Quest-ly
Privacy Policy

Quest-ly Privacy Policy

Effective date:
Jurisdiction: GDPR (EU), UK‑GDPR
Controller
Quest-ly (operated by Stanislav Sliuzar, sole trader)
Service address (temporary)
Pending appointment of our UK service agent, Quest-ly consents to service of notices by email at [email protected]. For a physical mailing/service address, please email us and we will provide the address within 2 business days. This temporary arrangement applies from until replaced.
Contacts
[email protected] (data requests) · [email protected]
EU Representative (GDPR Art. 27)
Pending appointment; details will be published when appointed.
UK Representative (if applicable)
Not applicable (controller established in the United Kingdom).
DPO (if appointed)
Not appointed. · [email protected]

1. Scope

This policy explains what we collect, why, legal bases, retention, transfers, and your rights.

2. Data We Collect

Account

Email; social IDs (Google/Apple/Facebook); display name; avatar.

Usage

Quests created/completed, likes, follows, interactions, timestamps.

Device/Diagnostics

App version, OS, device model, IP address (logged for security and abuse prevention), crash logs.

Location (optional)

Approximate or precise location (with OS permission) for Local Area quests, nearby visibility, inside-zone response eligibility checks, and Travel mode city access. When GPS is unavailable, city-level detection may use IP-based inference.

Messaging

Sender/receiver IDs, message text, message type, media URL/thumbnail, timestamps and read status.

Notifications

Push tokens, in-app notifications, and notification preferences.

Ads/Billing

Campaign data and events (such as impressions/clicks where applicable); payments/top-ups processed by Stripe. Quest-ly does not store full card numbers.

Media

Images/videos you upload.

3. Sources

Data comes from you; automatically via mobile SDKs; and from social login providers (limited profile data you permit).

4. Purposes & Legal Bases

  • Provide and operate the app (contract).
  • Security, fraud prevention, anti‑abuse (legitimate interests; legal obligation where applicable).
  • Analytics and performance (legitimate interests; consent where required).
  • Communications and support (contract/legitimate interests; consent for marketing).
  • Geo features (consent via OS permissions).
  • Local Area enforcement and anti-abuse (inside-zone checks and related security processing; legitimate interests/legal obligation where applicable).

5. Retention

Account data: until deletion. Archived quests/responses/media may be deleted automatically after a configured period (currently around 10 days after becoming eligible). Chat messages may be deleted after around 60 days. In-app notifications may be deleted after around 7 days. Minimal data may be retained to comply with law or prevent abuse.

6. Sharing

We use processors and infrastructure providers. We do not sell personal data.

  • Cloudflare (proxy/CDN/WAF)
  • Cloudflare R2 (media storage)
  • Apple APNs and Firebase/FCM (push delivery)
  • Google Maps SDK (maps and zone UI)
  • IP-based city inference provider (ipapi.co)
  • Stripe (payments/top-ups)

7. International Transfers

Data may be processed outside your country. We use safeguards such as Standard Contractual Clauses (SCCs) and industry‑standard security measures.

8. Security

Encryption in transit and (where supported) at rest; access controls; monitoring. No system is 100% secure.

9. Your Rights

GDPR/UK‑GDPR

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may lodge a complaint with a supervisory authority (e.g., ICO or your local authority).

CCPA/CPRA (California)

Right to know/access, delete, correct, opt‑out of sale/share (we do not sell/share for cross‑context behavioral advertising), and limit use of sensitive data (we do not process sensitive data for inferring characteristics).

How to exercise

Email [email protected]; we may ask for verification.

10. Children

We do not knowingly process data of under‑13s. EEA/UK users under 16 require parental consent where permitted.

11. Cookies & Tracking

Mobile SDKs and similar technologies for analytics and crash logs. “Do Not Track” signals may not be recognized consistently across platforms.

12. Communications

You can opt out of marketing emails and push notifications in settings. Transactional/service messages may still be sent.

13. Deletion & Portability

Delete your account in‑app or via [email protected]. We will delete associated personal data except minimal records we must keep by law or to prevent abuse. You may request a copy of your data in a commonly used format.

14. Changes

We will update this policy as needed and show the new date above. Material changes may be notified in‑app.

15. Contact

Privacy: [email protected]

DPO: [email protected] (not appointed)

Postal (temporary): Pending appointment of our UK service agent, Quest-ly accepts service of notices by email at [email protected]. For a physical mailing/service address, email us and we will provide a UK geographical service address within 2 business days. (Applies from until replaced.)

If you have questions about this policy, contact [email protected].