Frequently Asked Questions
Straight answers about what QuietPart does, what it avoids collecting, and where anonymity still depends on careful survey design and careful answers.
For respondents
What does anonymous mean here?
No system can honestly promise perfect anonymity. QuietPart is designed not to collect respondent names, emails, IP addresses, user agents, referrers, unique invite tokens, fingerprints, or analytics identifiers in the application database. It uses only necessary signed cookies for access sessions and duplicate-submission friction. You can still identify yourself if you write personal details in a free-text answer, and server or proxy logs outside the application database may exist separately.
What can the survey creator see?
They can see aggregated counts, percentages, rating averages, and written answers. They cannot see respondent names, emails, IP addresses, browser details, referrers, exact timestamps, or response IDs because QuietPart does not store those for responses.
Are written answers encrypted?
For new surveys, yes. Written answers are encrypted in your browser before submission. The server stores ciphertext, and the private decryption key lives only in the admin URL fragment after #k=, which browsers do not send to the server.
Should I include names or specific incidents?
Be specific enough to be useful, but avoid details that identify you or someone else unnecessarily. A small team, a rare event, a job title, or a phrase only one person would use can make a response easier to recognize.
For survey creators
Can I require one response per person?
QuietPart can block repeat submissions from the same browser with a necessary, survey-scoped cookie. It cannot honestly prove one response per person without stronger tracking such as logins, unique links, IP tracking, or browser fingerprinting.
What happens when the survey expires?
Results and exports are refused after the survey's delete_after time. The cleanup job removes expired surveys, questions, options, responses, and answers from the SQLite database on startup, hourly, and when npm run cleanup is run.
Can QuietPart recover my admin link?
No. The raw admin token is shown once, then only a hash is stored. The written-answer decryption key is also only in the admin URL fragment. If you lose that link, QuietPart cannot reconstruct it.
Can I export results?
Yes. Server-generated exports contain choice and rating answers plus ciphertext for encrypted written answers. When the admin browser has the original decryption key, the admin page can assemble decrypted exports client-side.
Site details
Does QuietPart use analytics or third-party scripts?
No. The respondent browser should only load assets from the QuietPart server. Fonts are self-hosted, scripts are local, and there are no tracking pixels or external analytics scripts.
What happens outside the application database?
QuietPart's auto-deletion removes survey data from the application database. Separate server logs, proxy logs, host snapshots, and backups may have their own retention behavior outside that database.
Where can I read more detail?
Start with the Privacy Policy for the policy version, then read How it works for the mechanical walkthrough.