← Back to Questlock

Privacy Policy

Last updated: June 2026

Overview

Questlock ("we", "us", "our") is a desktop productivity app and optional browser extension that helps you block distractions and focus on your goals. This policy explains what data we collect, why we collect it, and how you can control it. We collect only what is necessary to provide the service.

Information we collect

Account data

When you create an account, we store your email address and the profile information you provide (display name, avatar). Authentication is handled by Supabase Auth.

App data

Your goals, daily missions, focus session history, and gamification stats (XP, streaks, leaderboard position) are stored in our database so you can sync across devices and access the leaderboard.

Blocklists

The list of websites and apps you choose to block is stored locally on your device. If you sign in and enable cloud sync, your blocklist is also saved to our database so it persists across devices.

Browser extension

The Questlock browser extension intercepts navigation requests to check them against your blocklist. URLs are compared locally inside your browser — they are not sent to our servers. The extension does not track your browsing history.

Subscription status

We store whether your account has an active Pro subscription. We do not store payment card details; those are held exclusively by Stripe.

AI missions

When you generate a daily mission, your goal text is sent to a Cloudflare Worker that calls the OpenAI API to produce a mission. Only the goal context you have written is sent — no other personal data is included. OpenAI processes this data under their API usage policy; by default they do not use API inputs to train their models. We do not use your data to train any models.

Third-party services

We use the following sub-processors:

  • Supabase — database and authentication. Your account and app data is stored in Supabase infrastructure.
  • Stripe — payment processing for Pro subscriptions. Stripe handles all card data; we only receive your subscription status.
  • Cloudflare — our API Worker runs on Cloudflare's infrastructure and routes AI mission requests.
  • OpenAI — generates your daily AI missions from the goal context you provide.

How we use your data

We use the data we collect solely to operate and improve Questlock: to authenticate you, sync your data across devices, run the leaderboard, generate AI missions, and manage your subscription. We do not sell your data, share it with advertisers, or use it for any purpose unrelated to the service.

Data retention

Your account and associated data is retained for as long as your account is active. If you delete your account, your data is removed from our database within 30 days. Stripe retains billing records as required by financial regulations.

Your rights

You can access, export, or delete your data at any time by emailing support@usequestlock.com. We will respond within 30 days. If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

Security

All data in transit is encrypted via HTTPS/TLS. Data at rest is encrypted by Supabase. We do not store passwords — authentication uses email magic links and OAuth tokens managed by Supabase Auth.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page and, where appropriate, notify you by email. Continued use of Questlock after changes constitutes acceptance of the updated policy.

Contact

Questions about privacy? Email support@usequestlock.com.