The Quiet Standards Framework

An Auditable Standard for Attention-Respecting Software

Accessibility has WCAG. Privacy has GDPR. Hardware has the Calm Tech Institute. But there is no equivalent standard for how software treats your attention, your data, or your right to leave.

The Quiet Standards Framework is the first open, auditable, product-level specification for attention-respecting software. 104 criteria across 7 domains. 27 must-pass gates. 143 scorable points. Designed so two independent auditors reach the same conclusion.

Built by the team that ships calm technology every day — not as theory, but as engineering practice.

The Landscape

Good Work Exists. The Gap Is Specific.

Organizations are doing important work on ethical technology in advocacy, hardware certification, privacy law, accessibility, and process standards. What doesn't exist is a product-level, auditable standard for how software treats your attention, your data, and your right to leave. QSF fills that specific gap.

WCAG

Auditable standardAccessibility

The gold standard for auditable design criteria. Proves this model works. But it covers disability access only — not attention, data sovereignty, dark patterns, or engagement ethics.

Calm Tech Institute

81-point certificationHardware

Evaluates physical products across materials, light, and sound. Certified reMarkable, Mudita, Daylight Computer. No coverage for software UX, data portability, or engagement loops.

GDPR Certification Marks

Auditable certificationData consent

EuroPriSe and similar schemes certify data protection compliance. Covers consent-related dark patterns but not engagement design, notification ethics, or graceful offboarding.

Center for Humane Technology

AdvocacyAwareness

Built massive public awareness around attention exploitation. Publishes frameworks and toolkits. Does not certify products or offer an auditable standard.

IEEE 7000

Process standardDesign process

Tells organizations how to incorporate ethics into design. Audits the process, not the product. Cannot tell you whether an app’s notifications respect your dinner.

Norwegian Consumer Council

Policy reportRegulation

“Breaking Free” identifies enshittification and pushes for the EU Digital Fairness Act. Operates at the policy level — no engineering criteria a developer can test against.

QSF is designed to complement this work, not replace it. A product could hold WCAG conformance for accessibility, GDPR certification for data protection, Calm Tech certification for its hardware, and QSF certification for how its software respects the people who use it. These are different questions. We answer the one no one else is asking.

The Specification

7 Domains. 104 Criteria.

Each domain maps to a core conviction about how software should treat the people who use it. Every criterion is specific enough that two independent auditors reach the same conclusion.

Read the full specification →
Domain 01

Attention

Design for the smallest possible amount of your attention

23 criteria
6 must-pass

Areas Evaluated

Notification architectureEngagement pattern prohibitionInterface restraint

Example Criteria

  • No push notifications unless user-configured. Marketing/re-engagement = auto-fail.
  • No infinite scroll. Feeds must terminate or paginate.
  • No streaks, badges, leaderboards, or penalties for non-use.
  • Default notifications are the minimum state. User opts in, not out.
Domain 02

Data Sovereignty

Your data belongs to you

18 criteria
5 must-pass

Areas Evaluated

Data portabilityCollection minimalismSecurity and deletion

Example Criteria

  • Full data export in open format (JSON, CSV, XML) within 3 clicks.
  • Export includes ALL user-generated content, metadata, and history.
  • Never sells or shares data with advertisers or data brokers.
  • Account deletion is complete, permanent, and in-app.
Domain 03

Honesty

Amplify the best of people and technology without confusing the two

16 criteria
5 must-pass

Areas Evaluated

Dark pattern prohibitionAlgorithmic transparencyBusiness model transparency

Example Criteria

  • No confirmshaming, roach motels, or bait-and-switch.
  • Cancellation flow has no more steps than the signup flow.
  • Monetization model stated plainly on marketing site and in-app.
  • AI-generated content clearly labeled and distinguishable.
Domain 04

Departure

Solve the problem, then get out of your way

12 criteria
4 must-pass

Areas Evaluated

Session closureAccount offboardingGraceful degradation

Example Criteria

  • No retention dialogs or emotional appeals when closing the app.
  • Subscription cancellable entirely in-app. No phone calls or letters.
  • After cancellation, data remains accessible and exportable for 30+ days.
  • Documented plan for user data if company shuts down.
Domain 05

Respect

Respect your time and social norms

14 criteria
3 must-pass

Areas Evaluated

Temporal respectContextual intelligenceResource respect

Example Criteria

  • No sensor access without explicit, revocable consent.
  • Default notification times restricted to 8AM–9PM user-local.
  • No crypto mining or unauthorized device resource usage.
  • Just-in-time permission requests only, not all at first launch.
Domain 06

Durability

Software degrades gracefully

12 criteria
3 must-pass

Areas Evaluated

AccessibilityStandards and interoperabilityLongevity

Example Criteria

  • WCAG 2.1 Level AA for all primary user flows.
  • Minimum 44×44px touch targets. Fully keyboard-navigable.
  • Uses open web standards. No proprietary plugins for core function.
  • Public changelog and stated support policy.
Domain 07

Governance

Transparent and verifiable

9 criteria
1 must-pass

Areas Evaluated

Privacy and legal clarityUser communicationEthical commitments

Example Criteria

  • Privacy policy exists, accessible in-app, updated within 12 months.
  • Plain-language privacy summary at 8th-grade reading level.
  • All third-party SDKs and trackers identified with data practices.
  • Funding sources publicly disclosed.

Scoring

How Certification Works

27 must-pass gates. 77 scored criteria totaling 143 points. Fail any must-pass and certification is denied at every tier, regardless of total score. Must-pass criteria are the line between ethical software and everything else.

40% of 143 points

QSF Verified

57+ points required

Meets baseline ethical standards. No exploitative patterns. All 27 must-pass criteria satisfied.

60% of 143 points

QSF Certified

86+ points required

Demonstrates active commitment to user respect across all domains. Requires domain minimums — you cannot compensate for weak data practices with strong notification design.

80% of 143 points

QSF Exemplary

114+ points required

Industry-leading attention-respecting software. Suitable as a reference implementation for others building in this space.

Audit Methodology

Four Evidence Types

Each criterion specifies how it is verified. The framework is designed so two independent auditors reach the same conclusion on every point.

T

Technical Inspection

Auditor examines the running application, source code, or network traffic.

D

Documentation Review

Auditor reviews published policies, changelogs, or support documentation.

U

User Journey Walkthrough

Auditor completes a specific user flow and records the experience step by step.

A

Declarative Attestation

Company attests to practices that cannot be externally verified. False attestation voids certification.

Build Software Worth Certifying

Whether you want to self-audit against the framework, bring us in to evaluate your product, or work together to remediate what you find — we are here for builders who believe attention is worth protecting.

The full specification is open. The self-audit toolkit is free. Certification is earned.

Read the Full SpecificationBook an Audit Consultation