Back to equest

Privacy / Datenschutz

Privacy Policy

GDPR information for equest. Last updated: 31.05.2026

1. Controller / Verantwortlicher

Phronox, Simon Braune, Im Sand 18, 65549 Limburg, Germany

Email: [email protected]

2. Data We Process

Account data: email address, password hash, role, verification and reset metadata.

Profile data: username, display name, avatar, onboarding answers, interests and discomfort areas when you provide them.

Quest and social data: assigned quests, submissions, posts, media metadata, reports, notifications, points, streaks, chats and messages.

Technical data: IP-derived request metadata, security logs, application errors and strictly necessary authentication cookies.

3. Legal Basis

Contract performance, GDPR Art. 6(1)(b): account, authentication, quests, posts, submissions, notifications and messageboard features.

Legitimate interests, GDPR Art. 6(1)(f): security, abuse prevention, rate limiting, operational logging and product reliability.

Legal obligation, GDPR Art. 6(1)(c): records we must keep under applicable law.

Consent, GDPR Art. 6(1)(a): optional profile details where consent is required.

4. Hosting, Cookies and Third Parties

The service uses self-hosted in-app JWT authentication. Refresh tokens are stored in secure HTTP-only cookies where configured.

Object storage is used for uploaded media. Cloud infrastructure providers may process data as processors in EU or EEA-compatible hosting environments.

We do not use advertising cookies and do not sell personal data.

5. Retention

Account and user-generated data is stored while your account is active.

Deleted account data is removed or anonymised within 30 days unless legal retention duties apply.

Operational logs are retained only as long as needed for security, debugging and compliance.

Backups may persist for a limited retention window before rotation.

6. Your Rights

You may request access, rectification, erasure, restriction, portability, objection to legitimate-interest processing, and withdrawal of consent under GDPR Art. 15-22.

Send privacy requests to [email protected]. We respond within one month unless GDPR allows an extension.

You may lodge a complaint with your local supervisory authority. For Hessen, Germany: Der Hessische Beauftragte fuer Datenschutz und Informationsfreiheit, https://datenschutz.hessen.de

7. Changes

We may update this privacy policy when the service or legal requirements change. The current version is available on this page.