← QuestifyLegal
Privacy Policy
Effective 27 May 2026
This Policy explains what data Questify collects, why, who we share it with, and the rights you have over it. We try to keep the amount of data we hold small and the reasons for holding it boring.
1. Who we are
The Service is operated under cijss.org. For privacy questions, write to [email protected].
2. What we collect
Account data
- Username and a hashed password (we never store your password in clear text), or
- Your Google account identifier (sub), email and display name when you sign in with Google.
Content you create
- The goal / identity you describe.
- Survey answers and any custom text you type in the intake.
- Quest completions, skips, rerolls, mood entries, notes and reflections.
- Settings (language, reminders, theme).
Technical & usage data
- App version, platform, language, anonymous error/crash reports.
- Server logs (IP address, request timing) kept for a short period for security and debugging.
Payments
Subscriptions are processed by Google Play / App Store. We receive a purchase token that tells us whether your subscription is active — we don't see your card number.
3. Why we use it
- To run the Service: authenticate you, store your quests and history, sync between devices.
- To generate quests: your goal, survey answers and recent quest history are sent to our AI inference provider so it can produce tailored quests and reflections.
- To improve quality: aggregated, anonymised usage metrics — never your raw content.
- To prevent abuse: rate-limiting, fraud and bot detection.
- To comply with the law when we're legally required to.
4. Third parties we share with
- Google — when you sign in with Google (identity verification only) and when you pay via Google Play.
- AI inference providers (e.g. NVIDIA-hosted endpoints, and similar managed LLM APIs) — they receive the prompts we build from your goal, answers and recent quests so they can return generated content. Providers are bound by their own terms to not retain prompts for training.
- Infrastructure providers — cloud hosting, database and crash-reporting vendors we use to run the Service.
- Authorities — only where we're legally compelled to.
We do not sell your data and we don't run third-party advertising trackers.
5. Where data is stored & how long
- Your account and quest data live on managed servers and are kept for as long as your account is active.
- Server logs are kept for a short period (typically up to 30 days) for debugging and abuse prevention.
- If you delete your account, we erase your content within 30 days, except where a longer retention is required by law (e.g. payment records).
6. Your rights
Depending on where you live (GDPR / UK GDPR / CCPA / similar), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Export your data in a portable format.
- Delete your account and the personal data associated with it.
- Object to or restrict certain processing.
- Lodge a complaint with your local data-protection authority.
Most of these you can do directly inside the app (Settings → Account). For anything else, email [email protected] and we'll respond within 30 days.
7. Children
Questify isn't designed for children under 13 (under 16 in the EEA / UK). If we learn that we've collected data from a child below that age, we'll delete it.
8. Security
Passwords are stored hashed with a modern algorithm; traffic between the app and our servers is encrypted (HTTPS). No system is perfect — if you spot a vulnerability, please tell us at the address above before publishing it.
9. AI & your prompts
When we send prompts to inference providers we minimise what's in them — the goal, recent quest titles, your survey answers, and any notes you've explicitly linked to your path. We don't send raw personal identifiers (your name, email, payment data) inside the prompt. Providers are contractually bound not to retain prompts for model training.
10. International transfers
Our infrastructure and AI providers may process data in countries other than the one you're in (including the EU and the US). We rely on standard safeguards (e.g. EU Standard Contractual Clauses) where applicable.
11. Changes to this Policy
When we make material changes we'll notify you in-app or by email before they take effect. The “Effective” date at the top tells you the version you're looking at.