Side Quests HQ

Side Quests HQ Privacy Policy

Last Updated: October 14, 2025

At Side Quests HQ, privacy is not an afterthought, it is a core product principle.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and how we interact with third-party AI models.

We never sell your data.

We never train AI models using your private information.

For any privacy questions or requests, contact: support@sidequestshq.com

1. Scope of This Policy

This Policy applies to all users of Side Quests HQ's websites, applications, browser extensions, APIs, automation features, and on-premise or cloud-hosted deployments (collectively, the "Services").

By using the Services, you acknowledge and agree to this Privacy Policy.

This Policy does not cover:

  • Data stored in third-party tools you choose to connect (Google Drive, Slack, Notion, Outlook, etc.).
  • The independent privacy practices of AI providers (OpenAI, Anthropic, Google Gemini).
  • Websites or applications not owned by Side Quests HQ.

When you connect or use third-party tools or AI providers, their policies apply in addition to ours.

2. Information We Collect

We collect three categories of information:

(a) Information You Provide Directly

Account Information

Name, email, password (hashed), workspace name, and organization details.

Billing Information

Payment details processed securely through Stripe. We do not store your full credit card or bank information.

Uploaded Content & Files

Documents, media, URLs, and any content you upload or give us access to.

Workspace Data

Folders, automations, prompts, configurations, and integrations you create.

Support Communications

Emails, chat messages, tickets, and feedback.

(b) Information Collected Automatically

Usage Activity

Actions taken inside the app — clicks, automations triggered, features used, error logs.

Device & Network Data

IP address, operating system, browser version, time zone, device identifiers, language.

Authentication Metadata

If signing in via Google, Slack, GitHub, etc. This helps improve performance, security, and user experience.

(c) Information from Third Parties

Connected Platforms

When you integrate external tools (e.g., Google Drive, Slack, Notion), we only retrieve the minimal data required for the integration to function.

Public Data Sources

Company verification data (domain ownership, organization name, etc.). We never pull data from third-party platforms without your explicit connection and permission.

3. How We Use Your Information

We use your information to:

Operate the Service

  • Authenticate users
  • Manage workspaces and permissions
  • Enable role-based access (RBAC)
  • Facilitate automations and model workflows

Improve and Personalize Your Experience

  • Enhance feature performance
  • Provide personalized recommendations
  • Improve reliability and reduce errors

Power AI Features

Summaries, writing assistance, memory features, automations

Only the minimal necessary data is sent to the selected model

Communicate With You

  • Billing notices
  • Product updates
  • Security alerts
  • Support responses

Comply With Law & Protect the Platform

  • Fraud prevention
  • Abuse detection
  • Regulatory compliance

We do not:

  • Sell your data
  • Use your private workspace content to train models
  • Track you across the internet for advertising

4. How We Interface With AI Models

Side Quests HQ integrates multiple AI providers, including:

  • OpenAI (GPT models)
  • Anthropic (Claude)
  • Google (Gemini)
  • Other secure third-party LLMs

How Your Data Interacts With AI Models

API-Based Access Only
All AI usage occurs via secure encrypted API calls.

Minimal Data Transmission
Only the specific text, file segment, or prompt required for the operation is sent.

No Training on Your Data
We do not allow models to train on your inputs. However, each provider's own data policy applies.

User Choice
You may disable specific models for your workspace.

Important Disclaimer

We vet all AI model providers carefully, but Side Quests HQ cannot fully control or guarantee how third-party models store or process input once sent to their APIs. By using AI features, you acknowledge and consent to this limited disclosure.

5. Data Security & Protection

We employ strong technical and organizational security measures, including:

RBAC (Role-Based Access Control)

Fine-grained permissions for users, admins, and groups.

Network Isolation

Segmented, secure cloud environments for data storage.

Zero-Trust Architecture

Encrypted credentials, strict authentication enforcement.

Audit Logs

Comprehensive logs of workspace events, admin actions, and system-level operations.

Encryption

  • Data in transit: TLS 1.2+
  • Data at rest: AES-256
  • Additional end-to-end encryption available on request

On-Prem & Private Inference

Enterprise customers may run the entire stack inside their infrastructure → ensuring no data leaves their environment.

Despite best efforts, no system can be 100% secure — but we design Mabel to meet or exceed modern security standards.

6. Cookies & Tracking

We use minimal, privacy-respecting cookies only to:

  • Maintain session and login state
  • Store preferences
  • Provide anonymous analytics via PostHog

We do not use:

  • Advertising trackers
  • Behavioral ad cookies
  • Cross-site tracking

You may disable cookies, but some features may not work.

7. Data Sharing & Disclosure

We share your data only when necessary to operate the Service:

With Infrastructure Providers (Minimal Access)

  • AWS
  • Vercel
  • Supabase or equivalent secure infrastructure

With Essential Vendors

  • Stripe and Spotflow (billing)

With Your Organization's Admins

They may view or manage user activity consistent with workspace policies.

With Law Enforcement

Only when legally required and properly authorized.

We never share your data with advertisers or unrelated third parties.

8. Data Retention & Deletion

We retain your data for only as long as necessary to:

  • Operate your account
  • Provide the Services
  • Satisfy legal or regulatory requirements

When you request deletion:

  • Your personal data is permanently deleted or anonymized.
  • Workspace data is removed unless retention is required by law or internal enterprise policy.

To request deletion: support@sidequestshq.com

9. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Export your data (portability)
  • Withdraw consent
  • Object to certain processing
  • File a complaint with a regulatory authority

Contact us to exercise any rights.

10. Regional Compliance

GDPR / UK GDPR

  • Data Controller: Side Quests HQ
  • Lawful Basis: Contractual necessity, legitimate interest, consent
  • International transfers use Standard Contractual Clauses (SCCs)
  • A Data Processing Addendum (DPA) is available for enterprise customers.

CCPA / CPRA (California)

  • You have rights to access, delete, or correct your data
  • We do not sell or share personal data for advertising
  • Verified requests completed within 45 days

11. Children's Privacy

The Service is not intended for children under 16. If we become aware of data belonging to a child, we will delete it immediately.

12. Changes to This Policy

We may update this Policy periodically.

Major changes will prompt a notification.

The updated effective date will always appear at the top.

Continued use of the Services after changes indicates acceptance.

13. Contact Us

Side Quests HQ, Inc.

Email: support@sidequestshq.com

Website: https://sidequestshq.com