Skip to main content
qel://legal/privacy

qel:// › legal › privacy

Privacy Policy

Effective · Last updated

privacy · plain english

Short version. We collect your email when you sign up for The Quiet Letter or claim a kit license. We use it to send what you asked for. We do not sell it. We do not run advertising trackers. Any paid SPONDL tier is paid in USDT (TRC20) sent directly to our wallet — you paste the transaction hash into our Telegram bot and we verify on-chain. We never accept cards. You can ask for your data, correct it, or delete it at any time by emailing privacy@quietedgelabs.com.

1. Who we are

This policy applies to the website at quietedgelabs.com and the products published under the Quiet Edge Labs brand (the SPONDL scanner and The Quiet Letter newsletter).

For privacy questions or requests: privacy@quietedgelabs.com.

2. What we collect — and why

Personal data Quiet Edge Labs collects, when, why, and the GDPR legal basis.
WhatWhenWhyLegal basis (GDPR)
Email address You submit the newsletter form or claim a free-tier kit license To send the Sunday letter, deliver your license key, and notify you of updates to the kit you downloaded Consent (Art. 6(1)(a))
License key (and its hash) tied to your email Issued when you claim a SPONDL kit license To validate your license when the kit calls our server, and to re-issue if you ask Contract (Art. 6(1)(b))
IP address — transiently, not stored beyond rate-limit window Every request, like every website To rate-limit license issuance and prevent abuse. Cleared from edge cache within an hour. Legitimate interest (Art. 6(1)(f))
Telegram user ID, if you message our bot You initiate the conversation To deliver bot replies (Telegram requires the ID to send a reply) Consent (Art. 6(1)(a))
TRON transaction hash (TRC20 USDT) You submit payment for a paid SPONDL tier on the hash-verify rail To verify on-chain that the payment landed in our wallet, and to prevent the same hash being claimed twice Contract (Art. 6(1)(b))
Telegram user ID and username You initiate payment or access via our bot To deliver your access confirmation, license key, and channel invite (Telegram requires the ID to send a reply) Contract (Art. 6(1)(b))
Email address hash (SHA-256), where used You submit payment via the hash-verify rail To tie your invoice to your email for re-issuance without storing plaintext (Sprint 4.5 hardening) Contract (Art. 6(1)(b))
Invoice record (amount variant, tier, confirmations, timestamps) You submit payment via the hash-verify rail To maintain an audit trail, prevent replay, and reconcile disputes Legitimate interest (Art. 6(1)(f))

We do not collect or store in our records: your real name (unless you give it voluntarily, for example when you email support), your home or shipping address, your trading results, your account balances, your strategy code, your payment-card details, or your wallet addresses. Your sending wallet address is visible on the public TRON blockchain as part of any transaction you make; we do not extract or persist it in our own records, only the transaction hash you submit.

3. What we never do

  • Sell or rent your data to anyone.
  • Run advertising or behavioral-targeting trackers.
  • Profile you to make automated decisions about you.
  • Send marketing emails you did not opt into.
  • Share your email with sponsors. Newsletter sponsorships, when they exist, are slot-based ads — the sponsor never receives the subscriber list.

4. Who processes your data on our behalf

We use a small number of third-party services to operate. Each is contractually bound to handle data only on our behalf (a Data Processing Addendum, where the regulator requires it).

  • Cloudflare — hosts the website (Pages), the license server (Workers + KV), and the DNS. Cloudflare may see your IP address for security and routing. Cloudflare privacy.
  • MailerLite — sends the Sunday newsletter and welcome emails. Stores email + subscription status. MailerLite privacy.
  • TronGrid (TRON Foundation) — for a paid SPONDL tier, we call their public API to verify the USDT (TRC20) transaction you submit to us. They may see the transaction hash and your IP address at the moment we query. TronGrid terms.
  • Telegram — SPONDL sends its alerts here, and if you message our bot, your message and Telegram user ID transit Telegram's infrastructure. For a paid SPONDL tier on the hash-verify rail, your Telegram user ID and username are stored in our invoice records so we can deliver access. Telegram privacy.
  • GitHub — the open-source SPONDL kit is downloaded from public GitHub releases. GitHub may see your IP when you download. GitHub privacy.

