Legal

Privacy Policy

Last updated: April 8, 2026

1. Who We Are

QuestLore ("we", "our", "us") is a B2B SaaS gamification platform that helps organisations motivate and grow their teams through experience points, quests, achievements, and rewards. QuestLore is the data controller for personal data collected through our website at qlore.space and our application.

Contact: For any privacy-related enquiries please email us at privacy@qlore.space.

2. What Data We Collect

Account & Profile Data

  • Full name and email address
  • Organisation name and your role within it
  • Profile picture (if uploaded)
  • Password (stored as a one-way hash — we never see your plain-text password)

Activity & Gamification Data

  • Experience points (XP) earned, level reached, and achievement history
  • Quests assigned, completed, or reviewed
  • Coin balance, reward purchases, and transaction history
  • Goals set and progress tracked

Technical & Usage Data

  • IP address and approximate geolocation (country/city level)
  • Browser type, operating system, and device type
  • Pages visited, features used, and session duration
  • Error reports and crash logs (collected via Sentry)

Payment Data

Subscription payments are processed by Stripe. We do not store your full card number, CVC, or banking details — Stripe handles and stores this information under their own privacy policy. We receive only a payment confirmation and a non-sensitive token.

3. Legal Basis for Processing

Under the GDPR, we process your personal data on the following legal grounds:

  • Contractual necessity (Art. 6(1)(b)): we process account and activity data to deliver the QuestLore service you or your organisation has subscribed to.
  • Legitimate interests (Art. 6(1)(f)): we process technical and usage data to improve security, fix bugs, and enhance the product.
  • Legal obligation (Art. 6(1)(c)): we may process and retain certain data (e.g. billing records) to comply with applicable laws.
  • Consent (Art. 6(1)(a)): where we send optional marketing communications, we rely on your explicit consent, which you may withdraw at any time.

4. How We Use Your Data

  • Providing, operating, and maintaining the QuestLore platform
  • Processing subscription payments and managing billing
  • Sending transactional emails (account verification, password resets, quest notifications)
  • Detecting, investigating, and preventing fraudulent or abusive activity
  • Monitoring application errors and improving stability (via Sentry)
  • Complying with legal and regulatory obligations

5. Data Sharing & Third Parties

We do not sell your personal data. We share it only with the following categories of trusted processors:

  • Stripe — payment processing. Data is governed by the Stripe Privacy Policy.
  • Sentry — error monitoring and crash reporting. Sentry receives sanitised diagnostic data (stack traces, device info). See the Sentry Privacy Policy.
  • Infrastructure providers — our application and database are hosted on cloud infrastructure within the European Economic Area (EEA).

We require all third-party processors to handle data in compliance with the GDPR and to have appropriate Data Processing Agreements (DPAs) in place.

6. International Data Transfers

Our infrastructure is based in the EEA. Some third-party processors (such as Stripe and Sentry) may transfer data outside the EEA. In such cases, transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or an equivalent adequacy mechanism.

7. Data Retention

  • Active accounts: data is retained for the duration of your subscription.
  • Deleted accounts: personal data is removed within 30 days of account deletion, except where retention is required by law.
  • Billing records: retained for 7 years to meet accounting and tax obligations.
  • Error logs: retained for up to 90 days in Sentry, then automatically purged.

8. Your Rights Under the GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: ask us to correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Right to data portability: receive your data in a structured, machine-readable format. (In-app export tool coming soon — currently available on request.)
  • Right to object: object to processing based on legitimate interests.
  • Right to restriction: ask us to limit how we process your data while a dispute is resolved.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@qlore.space. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use cookies and similar technologies to operate the platform and remember your preferences. For full details — including how to control or disable cookies — please read our Cookie Policy. A cookie consent banner that gives you granular control is coming soon.

10. Children's Data

QuestLore is a business-to-business service intended for use by organisations and their adult employees. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission (TLS), hashed passwords, and role-based access controls. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify account holders by email or an in-app notice. Continued use of QuestLore after such changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: