Quest-ly
Privacy Policy

Quest-ly Privacy Policy

Effective Date:
Jurisdiction: GDPR (EU), UK-GDPR
Controller
Quest-ly (operated by Stanislav Sliuzar, sole trader)
Service address (temporary)
Pending appointment of our UK service agent, Quest-ly consents to service of notices by email at [email protected]. For a physical mailing/service address, please email us and we will provide the address within 2 business days. This temporary arrangement applies from until replaced.
Contacts
[email protected] (data requests) · [email protected]
EU Representative (GDPR Art. 27)
Pending appointment; details will be published when appointed.
UK Representative (if applicable)
Not applicable (controller established in the United Kingdom).
DPO (if appointed)
Not appointed. · [email protected]

1. Scope

This policy explains what we collect, why, legal bases, retention, transfers, and your rights.

2. Data We Collect

  • Account: email; social IDs (Google/Apple/Facebook); username/display name (if set); avatar.
  • Usage: quests created/completed, likes, follows, interactions, timestamps.
  • Search activity: search terms, search history, and related search interactions.
  • Device/Diagnostics: app version, OS, device model, IP address (logged/truncated where applicable for security and abuse prevention), crash logs.
  • Location (optional): approximate or precise (with OS permission) for: nearby/geo features, Local Area visibility, inside-zone eligibility checks for Local Area responses, Travel mode temporary city access, and IP-based city inference fallback when GPS is unavailable.
  • Media: images/videos you upload.
  • Messaging: sender/receiver IDs, message text, message type, media URL/thumbnail, timestamps, and read status.
  • Notifications: push tokens, in-app notification records, and notification preferences.

3. Sources

Data comes from you; automatically via mobile SDKs; and from social login providers (limited profile data you permit).

4. Purposes & Legal Bases

  • Provide and operate the app (contract).
  • Search and discovery functionality, relevance improvements, and safety (contract; legitimate interests).
  • Security, fraud prevention, anti-abuse (legitimate interests; legal obligation where applicable).
  • Analytics and performance (legitimate interests; consent where required).
  • Advertising delivery, measurement, and fraud prevention (legitimate interests; consent where required).
  • Communications and support (contract/legitimate interests; consent for marketing where applicable).
  • Geo features (consent via OS permissions).
  • Local Area enforcement and anti-abuse processing, including inside-zone checks for responses (legitimate interests; and/or consent via OS permissions where applicable).

5. Retention

We keep data only as long as needed for the purposes above, then delete or anonymize it.

  • Account/profile data: until deletion.
  • Quests / responses / uploaded media: may be deleted automatically after a configured period once eligible (for example, around 10 days after becoming eligible), depending on app configuration.
  • Chat messages: may be deleted after around 60 days (configuration-based).
  • In-app notifications: may be deleted after around 7 days (configuration-based).
  • Support tickets / helpdesk records: up to 24 months.
  • Security / access logs (including IP logs where applicable): up to 12 months.
  • Analytics: up to 26 months (where enabled and permitted).
  • Backups: rolling retention of approximately 90 days.

Minimal data may be retained to comply with law, resolve disputes, or prevent abuse.

6. Sharing

We use processors including (as applicable): Cloudflare (proxy/CDN/WAF), Cloudflare R2 (media storage), Apple APNs and Firebase/FCM (push delivery), Google Maps SDK (maps/zone UI), and third-party providers for analytics, crash reporting, and email/helpdesk. We do not sell personal data.

Advertising payments: Quest-ly offers optional advertising tools. If you choose to top up your advertising balance, those payments are used only inside the Advertising section to fund advertising campaigns. On iOS, top-ups are handled by Apple In-App Purchase (StoreKit). On other platforms, top-ups may be processed by Stripe. We do not store your full payment card details. We may store limited transaction information such as amount, currency, status, timestamps, and provider transaction IDs for accounting/support purposes. Refunds and chargebacks are handled by the relevant payment provider under its rules. No payment is required to use the core quest experience.

7. International Transfers

Data may be processed outside your country. We use safeguards such as Standard Contractual Clauses (SCCs) and industry-standard security measures.

8. Security

Encryption in transit and (where supported) at rest; access controls; monitoring. No system is 100% secure.

9. Your Rights

GDPR/UK-GDPR: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may lodge a complaint with a supervisory authority (e.g., ICO or your local authority).

CCPA/CPRA (California): right to know/access, delete, correct, opt-out of sale/share (we do not sell/share for cross-context behavioral advertising), and limit use of sensitive data (we do not process sensitive data for inferring characteristics).

How to exercise: email [email protected]; we may ask for verification.

10. Children

We do not knowingly process data of under-13s. EEA/UK users under 16 require parental consent where permitted.

11. Cookies & Tracking

Mobile SDKs and similar technologies for analytics and crash logs. “Do Not Track” signals may not be recognized consistently across platforms.

We may use analytics and crash reporting tools (e.g., Firebase Analytics and Crashlytics) to improve stability and performance.

Data and identifiers from analytics and crash reporting tools may be linked to your account or user identifier where applicable (for example, in Firebase Analytics and Crashlytics).

If ads are shown, mobile advertising SDKs, including Google Mobile Ads / AdMob, may receive advertising identifiers, basic ad interaction logs, and device/network signals for ad delivery, measurement, and fraud prevention.

12. Communications

You can opt out of marketing emails and push notifications in settings. Transactional/service messages may still be sent.

13. Deletion & Portability

You can delete your account in the app, or request deletion by emailing [email protected]. We will delete associated personal data except minimal records we must keep by law or to prevent abuse. You may request a copy of your data in a commonly used format.

14. Changes

We will update this policy as needed and show the new date above. Material changes may be notified in-app.

15. Contact

  • Privacy: [email protected]
  • DPO: [email protected] (not appointed)
  • Postal (temporary): Pending appointment of our UK service agent, Quest-ly accepts service of notices by email at [email protected]. For a physical mailing/service address, email us and we will provide a UK geographical service address within 2 business days. (Applies from until replaced.)