Privacy Policy
Last updated: June 2025
TL;DR: Your quest data is stored on our servers so you can sync across devices. We never sell your data, use it for ads, share it with third parties, or use it for AI training.
Data we collect
| Data | Where |
|---|---|
| Email & username | Server |
| Password (hashed with bcrypt) | Server |
| Quests, categories, completion data | Server |
| XP, level, achievements, gold | Server |
| Spoon preferences & settings | Server |
| Basic usage analytics | Server |
How we use your data
- Sync your quests across devices
- Calculate XP, levels, and achievements
- Send notifications (if enabled)
- Fix bugs and improve the app
What we never do
- Sell your data to anyone
- Use your data for advertising
- Share your data with third parties for marketing
- Use your data to train AI models
Payment processing
Payments are handled by Paddle. We never see or store your credit card information.
Security
- TLS encryption for all connections
- Passwords hashed with bcrypt
- Supabase with Row Level Security
Third-party services
- Paddle — payment processing
- Vercel — hosting
- Google Fonts — font delivery
Your rights (GDPR / CCPA)
You can access, export, correct, or delete all your data from account settings. Or email us and we'll handle it.
Children's privacy
PDA Quest can be used by minors with parental consent. We don't knowingly collect data from children under 13 without parental consent.
Contact
Questions? Email us at support@mishalabs.com.