Privacy Policy

BlushQuest ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Services"). Please read this policy carefully. By using our Services, you consent to the practices described herein.

1. Data We Collect

We collect the following categories of information to provide and improve the BlushQuest experience:

1.1 Information You Provide

• Account Information: Email address, first name, last name, gender, and date of birth.
• Wish Cards (In-App Messages): User-generated text content you author and address to your designated partner inside the app. Wish cards are partner-to-partner messages exchanged between the two members of a couple; this is the content disclosed in the Google Play Data Safety form under "Messages → Other in-app messages." Wish-card content is protected by encryption in transit (TLS) and by storage-level (at-rest) encryption on our database, and it is shared only with your designated partner (see Section 7). It is not end-to-end encrypted, which means it is technically accessible to BlushQuest as the operator of the service; however, we do not access or review wish-card content except as required by law or to investigate a report of abuse you submit via the in-app Report feature.
• Quest Data: Quest metadata such as progress, completion status, and badges earned. (The text content of wish cards is covered separately above.)
• Partner Information: Email address of your invited partner to establish the couple relationship.
• Waitlist Information: Email address (and any quiz responses you submit) when you sign up for our Super Cards waitlist on our website. Waitlist email addresses are sent to and stored in OneSignal (see Section 4) so we can email you when Super Cards launches; they are not stored in our main application database.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, and unique device identifiers.
• IP Address & Connection Data: Your IP address and user-agent are processed when you sign in (for session security) and are attached to backend and crash-reporting events (via Sentry — see Section 4) so we can diagnose errors, prevent abuse, and secure the service.
• Usage Data: How you interact with the app, features used, and session duration.
• Analytics Data: Page views, navigation patterns, country/region, browser type, and referral sources (website only).

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Consent: When you create an account, you explicitly consent to our processing of your data by accepting these terms. You may withdraw consent at any time by deleting your account.
• Contract Performance: Processing is necessary to provide you with the BlushQuest service, including syncing quest data with your partner, managing your subscription, and delivering the core app functionality.
• Legitimate Interest: We process certain data (such as usage analytics) to improve our Services, prevent fraud, and ensure security. We balance these interests against your privacy rights.

3. How We Use Your Data

• To provide and maintain the BlushQuest experience, including quest synchronization between partners.
• To authenticate your account and maintain session security.
• To manage your subscription and account status.
• To send transactional communications (e.g., account verification, quest notifications, partner invitations).
• To send marketing communications about new features, Super Cards launches, and promotional offers (with your consent).
• To send push notifications about quest updates, partner activity, and promotional content.
• To analyze usage patterns and improve our Services.
• To provide customer support.
• To comply with legal obligations.

4. Third-Party Services

We use the following third-party services to operate BlushQuest:

Categories of personal data shared with each third party

The following table summarizes which categories of personal data we transmit to each third party, the purpose of that transmission, and how the relationship is classified for the Google Play Data Safety form:

Service providers process data only on our behalf under contract; shared with third party means the recipient may use the data for their own product purposes within their terms of service.

We do not sell your personal data to third-party advertisers.

5. Push Notifications & Marketing Communications

6. Data Storage & International Transfers

7. Sensitive Data

BlushQuest collects and processes information about your intimate and sexual preferences in the form of wish-card content. This is treated as a special category of personal data ("sensitive personal data" under GDPR Art. 9, "sensitive personal information" under CCPA §1798.140(ae), and "sensitive data" under VCDPA, CPA, CTDPA, UCPA, TDPSA, and similar U.S. state laws). We collect this category solely with your explicit consent given when you accept these Terms, and we process it only to deliver wish-card content to your designated partner. We do not use this category for advertising, profiling, or any secondary purpose. This data is protected by encryption in transit and storage-level encryption at rest, and is shared only with your designated partner. It is not end-to-end encrypted, so BlushQuest personnel can technically access stored content; however, we do not access, review, or share the content of your wish cards except as required by law or to investigate reported abuse. You may withdraw consent at any time by deleting your account or resetting your couple.

8. Partner Data Sharing

9. Data Retention & Deletion

9.1 Retention Windows

• Active accounts: We retain your data for as long as your account remains active.
• Active systems (post-deletion): Once we have verified a deletion request, your personal data is removed from our active production systems within 30 days.
• Encrypted backups: Database backups are retained on a 14-day rolling window; deleted data ages out of routine backups within 14 days of the deletion taking effect.
• Long-term backups: Residual copies in long-term backup storage may persist for up to 1 year from the date of deletion, after which they are permanently overwritten. These copies are encrypted at rest and are not used for any operational purpose.
• Legal holds: We may retain certain limited records longer where required by law or for legitimate business purposes such as fraud prevention, tax records, or dispute resolution. Such retained records are minimized and access-controlled.

9.2 How to Request Account Deletion

You can delete your account in any of the following ways:

• In the app (immediate): Open Profile → Delete account and confirm. This permanently deletes your account and data right away, dissolves any active couple (your partner is notified), and signs you out. It does not require email verification because you are already signed in.
• Web request page: Visit https://blushquest.com/legal/delete-account, which walks you through what to include in your request.
• Direct email: Send an email to dpo@blushquest.comwith the subject line "Account Deletion Request" from the email address associated with your BlushQuest account.

The verification flow in Section 9.3 and the 30-day window in Section 9.4 apply to the email and web-request paths; in-app deletion takes effect immediately.

