Hi-Low Studio LLC

The Quiet Standards Framework

Auditable Certification Standard for Attention-Respecting Software

Version 1.0 · 104 criteria · 7 domains · 27 must-pass gates · 143 scorable points

Published openly. A standard you can't read isn't a standard.

Domain 01

Attention

“Design for the smallest possible amount of your attention”

23 criteria6 must-pass27 available points

1A. Notification Architecture

ATT-01Must-PassNo push notifications unless user-configured trigger. Marketing and re-engagement notifications are an automatic fail.

ATT-02Must-PassSingle, accessible control to disable ALL non-critical notifications in one action.

ATT-03Must-PassDefault notification settings are the minimum permission state. User opts in, not out.

ATT-042 ptsUser-defined quiet hours during which notifications are queued and held, not just muted.

ATT-052 ptsNotifications contain enough context to be actionable without opening the app.

ATT-062 ptsNon-urgent notifications batched into digest form rather than delivered individually.

ATT-071 ptUser-accessible notification log showing count and content of notifications sent in the last 30 days.

ATT-081 ptRespects OS-level notification settings (Do Not Disturb, Focus modes) without circumventing them.

1B. Engagement Pattern Prohibition

ATT-09Must-PassNo infinite scroll. Content feeds must terminate or paginate with a clear endpoint.

ATT-10Must-PassNo streak mechanics, loss-aversion timers, or any mechanism that penalizes the user for not using the product.

ATT-11Must-PassNo gamification (points, badges, leaderboards, levels, XP) unless the product is explicitly a game.

ATT-122 ptsNo auto-play media without explicit user initiation on each piece of content.

ATT-132 ptsNo variable-ratio reinforcement schedules (pull-to-refresh revealing new content, randomized rewards).

ATT-142 ptsSession length is transparent to the user through a visible timer, session summary, or periodic check-in.

ATT-151 ptNo social comparison metrics (follower counts, like counts, view counts) unless the product’s explicit purpose requires it.

1C. Interface Restraint

ATT-162 ptsPrimary task flow completable in 3 or fewer screens from launch.

ATT-172 ptsNo interstitial screens or splash animations exceeding 2 seconds when content is available.

ATT-182 ptsModal dialogs used only for destructive actions or critical confirmations, not for promotions, upsells, or announcements.

ATT-192 ptsSupports prefers-reduced-motion at the OS level and reduces or eliminates animations accordingly.

ATT-201 ptVisual hierarchy clearly distinguishes primary from secondary actions. No competing calls-to-action of equal weight.

ATT-211 ptEmpty states are informative and calm. Not used for upselling, cross-promotion, or creating anxiety.

ATT-221 ptNo use of color red, urgency language, or pulsing/animating elements to manufacture false urgency.

ATT-231 ptTypography and layout maintain a readable measure (line length 45–80 characters for body text).

Domain 02

Data Sovereignty

“Your data belongs to you”

18 criteria5 must-pass27 available points

2A. Data Portability

DAT-01Must-PassFull data export in at least one open, machine-readable format (JSON, CSV, XML, or domain-appropriate open standard).

DAT-02Must-PassData export is complete — includes ALL user-generated content, metadata, configuration, and history.

DAT-03Must-PassExport accessible within 3 clicks from settings. No support ticket, waiting period exceeding 24 hours, or discouragement flow.

DAT-043 ptsAPI or webhook system for real-time or near-real-time data sync with external systems chosen by the user.

DAT-052 ptsExported data structured and documented sufficiently for import into a competing product or custom system.

DAT-062 ptsSupports import of data from at least one competing product or common format in its category.

2B. Data Collection Minimalism

DAT-07Must-PassNo data collected, stored, or transmitted beyond what is required for features the user is actively using.

DAT-08Must-PassNever sells, shares, or provides user data to third-party advertisers, data brokers, or ad networks.

DAT-093 ptsReal-time, user-accessible inventory of all data held about the user — not just privacy policy categories, but an actual data viewer.

DAT-102 ptsAnalytics and telemetry, if present, are opt-in (not opt-out) and clearly explain what is collected and why.

DAT-112 ptsCore features function with all optional data collection declined.

DAT-121 ptStated data retention periods with automatic purge when purpose expires.

2C. Data Security & Deletion

DAT-133 ptsSensitive user data encrypted at rest using industry-standard encryption (AES-256 or equivalent).

DAT-143 ptsAccount deletion is complete, permanent, and accessible within the application. No "contact support to delete."

DAT-152 ptsClear distinction between "deactivation" (data retained) and "deletion" (data destroyed), with both offered.

DAT-162 ptsBackups of user data purged within 30 days of deletion request.

DAT-171 ptSupports industry-standard authentication (OAuth 2.0, passkeys); phone number not mandatory.

DAT-181 ptData transmission uses TLS 1.2 or higher exclusively.

Domain 03

Honesty

“Amplify the best of people and technology without confusing the two”

16 criteria5 must-pass22 available points

3A. Dark Pattern Prohibition

HON-01Must-PassNo confirmshaming (guilt-laden language on decline buttons).

HON-02Must-PassNo roach motel patterns (easy to sign up, deliberately difficult to cancel or delete).

HON-03Must-PassNo bait-and-switch (advertising one feature, price, or capability and delivering another after commitment).

HON-04Must-PassCancellation or downgrade flow contains no more steps than the signup or upgrade flow.

HON-052 ptsNo pre-checked optional consent boxes, newsletter signups, or add-on purchases.

HON-062 ptsPrice presented clearly at point of decision. No hidden fees, no "starting at" pricing that escalates.

HON-072 ptsNo false urgency (fake countdown timers, "only 3 left!" when inventory is not genuinely scarce).

HON-081 ptNo visual misdirection toward company-preferred option and away from user-preferred option.

3B. Algorithmic Transparency

HON-093 ptsIf algorithmic curation is used, primary ranking factors disclosed in plain language accessible from the interface.

HON-102 ptsAt least one non-algorithmic view of content (chronological, alphabetical, or user-defined sort) available.

HON-112 ptsAI-generated content clearly labeled as such and distinguishable from human-authored content.

HON-121 ptNo dynamic pricing personalized by user behavior or inferred willingness to pay.

3C. Business Model Transparency

HON-13Must-PassMonetization model stated plainly on marketing site and within the application.

HON-143 ptsIf the product is free, the application explains how it is funded.

HON-152 ptsNo degrading existing features to upsell paid tiers without advance notice and data export option.

HON-162 ptsTerms of service available in a plain-language summary at maximum 8th-grade reading level.

Domain 04

Departure

“Solve the problem, then get out of your way”

12 criteria4 must-pass15 available points

4A. Session Closure

DEP-012 ptsNo retention dialogs, "Are you sure?" prompts, or emotional appeals when closing (unsaved-work warnings permitted).

DEP-022 ptsAuto-saves state so user can close at any moment without loss of work.

DEP-031 ptNo re-engagement emails within 72 hours of a user’s last session.

DEP-041 ptNo ads, surveys, or promotional content displayed at the closing or logout moment.

4B. Account Offboarding

DEP-05Must-PassSubscription cancellable entirely within the application or web interface. No phone calls, retention agents, or mailed letters.

DEP-06Must-PassAfter cancellation, previously paid-for data remains accessible and exportable for a minimum of 30 days.

DEP-07Must-PassCancellation confirmation is clear and immediate with the effective date and what happens to user data.

DEP-082 ptsTransfer ownership capability for shared accounts, teams, or family plans.

4C. Graceful Degradation

DEP-09Must-PassIf internet required for primary functionality, clearly stated before signup and on marketing materials.

DEP-103 ptsMeaningful offline functionality. Core features degrade gracefully rather than failing completely.

DEP-112 ptsDocumented plan for user data if company shuts down, referenced in Terms of Service.

DEP-122 ptsNo mandatory updates that remove features, change the interface substantially, or reset preferences without choice.

Domain 05

Respect

“Respect your time and social norms”

14 criteria3 must-pass19 available points

5A. Temporal Respect

RES-013 ptsUser-defined schedules governing when the application may send notifications, sync data, or perform background activities.

RES-022 ptsDefault notification times restricted to 8:00 AM– 9:00 PM in the user’s timezone unless explicitly configured otherwise.

RES-032 ptsNo time-of-day or day-of-week urgency messaging ("Weekend sale ends tonight!").

RES-041 ptRecurring scheduled actions respect user calendar integrations or quiet periods if offered.

RES-051 ptAnniversary, milestone, or commemorative notifications are opt-in only.

5B. Contextual Intelligence

RES-06Must-PassNo device sensor access (camera, microphone, location, contacts, health data) without explicit, per-use or per-session consent revocable at any time.

RES-07Must-PassNo sensor use for purposes beyond stated functionality.

RES-082 ptsRespects OS-level Focus or Do Not Disturb states and adjusts behavior accordingly.

RES-092 ptsIf location data is used, provides "only while using" option. No core degradation if background location is denied.

RES-101 ptJust-in-time permission requests only. No requesting permissions at first launch for features not yet attempted.

5C. Resource Respect

RES-11Must-PassNo cryptocurrency mining, distributed computation, or use of device resources for purposes unrelated to stated functionality.

RES-122 ptsBackground resource usage (CPU, memory, battery) proportionate to functionality.

