QDD ("Qualitative Directional Disclosure") operates the website at qddindex.com. This policy explains what data we collect, how we use it, and your rights regarding that data.
QDD is a privacy-first, opt-in platform. Anonymous browsing is a feature, not a gap. You can explore the knowledge graph, read predictions, review disclosure targets, and browse intel articles without creating an account or being identified. The platform only asks for authentication at the moment you choose to take a specific action — such as submitting a prediction, proposing a disclosure target, publishing an article, or contributing to the knowledge graph.
2. Information We Collect
Account data: Email address and authentication credentials when you create an account.
Profile information: Display name, avatar, and bio that you choose to set in your profile settings. Your display name is shown alongside your contributions (predictions, targets, articles) on the platform.
User-generated content: Submissions, predictions, proposals, and articles you contribute to the platform.
Usage analytics: Anonymous page views and performance metrics collected via industry-standard analytics services.
Local storage: Preferences and draft data stored in your browser.
3. Name & Identity Sharing
Your display name is visible to other users when you submit predictions, propose disclosure targets, publish intel feed articles, or contribute to knowledge graph entities. You control what name is shown — contribute anonymously or publicly, at your discretion:
Pseudonym system: Every account is assigned a system-generated pseudonym (e.g. "NobleWatcher124"). This is your public-facing display name by default — there is no requirement to use your legal name. Pseudonyms can be changed every 30 days via Profile Settings.
Contributor ID: Each account receives a contributor identifier (e.g. "QDD-XREF-ECHO-00009") for internal provenance tracking. This ID is private by default and can be updated once you opt in to public sharing via Privacy Settings.
Your email address is never publicly displayed on the platform.
Privacy modes: Your profile operates in one of three modes, controlled from Profile → Privacy: ANON (default — pseudonym shown, unlisted, scores anonymous), PUBLIC (real name shown, listed publicly, scores attributed), or VERIFIED (OAuth-verified handle shown via Google, Apple, or GitHub).
Visibility controls: You choose independently whether to reveal your name, avatar, score attribution, and public listing. Scores always count toward consensus calculations even when your visibility is set to anonymous — similar to hidden engagement metrics on other platforms.
ANONPseudonym AV: A unique default AV is generated from your pseudonym. You may replace it with a custom profile picture or your OAuth provider's avatar at any time.
Provenance tracking: Every contribution to the knowledge graph records who added it, when, and what changed — providing a full audit trail. This attribution uses your pseudonym (or "Anonymous"), never your email.
4. Opt-In Security & Privacy Settings
QDD is built on a principle of action-gated consent — we rejected ambient identification patterns (such as auto-prompted sign-in popovers) in favor of on-demand authentication. The sign-in prompt only appears when you initiate a specific contribution, and each gate tells you exactly what you are signing in to do.
The following settings give you control over your security and visibility:
On-demand sign-in: You are never prompted to sign in while browsing. Authentication is only requested at the point of action — "Login to predict," "Login to publish," "Login to discuss," etc. You control when the platform learns your identity.
OAuth verification: You may optionally link your Google, Apple, or GitHub account to earn a "Verified" badge on your profile. You can unlink a provider at any time from Privacy Settings. Linking an OAuth provider does not share any additional data with QDD beyond confirming account ownership.
Password management: Email-based accounts can set or change their password from Privacy Settings. Password reset links are sent via secure email and expire after use.
Email notifications: Platform notifications (prediction outcomes, submission reviews, system announcements) are opt-in. You will not receive marketing emails unless you explicitly subscribe.
Profile visibility: Your profile visibility is controlled by a checkbox matrix in Privacy Settings. You can independently toggle: name visibility, avatar display, score attribution, and public listing. The default mode is maximum privacy — pseudonym only, unlisted, scores anonymous.
Data export: You may request a full export of your personal data and contributions at any time.
5. How We Use Your Information
To provide and maintain the QDD platform and its features.
To attribute contributions (predictions, targets, intel posts) to your account.
To improve site performance, fix bugs, and develop new features.
To communicate platform updates, if you have opted in to notifications.
6. Data Sharing
We do not sell your personal data. We may share anonymized, aggregated analytics with third parties. User-generated content (predictions, targets, articles) is publicly visible on the platform by design.
7. Data Storage & Security
Row-Level Security (RLS): All data is stored with RLS policies enforced at the database layer. Each user can only access rows they are authorized to view or modify — access control is not application-level, it is enforced by the database itself.
Encryption at rest: Database storage is encrypted at rest using AES-256. Backups are also encrypted.
Encryption in transit: All connections use HTTPS / TLS. No data is transmitted over unencrypted channels.
Authentication: Handled via secure JWT token management. Tokens are short-lived and automatically refreshed. Session cookies are HTTP-only and secure-flagged.
OAuth credentials: OAuth tokens from Google, Apple, and GitHub are managed by the authentication layer and never stored in the application database.
Client-side encryption vault: API keys (BYOK) and local connection credentials you provide are encrypted entirely in your browser using the Web Crypto API. Keys are derived via PBKDF2 (100,000 iterations, SHA-256) with a per-user random salt. Values are encrypted with AES-256-GCM using a unique initialization vector per entry, providing both confidentiality and tamper detection.
Zero server storage: No API key or local connection credential you enter is ever transmitted to or stored on QDD infrastructure. Encrypted data lives only in your browser's local storage. Derived encryption keys exist only in memory during your session and are never persisted to disk.
Versioned local schema: Local storage migrations are handled with conditional upgrades, ensuring your existing encrypted data survives application updates without data loss.
8. Your Rights
You may request access to, correction of, or deletion of your personal data by contacting us. You can delete your account at any time from your profile settings.
9. Cookies & Tracking
We use essential cookies for authentication sessions. Analytics cookies are used for anonymous usage tracking. No advertising cookies are used.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date.
11. Contact
Questions about this policy? Reach out via the platform.