5. International transfers

Our hosting (Cloudflare) is global. The closest edge to you handles your request. If you are in the European Economic Area or the UK, your data may transit servers in the United States or Canada. Cloudflare relies on the EU–US Data Privacy Framework and Standard Contractual Clauses for transfers; MailerLite is established in Ireland and processes EU subscriber data within the EEA where possible. For Swiss residents, transfers rely on the equivalent protection framework recognised under the Swiss nFADP; the same contractual safeguards (SCCs or adequacy decisions) apply. If you are in Australia, we rely on the accountability principle under APP 8.2(b): we are satisfied each third-party processor listed in Section 4 provides comparable privacy protections.

6. How long we keep your data

  • Newsletter subscribers — for as long as you stay subscribed. You can unsubscribe at the bottom of any email; we honor it immediately and purge the record within 30 days.
  • License records (SPONDL kit) — until you ask us to delete them. The HMAC signature still validates without the KV record, so deletion does not break your installed kit; it just stops re-issuance from working.
  • SPONDL paid-tier invoice records (Telegram user ID + username, email hash, transaction hash, tier, timestamps) — retained for the subscription lifetime plus 12 months for dispute resolution, then deleted. You can request earlier deletion at privacy@quietedgelabs.com; deletion will deactivate access if your subscription is active.
  • Edge cache for rate-limiting — less than one hour.
  • Telegram messages — we do not archive chats. Telegram retains messages per their own retention policy.

7. Your rights

Under GDPR, UK GDPR, PIPEDA (Canada), CCPA/CPRA (California), Singapore PDPA, the Australian Privacy Act, and the Swiss nFADP you have rights of access, correction, deletion, portability (where applicable), and the right to lodge a complaint with your local data-protection authority. To exercise any of them, email privacy@quietedgelabs.com from the address you signed up with. We respond within 30 days. We do not charge for a reasonable request. We do not sell personal information, in the meaning the CCPA gives to that term.

If you are in the EU/EEA and we have not resolved your concern, you can complain to your national data-protection authority. If you are in Canada, the Office of the Privacy Commissioner of Canada handles PIPEDA complaints. If you are in Singapore, the Personal Data Protection Commission. If you are in Australia, the Office of the Australian Information Commissioner. If you are in Switzerland, the Federal Data Protection and Information Commissioner.

8. Cookies and analytics

We do not set tracking cookies of our own. We use Plausible Analytics (plausible.io), a privacy-friendly analytics service that does not use cookies, does not fingerprint visitors, and does not associate visits with identifiable users. It records aggregate page-view counts and referrer domains so we know which content lands. Plausible privacy policy.

Cloudflare may set short-lived technical cookies for bot detection (for example, __cf_bm). These are strictly necessary for the site to work and exempt from consent under the ePrivacy Directive.

Fonts on this site are self-hosted — we do not load anything from fonts.googleapis.com, so your IP is not transmitted to Google when you visit.

9. Children

The brand is built for self-directed traders, not for children. We do not knowingly collect data from anyone under 16 (or under 13 if you are in the United States, per COPPA). If you believe a child has signed up, email privacy@quietedgelabs.com and we will delete the record.

10. Security

License keys are HMAC-signed tokens. License records are stored encrypted at rest by Cloudflare KV. Secrets (API keys, signing keys) are stored as Cloudflare Pages Secrets, never committed to the public repository. We run continuous vulnerability scans against the codebase and dependencies (gitleaks, osv-scanner, nuclei) and ship security fixes the same day.

11. Changes to this policy

If we change how we handle your data, we update this page and bump the “Last updated” date at the top. Substantive changes (a new processor, a new data category, a change to retention) are also announced in the next Sunday newsletter so subscribers see the change at least once.

12. Contact

Email privacy@quietedgelabs.com for any privacy request. For general support, use the contact route on the page of the product you are using.

qel://legal/privacy · not financial advice
pane 01 · privacy policy
g h home  g l letter  ⌘K palette