RES-132 ptsNo keeping device awake or maintaining persistent background connections when user is not actively using the application.

RES-141 ptInstallation size and ongoing storage usage documented and reasonable for the product’s category.

Domain 06

Durability

“Software degrades gracefully”

12 criteria3 must-pass17 available points

6A. Accessibility

DUR-01Must-PassWCAG 2.1 Level AA compliance for all primary user flows.

DUR-02Must-PassAll interactive elements have minimum 44×44 CSS pixel touch targets (mobile) or equivalent keyboard-navigable focus states (desktop).

DUR-033 ptsFully navigable via keyboard alone. No mouse or touch-only interactions for primary functionality.

DUR-042 ptsScreen reader support with appropriate ARIA labels, roles, and live regions for dynamic content.

DUR-052 ptsColor is never the sole means of conveying information (error states, status indicators, form validation).

DUR-061 ptSupports user-configurable text size scaling up to 200% without loss of content or functionality.

6B. Standards & Interoperability

DUR-07Must-PassUses open web standards. No proprietary plugins, browser-specific features, or single-vendor runtimes for core functionality.

DUR-082 ptsSupports or implements relevant open protocols for its domain (CalDAV, RSS/Atom, SMTP, ActivityPub, etc.).

DUR-092 ptsData format publicly documented, enabling third-party tools to read and process exported data.

6C. Longevity

DUR-102 ptsPublicly accessible changelog documenting changes, removals, and additions.

DUR-112 ptsStated support policy: how long the current version will receive security updates and what happens at end-of-life.

DUR-121 ptRuns on OS versions within 2 major releases. No unreasonably recent hardware requirements.

Domain 07

Governance

“Transparent and verifiable”

9 criteria1 must-pass16 available points

7A. Privacy & Legal Clarity

GOV-01Must-PassPrivacy policy exists, is accessible within the application, and was updated within the last 12 months.

GOV-023 ptsPrivacy policy contains a plain-language summary (maximum 500 words, 8th-grade reading level) covering what data is collected, why, who can see it, how long it is kept, and how to delete it.

GOV-032 ptsUsers notified of material changes to privacy policy or terms of service before they take effect, with a clear summary of what changed.

GOV-042 ptsAll third-party services, SDKs, and trackers identified with their data practices disclosed.

7B. User Communication

GOV-052 ptsPublicly accessible way to report bugs, request features, or provide feedback without requiring a social media account.

GOV-062 ptsActual user documentation covering all primary features (not just marketing copy).

GOV-071 ptEstimated response time for support requests, met at least 80% of the time.

7C. Ethical Commitments

GOV-082 ptsFunding sources publicly disclosed, including any investors or board members with interests in advertising, data brokerage, or attention-extraction industries.

GOV-092 ptsPublished statement of design principles or ethical commitments that predates and is independent of the QSF certification.

Scoring & Certification

Must-Pass Gate

There are 27 must-pass criteria across all domains. A product that fails any single must-pass criterion cannot receive certification at any tier, regardless of total score.

Point Scoring

The 77 scored criteria total 143 possible points. 3 points for criteria requiring significant investment or representing industry-leading practice. 2 points for strong practice achievable with moderate effort. 1 point for good hygiene achievable with minimal effort.

Domain Minimums

QSF Certified and QSF Exemplary tiers require a minimum of 40% of available scored points in every domain. A product cannot compensate for poor data practices with excellent notification design.

Certification Tiers

QSF Verified

57+ of 143 points (40%)

Meets baseline ethical standards. No exploitative patterns. All 27 must-pass criteria satisfied.

QSF Certified

86+ of 143 points (60%)

Active commitment to user respect across all domains. Requires domain minimums.

QSF Exemplary

114+ of 143 points (80%)

Industry-leading attention-respecting software. Reference implementation.

Audit Evidence Types

Each criterion specifies one of four evidence methods, ensuring two independent auditors reach the same conclusion.

Technical Inspection

Auditor examines the running application, source code, or network traffic.

Documentation Review

Auditor reviews published policies, changelogs, or support documentation.

User Journey Walkthrough

Auditor completes a specific user flow and records the experience.

Declarative Attestation

Company attests to practices that cannot be externally verified. False attestation voids certification.

Recertification

Certification is valid for 12 months. Recertification requires a delta audit covering criteria affected by product changes, plus a random sample of 20% of unchanged criteria. Material product changes — new monetization model, new data collection, or acquisition by another company — trigger mandatory re-audit of affected domains.

The Quiet Standards Framework is published by Hi-Low Studio LLC. The specification is open. The self-audit toolkit is free. Certification is earned.

Download PDF Back to Standards Overview