Legal
Privacy Policy
Effective March 1, 2026 · Lead Logger LLC
This Privacy Policy describes how Lead Logger LLC, doing business as Quilivo (“Quilivo,” “we,” “our,” or “us”), collects, uses, and protects your personal information when you use our collaborative whiteboard application at quilivo.com (the “Service”). By using the Service, you agree to the practices described in this policy.
Quilivo is operated by a limited liability company organized under the laws of the State of Illinois, United States. The Service is available exclusively to users located in the United States.
1. Eligibility
The Service is restricted to users who are at least 18 years of age and are located in the United States. We use geographic restrictions at the network level to prevent access from outside the United States. We do not knowingly collect personal information from anyone under the age of 18 or from individuals located outside the United States.
2. Information We Collect
2.1 Account Information (via Google OAuth)
When you sign in with Google, we receive and store the following information from your Google account:
·Your name
·Your email address
·Your profile picture URL
We do not receive or store your Google password. Authentication is handled entirely by Google’s OAuth 2.0 service.
2.2 Board and Content Data
When you use the Service, we store the content you create and interact with, including:
·Sticky notes, text blocks, and arrows you place on boards
·Board names and membership information (who you invite to your boards)
·Real-time cursor position data while you are actively using a board
Cursor position data is ephemeral and used solely to display live cursors to your collaborators. It is not retained after your session ends.
2.3 Payment Information
If you upgrade to a Pro subscription, payment processing is handled entirely by Stripe, Inc. We do not receive, store, or have access to your full credit card number. Stripe may provide us with limited information such as the last four digits of your card, the card brand, and the expiration date for display purposes. Stripe’s collection and use of your payment information is governed by Stripe’s privacy policy.
2.4 Automatically Collected Information
Our infrastructure providers may automatically collect certain technical information when you access the Service:
·Cloudflare (CDN and security): IP address, request metadata (such as browser type, request URL, and timestamp). Cloudflare uses this information for security, performance optimization, and to enforce our geographic access restrictions. We have Cloudflare’s proxy service enabled, which means your connection passes through Cloudflare’s network.
·Railway (application hosting): Standard server logs including IP addresses and request metadata that are generated in the normal course of hosting our application.
We do not use any first-party analytics tools, tracking pixels, advertising networks, or third-party analytics services (such as Google Analytics) on the Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
·To provide and operate the Service, including real-time collaboration features
·To authenticate your identity and manage your account
·To process Pro subscription payments through Stripe
·To enforce board access controls and membership
·To enforce geographic access restrictions
·To protect the security and integrity of the Service
We do not use your personal information for advertising, profiling, automated decision-making, or any purpose unrelated to providing the Service.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party for any reason.
We share your information only with the following categories of service providers, solely to the extent necessary to operate the Service:
·Google (authentication): Receives authentication requests when you sign in.
·Stripe (payment processing): Receives payment information when you subscribe to Pro.
·Cloudflare (CDN/security): Processes network traffic to provide security and enforce geographic restrictions.
·Railway (hosting): Hosts the application infrastructure.
·SpacetimeDB (database): Stores and synchronizes your board and account data in real time.
We may also disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
5. Board Collaboration and Shared Data
Boards on Quilivo are private by default. Only the board owner and users who have been explicitly invited (and have accepted the invitation) can view or edit a board’s contents.
When you are invited to and join a board, other members of that board can see your name, your cursor position in real time, and any content you add to the board. Board owners can see the names and email addresses of invited members.
6. Data Storage and Security
Your data is stored on servers located in the United States. We use commercially reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of electronic storage or transmission over the Internet is completely secure, and we cannot guarantee absolute security.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete content from a board, it is removed from the live database. Account-level data (your name, email, and avatar URL) is retained until you request deletion.
8. Your Rights and Choices
8.1 Account Deletion
You may request deletion of your account and all associated personal data by contacting us at [email protected]. Upon receiving a verified request, we will delete your personal information from our active systems. Note that some information may persist in backups for a limited period and that we may retain certain information as required by law.
8.2 Data Access
You may request a copy of the personal information we hold about you by contacting us at [email protected].
8.3 Revoking Google Access
You can revoke Quilivo’s access to your Google account at any time through your Google Account settings. Revoking access will prevent you from signing in to the Service but will not automatically delete your data from our systems. To delete your data, please also submit a deletion request as described above.
9. State Privacy Rights
Depending on your state of residence, you may have additional rights under state privacy laws. While the Service is available only within the United States, residents of states with comprehensive privacy laws (including but not limited to California, Virginia, Colorado, Connecticut, and Texas) may have rights that include:
·The right to know what personal information we collect about you and how it is used
·The right to request deletion of your personal information
·The right to request a copy of your personal information in a portable format
·The right to opt out of the sale or sharing of personal information (note: we do not sell or share your personal information for targeted advertising)
·The right to non-discrimination for exercising your privacy rights
To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law.
9.1 California Residents (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. We do not sell your personal information, and we do not use or disclose sensitive personal information for purposes other than providing the Service. You may designate an authorized agent to make a request on your behalf. For details on the categories of personal information we collect and our business purposes, see Sections 2 and 3 above.
9.2 Illinois Residents
We do not collect biometric information (such as fingerprints, facial geometry, or voiceprints) as defined under the Illinois Biometric Information Privacy Act (BIPA).
10. Cookies and Similar Technologies
We use a single session cookie that is strictly necessary for authentication (keeping you signed in). This cookie is set by our authentication system (NextAuth.js) and is required for the Service to function. We do not use advertising cookies, tracking cookies, or any non-essential cookies.
Cloudflare may set additional cookies for security purposes (such as bot detection). These are functional cookies managed by Cloudflare and are not used for tracking or advertising.
11. Do Not Track Signals
Because we do not engage in any tracking of users across third-party websites, we do not currently respond to Do Not Track (“DNT”) browser signals. Our data collection practices are the same regardless of your DNT setting.
12. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party service you visit.
13. International Access
The Service is intended for use only within the United States. We use Cloudflare’s geographic restrictions to block access from outside the United States and we restrict payment processing to U.S.-issued payment methods. If you access the Service from outside the United States, you do so at your own risk and are responsible for compliance with applicable local laws.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service with a revised effective date. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
15. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
© 2026 Lead Logger LLC. All rights reserved.