quey uses GitHub and Google OAuth for authentication, Stripe for payment processing, and Convex as a hosted backend. Each of these services has its own privacy policy governing how they handle your data. We choose infrastructure providers that meet reasonable data protection standards.
Your rights
You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email us at the address below. If you are located in the EU or UK, you have additional rights under GDPR and UK GDPR, including the right to lodge a complaint with a supervisory authority.
Contact
For privacy questions or data requests, contact us at d58192307@gmail.com. We will respond within 30 days.