Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

Account Information: When you create an account, we collect your email address, username, and password (hashed, never stored in plaintext).

Usage Data: We collect data about how you use QuestMind, including quests created and completed, XP earned, streak activity, check-in responses, and feature usage patterns.

Optional Data: If you use the AI quest generation feature with your own API key, the key is stored encrypted (AES-256-GCM) and used solely to make API calls on your behalf.

Payment Information: Payment processing is handled entirely by Stripe. We do not store credit card numbers or payment details on our servers.

2. How We Use Your Information

  • To provide and maintain the QuestMind service
  • To generate personalized quests using AI (Pro and Power tiers)
  • To calculate XP, levels, streaks, and achievements
  • To enable social features (guilds, buddy system, leaderboards)
  • To send you notifications you have opted into
  • To improve the service based on aggregated, anonymized usage patterns

3. Research Data

QuestMind includes an optional weekly focus check-in. If you consent to research participation, your anonymized check-in data may be used in aggregate for academic research on ADHD and productivity. You can withdraw consent at any time in Settings. Your data will be anonymized and never sold to third parties.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase: Database and authentication provider
  • Stripe: Payment processing
  • Anthropic: AI quest generation (only quest-related context, never personal data)
  • Vercel: Hosting provider

5. Data Security

We implement industry-standard security measures including:

  • Row-Level Security (RLS) on all database tables
  • AES-256-GCM encryption for stored API keys
  • HTTPS-only connections
  • Content Security Policy headers
  • Rate limiting on sensitive endpoints
  • No plaintext password storage

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Export your data
  • Withdraw research consent at any time
  • Opt out of non-essential communications

To exercise any of these rights, contact us at the email below.

7. Cookies

QuestMind uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

8. Children

QuestMind is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

10. Contact

If you have questions about this Privacy Policy, contact us at:

privacy@questmind.app