BlushQuestBlushQuest

Privacy Policy

Last Updated: January 31, 2026

BlushQuest ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Services"). Please read this policy carefully. By using our Services, you consent to the practices described herein.

1. Data We Collect

We collect the following categories of information to provide and improve the BlushQuest experience:

1.1 Information You Provide

  • Account Information: Email address, first name, last name, gender, and date of birth.
  • Quest Data: Wish cards you create, quest progress, completion status, and badges earned.
  • Partner Information: Email address of your invited partner to establish the couple relationship.
  • Waitlist Information: Email address when you sign up for our Super Cards waitlist on our website.

1.2 Information Collected Automatically

  • Device Information: Device type, operating system, and unique device identifiers.
  • Usage Data: How you interact with the app, features used, and session duration.
  • Analytics Data: Page views, navigation patterns, country/region, browser type, and referral sources (website only).

2. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: When you create an account, you explicitly consent to our processing of your data by accepting these terms. You may withdraw consent at any time by deleting your account.
  • Contract Performance: Processing is necessary to provide you with the BlushQuest service, including syncing quest data with your partner, managing your subscription, and delivering the core app functionality.
  • Legitimate Interest: We process certain data (such as usage analytics) to improve our Services, prevent fraud, and ensure security. We balance these interests against your privacy rights.

3. How We Use Your Data

  • To provide and maintain the BlushQuest experience, including quest synchronization between partners.
  • To authenticate your account and maintain session security.
  • To manage your subscription and account status.
  • To send transactional communications (e.g., account verification, quest notifications, partner invitations).
  • To send marketing communications about new features, Super Cards launches, and promotional offers (with your consent).
  • To send push notifications about quest updates, partner activity, and promotional content.
  • To analyze usage patterns and improve our Services.
  • To provide customer support.
  • To comply with legal obligations.

4. Third-Party Services

We use the following third-party services to operate BlushQuest:

Supabase: For user authentication (OTP-based), database management, and secure data storage. Your account data and quest information are stored on Supabase servers in the United States.

OneSignal: For push notifications and email communications. We share your email address and user ID with OneSignal to deliver transactional and marketing messages. You can unsubscribe from marketing emails via the unsubscribe link in each email, or manage push notification preferences in your profile settings.

PostHog: For in-app analytics and custom event tracking. We collect anonymized usage data to understand how users interact with the app and improve our features.

Vercel Analytics: For website analytics only. We collect page views, country/region, browser type, device type (mobile/tablet/desktop), operating system, and referral sources. This data is used to understand website traffic and improve user experience. See our Cookie Policy for more details.

Apple App Store / Google Play Store: For payment processing and subscription management. We do not have access to your payment card details; all payment processing is handled directly by Apple or Google.

We do not sell your personal data to third-party advertisers.

5. Push Notifications & Marketing Communications

Push Notifications: We send push notifications via OneSignal for quest reminders, partner activity updates, and promotional content. You can manage your notification preferences in the app's profile settings or through your device settings.

Email Communications: We send transactional emails (account verification, partner invitations, quest notifications) and marketing emails (new features, Super Cards announcements). You can unsubscribe from marketing emails using the link provided in each email, while transactional emails are necessary for service operation.

Waitlist Communications: If you join our Super Cards waitlist on the website, we will email you when Super Cards launches. Each email includes an unsubscribe link.

6. Data Storage & International Transfers

Hosting: Your data is stored on secure servers located in the United States via Supabase.

Cross-Border Transfer: By using the App from the UK, EU, Australia, UAE, Indonesia, or other regions, you consent to the transfer of your personal data to the United States. We implement Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data remains protected in accordance with applicable data protection laws.

7. Sensitive Data

Because BlushQuest involves romantic and intimate preferences, we treat your wish cards and quest content as highly sensitive information. This data is encrypted at rest and in transit, and is only accessible to you and your designated partner. We do not access, review, or share the content of your wish cards except as required by law or to investigate reported abuse.

8. Partner Data Sharing

What Partners Can See: Your partner can view your full name, email address, quest progress, badges, and the wish cards you create for each other. Partners cannot see your date of birth, gender, or account settings.

Partner Invitations: When you invite a partner, they receive an email and push notification (if already a user) with your name and email address. They must accept the invitation to form a couple.

Ending a Relationship: If either partner chooses to "Reset Couple," the couple becomes inactive. Shared quest progress is archived, but both users retain their individual accounts and can invite new partners.

9. Data Retention & Deletion

Active Accounts: We retain your data for as long as your account is active.

Account Deletion: You may request account deletion through the Settings menu in the app. Upon deletion, your personal data will be removed from our active systems within 30 days.

Backup Retention: Database backups are retained for 14 days. After account deletion, your data may persist in backups for up to 1 year, after which it is permanently deleted.

Legal Requirements: We may retain certain data longer if required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

10. Your Rights (GDPR/UK GDPR/CCPA)

Depending on your location, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at dpo@blushquest.com. We will respond within 30 days.

11. Children's Privacy

BlushQuest is intended for adults aged 18 years and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a minor, we will take immediate steps to delete that information and terminate the account. If you believe a minor has provided us with personal information, please contact us immediately at dpo@blushquest.com.

12. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, secure authentication via OTP, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email or in-app notification. Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:

Email: dpo@blushquest.com