9.3 Identity Verification

Confirmation link:To prevent unauthorized deletion of a partner's account, we verify every deletion request by sending a one-time confirmation link to the email address on file for the account. Clicking the link confirms that the request originated from the account holder. Requests that are not confirmed within the validity window of the link are not processed. We may ask for additional information only where reasonably necessary to verify identity.

9.4 Response Time

We will confirm deletion within 30 days of receiving a verified request. The 30-day clock starts when you click the confirmation link described in Section 9.3, not when your initial email is received. You will receive a final email confirming that active-system deletion is complete; ongoing residual retention then follows the backup windows described in Section 9.1.

9.5 Effect on Your Partner

BlushQuest uses a sender-pays subscription model in which a single active subscription held by either member of a couple grants in-app access to both members (see Section 8). If the account you delete is the subscribing partner's account, your linked partner will immediately lose accessthrough the canceled subscription, and the couple will be dissolved. If you are the non-subscribing partner, deleting your account dissolves the couple but does not cancel your partner's subscription. In either case, the remaining partner's individual account is preserved and they may invite a new partner at any time.

9.6 Canceling a Subscription Is Separate

Deleting your BlushQuest account does not automatically cancel an active Apple App Store or Google Play subscription. Subscription billing is managed by Apple or Google, not by BlushQuest, and we cannot cancel a subscription on your behalf. To stop recurring charges, you must cancel the subscription separately through your App Store or Play Store settings:

• iOS (Apple): Open Settings → tap your Apple ID at the top → Subscriptions → select BlushQuest → Cancel Subscription.
• Android (Google Play): Open the Google Play Store app → tap your profile icon → Payments & subscriptions → Subscriptions → select BlushQuest → Cancel subscription.

For best results, cancel the subscription before requesting account deletion so the cancellation is processed against an active account.

10. Your Rights (GDPR / UK GDPR / U.S. State Privacy Laws)

Depending on your location, you have the following rights regarding your personal data:

• Right to Access / Know: Request a copy of the personal data we hold about you, including the categories of data, sources, purposes, and third parties with whom it has been shared.
• Right to Rectification / Correct: Request correction of inaccurate or incomplete data.
• Right to Erasure / Delete: Request deletion of your personal data ("right to be forgotten"). You can delete your account immediately in the app (Profile → Delete account), or by email request to dpo@blushquest.com or the request page at /legal/delete-account; verified email/web requests are confirmed within 30 days as described in Section 9.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Limit Use of Sensitive Personal Information: Request that we limit the use of sensitive personal information to that necessary to perform the service.
• Right to Opt Out of Sale or Sharing: Direct us not to "sell" or "share" your personal information. BlushQuest does not sell or share personal information for cross-context behavioral advertising, and has not done so in the past 12 months.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, please contact us at dpo@blushquest.com from the email address associated with your account. For account deletion specifically, see Section 9 — deletion requests are confirmed within 30 days of a verified request, and you may also start the request at https://blushquest.com/legal/delete-account. For other rights requests (access, correction, portability, opt-out, etc.), we will respond within 30 days (GDPR / UK GDPR) or 45 days (CCPA and applicable U.S. state laws), and may extend by an additional 45 days where reasonably necessary, with notice to you. We will not require you to create an account to submit a request, and we will not charge you for exercising these rights. We honor Global Privacy Control (GPC) signals where applicable.

10.1 California Residents (CCPA / CPRA)

In the past 12 months, BlushQuest has collected the following categories of personal information from California residents: identifiers (email address, internal user ID, device identifiers); commercial information (subscription status); internet or other electronic network activity (in-app usage events, marketing-site events); sensitive personal information (wish-card content describing intimate preferences, plus date of birth and gender); and inferences drawn from product usage. We collect this information directly from you, from your device, and from our service providers (Better-Auth, Adapty, OneSignal, PostHog, Resend, Sentry, Cloudflare, Vercel, Google Analytics). We use it to provide and improve the service, process subscriptions, send transactional and (with consent) marketing messages, and to diagnose errors.

We do not sell or share personal information for cross-context behavioral advertising, and we have not done so in the past 12 months. You have the right to know, delete, correct, limit use of sensitive personal information, opt out of sale or sharing, and not be discriminated against for exercising these rights. To exercise any of these rights, email dpo@blushquest.com from the email address associated with your account; to specifically request account deletion you may also use the request page at /legal/delete-account (see Section 9 for the verification flow and 30-day response window). For the specific data categories shared with each third party, see the table in Section 4.

10.2 Other U.S. State Residents

If you are a resident of Colorado, Connecticut, Delaware, Iowa, Montana, Oregon, Texas, Utah, or Virginia, you have rights similar to those described above for California, including the right to know, delete, correct (where applicable), opt out of targeted advertising and sale, and appeal a denied request. Because BlushQuest processes information about intimate preferences — which qualifies as sensitive personal data under several of these laws — we obtain your opt-in consent at registration by your acceptance of our Terms. You may withdraw that consent at any time by deleting your account. To submit a request, email dpo@blushquest.com. If we deny your request, you may appeal by replying to our response; we will respond to your appeal within 60 days.

11. Children's Privacy

BlushQuest is intended for adults aged 18 years and older. BlushQuest is not directed to children under 13, and we do not knowingly collect personal information from children under 13 within the meaning of the U.S. Children's Online Privacy Protection Act (COPPA), nor from anyone under 18 by our own policy. If we become aware that we have collected data from a person under 18, we will take immediate steps to delete that information and terminate the account. If you believe a minor has provided us with personal information, please contact us immediately at dpo@blushquest.com.

12. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, secure authentication via Better-Auth one-time-password (OTP) sign-in, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email or in-app notification. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer: