Privacy Policy

Last updated: 17 April 2026

QuickSummer Entertainment ("we", "us", "our") is operated by Welcome Entertainment OÜ, registered in Estonia. This policy explains what personal data we collect when you use the platform at quicksummer.com, why we collect it, how we store it, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Data we collect

When you register and use QuickSummer we collect:

Account data: first name, last name, email address, role (e.g. producer, agent), hashed password (PBKDF2-SHA512).
Project data you enter: calculator inputs, saved ideas, pitch materials, classifieds posts, intro requests, and anything you choose to upload or publish.
Session data: an authentication cookie (qse_token) to keep you signed in.
Billing data (only if you subscribe or fund an escrow): we never see or store your full card number. Stripe collects and stores card details under their own privacy policy. We only store a Stripe customer ID and subscription metadata (tier, renewal date).
Stripe Connect data (for introducers receiving payouts): identity and bank details you provide to Stripe during onboarding are held by Stripe. We store only the Connect account ID, charges-enabled flag, and payouts-enabled flag.
Technical data: IP address (used for rate-limiting abuse), browser user-agent on authentication events.

2. Why we collect it (lawful basis)

To provide the service (Art. 6(1)(b) GDPR – contract): account management, saving your projects, delivering features you requested.
To process payments (Art. 6(1)(b)): subscription billing and escrow payouts via Stripe.
To prevent fraud and abuse (Art. 6(1)(f) – legitimate interest): login rate-limiting, webhook signature checks.
To send transactional emails (Art. 6(1)(b)): password resets, receipts, payout notifications.
For newsletters (Art. 6(1)(a) – consent): only if you opted in. You can unsubscribe at any time from any newsletter email.

3. Sub-processors we share data with

Stripe, Inc. — payment processing, subscription billing, Stripe Connect payouts. stripe.com/privacy
Google LLC — Gemini API for AI translation of user-submitted content. Text is sent to Google only when translation is requested. policies.google.com/privacy
Our SMTP email provider — for transactional email delivery.

We do not sell personal data. We do not share data with advertisers.

4. How long we keep your data

Account data: while your account is active, plus up to 12 months after closure to handle disputes.
Payment records: 7 years (EU accounting law).
Session tokens: maximum 30 days, then purged.
Password reset tokens: single-use, 1-hour TTL.
Expired escrow offers and completed classifieds: 30 days then auto-archived.

5. Your rights

Under GDPR you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated data (subject to the retention periods above for legal/accounting).
Export your data in a machine-readable format.
Withdraw consent for marketing emails at any time.
Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

To exercise any of these rights, email privacy@quicksummer.com. We respond within 30 days.

6. Security

Passwords are hashed with PBKDF2-SHA512 (10,000 iterations, unique salt per user) and are never stored or transmitted in plain text. All traffic is encrypted with TLS. Card details never touch our servers; Stripe handles them under PCI DSS Level 1.

7. Cookies

We use one strictly-necessary cookie (qse_token) to keep you signed in. We do not use analytics, tracking, or advertising cookies. No consent banner is required under ePrivacy because only strictly-necessary cookies are set.

8. Changes to this policy

If we materially change this policy we'll notify account holders by email at least 30 days in advance.

9. Contact

Welcome Entertainment OÜ
Email: privacy@quicksummer.com
Estonia