Quester

Privacy Policy

1. Overview

NEMETIX LTD ("we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data in the Quester application. We operate under the UK GDPR and the Data Protection Act 2018.

2. Data We Collect

We process the following categories of personal data:

  • Identity & Contact: Email address, full name (optional), and age (to ensure you are over 13).
  • Usage Content: Goals you set, tasks you create, and messages you send to the "Oracle" chat.
  • Technical Data: IP address, browser type, timezone, and login frequency.
  • Billing Data: Transaction identifiers from Stripe (we do not store your credit card details; these are handled by the payment processor).

3. How We Use AI (LLMs)

Quester's core functionality relies on Large Language Models (LLMs) provided by third-party AI service providers.

  • Processing: When you create a quest or chat with the Oracle, your inputs and recent chat history are processed by these providers via secure API.
  • Anonymisation: We strive to exclude direct identifiers (like your email) from the prompts sent to AI models.
  • No Training: Based on our enterprise API agreements, your data is not used by our AI providers to train their foundation models.

4. Data Retention & Deletion

We retain your data only for as long as your account is active.

Complete Data Erasure: If you use the "Delete Account" feature in your settings, we trigger a comprehensive deletion process. This removes your profile, all your plans, tasks, chat history, and subscription linkspermanently from our systems. There is no "soft-delete"; once deleted, this data cannot be recovered.

5. Sharing Your Information

We share data only with essential service providers:

  • Supabase: For database hosting, authentication, and file storage.
  • Stripe: For payment processing and subscription management.
  • AI Providers: Third-party industry leaders for processing AI-generated content.

We never sell your personal data to third parties for marketing purposes.

6. Your Rights (UK GDPR)

You have the following rights regarding your data:

  • Access: The right to request a copy of the data we hold about you.
  • Rectification: The right to correct inaccurate data.
  • Erasure: The right to have your data deleted (simplified via our "Delete Account" button).
  • Portability: The right to receive your data in a structured, machine-readable format.
  • Withdraw Consent: Where you have given consent (e.g., for cookies), you have the right to withdraw it at any time.
  • Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data in accordance with the law. You can contact the ICO at ico.org.uk.

7. International Transfers

As a UK company, we primarily process data in the UK. However, some service providers (like Google) may process data in the US or other regions. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for such transfers.

8. Contact Us

If you have any questions or wish to exercise your rights, please contact our Data Protection Officer:
NEMETIX LTD
122 Hawley Road, Dartford, England, DA1 1PA
Email: legal@qstr.io