QwicKeys ("Service") is operated by L3XCZR SFTWYR LLC ("we", "us", "our"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use the QwicKeys web application, admin dashboard, and Chrome/Edge browser extension.
By using QwicKeys, you agree to the collection and use of information described in this policy. If you are using QwicKeys as part of an enterprise account, your organization's administrator may have additional agreements governing data use.
Plain-language summary: We collect only what we need to run the service. We do not sell your data. All data is stored securely in the United States via Supabase.
We collect the following categories of information:
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, email address, hashed password | You, on sign-up |
| Shortkey Content | Shortkey triggers, expansion text, labels | You or your admin |
| Usage Analytics | Expansion counts, keystroke savings count (number of keystrokes avoided), timestamps | Extension / app activity |
| Organization Data | Company name, plan tier, user role | Admin on account setup |
| Technical Data | Browser type, extension version | Automatically, on use |
| Cookie Consent | Accepted or declined preference (stored in localStorage) | Website cookie banner |
We do not collect the content of text fields you type in (e.g., emails, messages, forms). The extension only reads the trigger sequence you type and replaces it — it does not log or transmit your other keystrokes or the content of web pages you visit.
No tracking on our website: We do not use tracking cookies, advertising pixels, or third-party analytics scripts on qwickeys.com. The only data stored in your browser is your cookie consent preference, saved to localStorage under the key qk-cookie-consent. It is never transmitted to any server.
We use collected information solely to:
- Provide, operate, and improve the QwicKeys service
- Authenticate users and enforce role-based access controls
- Sync shortkeys between the admin dashboard and your browser extension
- Display analytics (expansion counts, time saved) to you and your admin
- Send transactional emails (account invitations, onboarding instructions, password resets) via our email provider
- Process AI-assisted shortkey generation and text rephrasing requests (Growth and Business plans) using AWS Bedrock. Descriptions and phrases you submit are transmitted to AWS Bedrock in the United States solely to generate suggestions — they are not stored by us or used to train AI models
- Diagnose bugs and errors reported through monitoring tools
- Comply with legal obligations
We do not use your data for advertising, profiling, or any purposes unrelated to operating the service.
All user data is stored in Supabase, a cloud database platform hosted in the United States. Data is encrypted at rest and in transit using industry-standard TLS encryption.
Server-side functions (account management, billing, AI generation) run on AWS Lambda + API Gateway, also hosted in the United States. AI shortkey generation and text rephrasing use AWS Bedrock (Claude Haiku model, US East region). Descriptions you submit for AI processing are transmitted in real time and are not persisted after the response is returned.
For enterprise clients: Your shortkey data and user records are scoped to your organization and are not accessible to other QwicKeys customers.
We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:
- Service providers: Supabase (database & authentication), AWS Lambda + API Gateway (backend functions), AWS Bedrock (AI generation — Growth/Business plans only), Resend (transactional email), Sentry (error monitoring), Stripe (billing). Each provider is bound by their own data processing agreements.
- Your organization's admin: Admins can view usage analytics and manage users within their organization. They cannot access passwords or data from other organizations.
- Legal requirements: If required by law, court order, or governmental authority.
- Business transfer: In the event of a merger or acquisition, data may be transferred as part of that transaction. We will notify affected users.
The QwicKeys browser extension operates as follows:
- It runs in the background on web pages you visit to detect trigger sequences
- It reads only the characters you type in text input fields to check for a matching shortkey prefix
- It does not record keystrokes, screenshots, page content, or browsing history
- It communicates only with Supabase to fetch your shortkey list and log expansion events
- It requires no system-level access and no IT administrator permissions to install
The extension requests the following browser permissions:
- storage — caches your session token and shortkeys locally on your device so the extension works without a network call on every keystroke. This data is stored locally only and is never synced to external servers by the extension.
- activeTab — allows the extension popup to interact with your currently active browser tab.
- alarms — schedules periodic background synchronization to keep your shortkeys up to date.
- clipboardRead — required only when a shortkey expansion contains the =CLIPBOARD() variable. When this variable is present, the extension reads your clipboard at the moment of expansion and inserts the content inline. Clipboard content is processed locally and is never stored or transmitted to any server.
- scripting — required to support CKEditor 4-based rich text editors used by certain business applications (such as legal case management software). CKEditor 4 exposes its API only in the page's JavaScript layer, which is inaccessible from a standard content script. This permission allows the extension to inject a small compatibility bridge into that layer on specific supported sites only. No user data is accessed or transmitted through this script.
- Host permissions (all sites) — enables shortkey detection and expansion in text fields on any website your team uses. The extension does not read page content, browsing history, or any text outside the field being typed into.
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Request an export of your data in a common format (CSV)
- Objection: Object to certain processing activities
To exercise any of these rights, contact us at the email address in Section 12. We will respond within 30 days. Note that if you are a user under an enterprise account, your organization's admin controls account access — please contact them first for role or access changes.
We retain your data for as long as your account is active or as needed to provide the service. Specifically:
- Account and shortkey data is retained until you or your admin deletes it or closes the account
- Usage analytics are retained for up to 24 months, then aggregated or deleted
- Deleted accounts have their personal data removed within 30 days
- Backups may retain data for up to 90 days after deletion
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- Encrypted storage via Supabase for all data at rest
- Row-level security (RLS) policies ensuring users can only access their own organization's data
- Hashed passwords — we never store plaintext passwords
- Real-time error monitoring via Sentry
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at the address in Section 12.
QwicKeys is intended for use by business professionals and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify account holders via email. Your continued use of QwicKeys after any change constitutes your acceptance of the updated policy.
For privacy-related questions, data requests, or to report a concern: