eQuestAI

Privacy Policy

Last updated: December 2024

1. Introduction

eQuest ("we", "our", or "us") is a questionnaire builder service operated by Kooslab UG (in formation), based in Berlin, Germany. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Kooslab UG (in formation)

Berlin, Germany

Email: privacy@equest.app

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Company name (optional)
  • Password (stored securely hashed)
  • Timezone and language preferences

3.2 Questionnaire Data

When you create questionnaires and collect responses:

  • Questionnaire content (questions, sections, settings)
  • Client responses and answers
  • Uploaded files
  • Comments and notes

3.3 Client/Respondent Information

When clients fill out questionnaires:

  • Name, email, phone number (encrypted at rest)
  • Company name and role
  • Response content
  • IP address and browser information

3.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Usage data and session information

4. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, maintain, and improve our questionnaire service
  • Authentication: To verify your identity and secure your account
  • Communication: To send transactional emails (verification, password reset, notifications)
  • Security: To detect and prevent fraud, abuse, and security issues
  • Legal Compliance: To comply with legal obligations

5. Legal Basis for Processing

We process your personal data based on:

  • Contract: Processing necessary to provide our service to you
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Consent: Where you have given explicit consent (e.g., marketing emails)
  • Legal Obligation: Where required by law

6. Data Storage and Security

6.1 Where We Store Your Data

  • Database: Neon PostgreSQL (cloud-hosted)
  • File Storage: Cloudflare R2 (EU jurisdiction available)
  • Email: Resend (transactional emails only)

6.2 Security Measures

  • Encryption at Rest: Sensitive data (PII, credentials) encrypted with AES-256-GCM
  • Encryption in Transit: All connections use TLS/HTTPS
  • Password Security: Passwords hashed with Argon2id
  • Session Security: Secure, HttpOnly cookies
  • Access Control: Role-based permissions

7. Data Retention

We retain your data for as long as necessary to provide our services:

Data TypeRetention Period
Account dataUntil account deletion + 30 days
Questionnaires & responsesUntil deleted by owner
Session data30 days after expiry
Password reset tokens1 hour
Email verification codes15 minutes
Audit logs2 years (then anonymized)

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@equest.app or use the relevant features in your account settings.

9. Account Deletion

When you delete your account:

  1. Immediate: Your account is deactivated and you are logged out
  2. 30-day grace period: You can recover your account by contacting support
  3. After 30 days: Your data is permanently deleted

Note: If your questionnaires contain client responses, you will be asked to either transfer ownership or confirm deletion of client data. Clients will be notified if their data is deleted.

10. Cookies

We use the following cookies:

CookiePurposeDurationType
auth_sessionAuthentication session30 daysEssential
cookie_consentStores your cookie preferences1 yearEssential

Essential cookies are required for the service to function. We do not use tracking or advertising cookies.

11. Third-Party Services

We use the following third-party services to operate eQuest:

  • Neon: Database hosting (PostgreSQL)
  • Cloudflare R2: File storage
  • Resend: Transactional email delivery

These services process data on our behalf under data processing agreements.

12. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

13. Children's Privacy

eQuest is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

Email: privacy@equest.app

Response time: We aim to respond within 30 days

16. Supervisory Authority

If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the relevant data protection supervisory authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

← Back to Home