Privacy Policy

When you visit our website https://questie.ai (the "Website"), use our mobile application (the "App"), or use any of our services (collectively, the "Services"), you are trusting us with your personal information. We take your privacy very seriously. This Privacy Notice explains what information we collect, how we use it, with whom we share it, and what rights you have.

Questie is an AI gaming companion platform that provides real-time voice chat, screenshare vision, AI roleplay, and persistent memory. Because the Services involve audio processing, AI-generated interactions, and third-party infrastructure, we collect a broader range of data than a typical website. Please read this notice carefully.

If there are any terms in this notice that you do not agree with, please discontinue use of our Services immediately.

1. What Information Do We Collect?

A. Information You Provide Directly

• Account registration: name, email address, and optionally a profile picture when you create an account.
• Social login: if you register via Google, GitHub, Discord, or Apple, we receive your name, email address, and profile picture from that provider. We do not receive your social media passwords.
• Payment information: billing details are collected and processed directly by Stripe (web/desktop) or Apple (iOS in-app purchases). We store only your Stripe Customer ID, subscription ID, and payment plan — we never see or store full card numbers.
• Profile and companion content: profile pictures and custom companion avatars you upload.
• Feedback and support: messages, ratings, or bug reports you submit to us.
• Referral codes: if you participate in our referral program, we associate your account with referral codes you generate or use.

B. Voice and Audio Data

Questie's core feature is real-time voice conversation with AI companions. When you use voice chat, we collect:

• Microphone audio: your voice is captured through your device microphone and transmitted in real time to our voice infrastructure (LiveKit) and our AI processing backend for speech-to-text transcription and AI response generation.
• Voice session metadata: session duration, character selected, connection quality metrics, and timestamps.
• Voice clone samples: if you use our optional voice cloning feature, you may upload audio recordings of your voice. These samples are sent to third-party voice synthesis providers (Fish Audio or Cartesia) to create a custom AI voice. Voice print data may be considered biometric information under applicable law. We will obtain your explicit consent before processing any voice cloning data.

C. Screen Sharing Data

When you enable the optional screenshare feature, your screen content (including game footage) is transmitted to our AI backend via LiveKit for vision analysis so the AI companion can respond to what is happening on your screen. Screen content is processed in real time and is not permanently stored by Questie. Third-party AI vision providers may process this content per their own data handling practices.

D. AI Conversation Data

When you interact with AI companions:

• Conversation context: your messages and the AI's responses are processed by third-party large language model (LLM) providers accessed via OpenRouter (including providers such as OpenAI, Google, Anthropic, Meta, and others). These providers may process your inputs according to their own privacy policies.
• Persistent memory: to make companions feel consistent across sessions, summaries and key facts from your conversations are stored by Zep Cloud, our graph-based memory provider. This memory is linked to your user account and the specific companion you are chatting with.
• Companion configuration: the AI system prompts and personality settings for each companion (including any custom companions you create) are stored in our database.

E. Automatically Collected Information

We automatically collect certain technical information when you use the Services:

• Usage and behavioral analytics: pages visited, features used, buttons clicked, session duration, and conversion events (e.g., subscription started, checkout initiated) — collected via PostHog analytics.
• Device and browser information: IP address, browser type and version, operating system, device model, device identifiers, language preferences, and timezone.
• Log data: server logs including request timestamps, error reports, and diagnostic information.
• Location data (approximate): we infer your general country/region from your IP address. We do not access your precise GPS location.
• Cookies and similar technologies: we use cookies and local storage for authentication sessions, user preferences, and analytics. See Section 5 for details.

F. Mobile App-Specific Data

• Mobile device identifiers: device model, OS version, and unique device IDs as reported by the operating system.
• Push notifications: if you grant permission, we may send push notifications about your account, companion activity, or new features. You may disable these in your device settings.
• Apple In-App Purchase tokens: on iOS, we use your Apple-provided account token to link your App Store purchase to your Questie account. We do not receive your Apple ID credentials.

2. How Do We Use Your Information?

• Providing the Services: delivering AI voice companion sessions, processing your account, managing subscriptions, and maintaining your companion memory.
• Authentication: verifying your identity via email magic links or OAuth providers.
• Payments: processing subscription and credit top-up purchases through Stripe or Apple IAP, and managing billing lifecycle events.
• Personalization: using conversation memory (via Zep) to make AI companions consistent and contextually aware across sessions.
• AI response generation: routing your conversation inputs to appropriate LLM providers to generate companion responses.
• Analytics and product improvement: analyzing aggregated usage patterns to improve features, fix bugs, and measure the effectiveness of our service.
• Communications: sending transactional emails (account confirmation, magic links, billing receipts) and, with your consent, marketing communications about new features or promotions.
• Safety and security: detecting fraud, preventing abuse, and enforcing our Terms of Service.
• Legal compliance: responding to legal requests and complying with applicable laws.

3. Legal Basis for Processing (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Performance of a contract: processing necessary to deliver the Services you signed up for (authentication, voice sessions, billing).
• Legitimate interests: analytics, fraud prevention, and product improvement, where our interests are not overridden by your rights.
• Consent: marketing emails, push notifications, and voice cloning features. You may withdraw consent at any time.
• Legal obligation: retaining records required by law (e.g., financial transaction records).

4. Who Do We Share Your Information With?

We do not sell your personal data. We share data only with the following categories of service providers and only to the extent necessary:

We may also disclose information in the following circumstances:

• Business transfers: in connection with a merger, acquisition, or sale of company assets, your data may be transferred to the acquiring entity.
• Legal obligations: if required by law, court order, or governmental authority.
• Safety: to protect the safety of any person or to prevent fraud or illegal activity.

5. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Strictly necessary cookies: required for authentication sessions and security. Cannot be disabled.
• Analytics cookies: PostHog and Google Analytics use cookies to track page views and user behavior. You can opt out via browser settings or the PostHog opt-out mechanism.
• Preference cookies: store your language, theme, and UI preferences.

Most web browsers allow you to control cookies through browser settings. Disabling cookies may affect your ability to use certain features of the Services.

6. Voice, Audio, and Biometric Data

Questie is a voice-first AI companion platform. We want to be transparent about how voice data is handled:

• Real-time voice: during live voice chat sessions, your microphone audio is streamed in real time through LiveKit's encrypted infrastructure to our AI backend for speech-to-text processing. Audio streams are not permanently stored by Questie after a session ends unless explicitly stated otherwise.
• Voice cloning (optional feature): if you choose to use the voice cloning feature, audio samples you upload are sent to Fish Audio or Cartesia for voice model creation. Voice prints may qualify as biometric data under laws such as the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), and similar legislation. We will obtain your explicit consent before processing any voice cloning data, and you may delete your voice model at any time by contacting us.
• Third-party TTS audio: text generated by AI companions is converted to speech by providers including ElevenLabs, Cartesia, Fish Audio, Azure Cognitive Services, Google TTS, and OpenAI TTS. Only the AI-generated text (not your voice) is sent to TTS providers for normal companion audio.

7. AI Conversation Data and Memory

When you chat with AI companions, your messages are processed by large language models. Please be aware:

• Conversation inputs are routed through OpenRouter to underlying LLM providers (such as OpenAI, Google Gemini, Anthropic Claude, Meta Llama, Mistral, and others). Each provider has its own data retention and privacy practices.
• Questie stores persistent memory summaries (not full conversation transcripts) using Zep Cloud's graph-based memory system. This memory is linked to your account and a specific companion, and is used to give companions continuity across sessions.
• You can request deletion of your companion memory at any time through your account settings or by contacting us.
• Do not share sensitive personal information (such as financial details, passwords, or health information) in AI conversations.

8. How Long Do We Keep Your Information?

We retain your personal information for as long as your account is active or as needed to provide the Services. Specifically:

• Account data: retained while your account is active. Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.
• Conversation memory: retained by Zep Cloud until you delete it or delete your account.
• Voice clone models: retained until you request deletion or delete your account.
• Payment records: retained for 7 years as required by financial regulations.
• Server logs and analytics: typically retained for 90 days for security and diagnostics.
• Uploaded files (avatars, profile pictures): retained until you delete them or your account is deleted.

9. How Do We Keep Your Information Safe?

We implement industry-standard technical and organizational security measures including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• JWT-based authentication with short-lived tokens
• Encrypted storage of any third-party API keys users provide (BYOK feature)
• Role-based access controls limiting data access to authorized personnel
• Webhook signature verification for all payment and email provider callbacks

No system is 100% secure. We cannot guarantee absolute security of information transmitted over the Internet. Transmission of personal information is at your own risk.

10. Children's Privacy

Our Services are intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a minor, please contact us at contact@questie.ai and we will promptly delete that information.

11. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate data.
• Deletion: request deletion of your personal data (subject to legal retention requirements).
• Portability: request your data in a machine-readable format.
• Objection / Restriction: object to or restrict certain processing activities.
• Withdraw consent: for processing based on consent (e.g., marketing emails, push notifications, voice cloning).

To exercise any of these rights, email us at contact@questie.ai or visit your account settings at https://questie.ai/profile/settings.

EEA/UK residents: if you believe we are unlawfully processing your data, you have the right to lodge a complaint with your local data protection supervisory authority. Find your authority at edpb.europa.eu.

Switzerland: contact the Federal Data Protection and Information Commissioner at edoeb.admin.ch.

12. California Privacy Rights (CCPA/CPRA)

California residents have the right under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) to:

• Know what personal information we collect, use, disclose, and sell
• Delete personal information we have collected (subject to exceptions)
• Opt out of the sale or sharing of personal information (we do not sell personal information)
• Non-discrimination for exercising privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

To submit a CCPA request, contact us at contact@questie.ai. We will respond within 45 days.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request, once per year, information about personal data shared with third parties for their direct marketing purposes. To make such a request, contact us at the address below.

Minors (under 18 in California): if you are under 18, reside in California, and have a registered account, you may request removal of content you publicly posted on the Services by contacting us at contact@questie.ai.

13. Social Logins

You may register and log in using your existing account with Google, GitHub, Discord, or Apple. When you do, we receive your name, email address, and profile picture from that provider. We use this information only to create and manage your Questie account. We do not receive your social media passwords or gain posting access to your accounts.

We recommend reviewing the privacy policy of your chosen login provider: Google, GitHub, Discord, Apple.

14. Do-Not-Track Signals

Most web browsers include a Do-Not-Track ("DNT") setting. Because no uniform standard for DNT has been established, we do not currently respond to DNT signals. If a binding standard is adopted in the future, we will update this notice accordingly.

15. Updates to This Notice

We may update this Privacy Notice from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-app notification. We encourage you to review this notice periodically. Your continued use of the Services after any update constitutes acceptance of the revised notice.

16. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or your personal data, please contact us:

To request review, correction, or deletion of your personal data, visit https://questie.ai/profile/settings or email us at contact@questie.ai. We will respond to all verified requests within 30 days.