Privacy Policy | Daily Quest

Daily Quest ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

This policy complies with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission of the Philippines.

1. Who We Are

Daily Quest is the data controller responsible for your personal data.

Privacy Contact:

Email: support@dailyquest.co

Phone: +63 905 669 1964

Response Time: Within 15 business days

NPC Registration: We are in the process of completing our registration with the National Privacy Commission. As we grow and meet registration thresholds, we will ensure full compliance with NPC registration requirements.

2. Information We Collect

2.1 Personal Information (PII)

Account Information: First name, last name, nickname, email address, phone number (optional)
Contact Information: Address (street, city, region, postal code, country)
Hub Owner Data: Hub name, hub contact details, team member information
Authentication Data: OTP codes, session tokens (via Supabase Auth)

2.2 Transaction Data

Order Information: Order numbers, product purchases, payment method, payment status
Quest Progress: Quest enrollment, progress count, rewards claimed
Reviews: Product ratings and review text
Bookings: Service bookings, appointment times

💳 Payment Security: We do NOT store credit card numbers, CVV codes, or full payment credentials. All payments are processed through external providers (GCash, PayMaya, bank terminals) who maintain PCI-DSS compliance. We only record the payment method used and transaction status.

2.3 Technical Data

Usage Data: Pages visited, features used, activity logs
Device Data: IP address, browser type, user agent, device identifiers
Cookies: See our Cookie Policy

2.4 Consent Records

We track your consent preferences for cookies, analytics, and marketing, including when and how you granted or revoked consent.

3. Why We Process Your Information

We process your data based on the following reasons:

Service Delivery: To provide our services (account creation, order processing, quest management)
Business Operations: Fraud prevention, service improvement, security
Your Consent: Marketing communications, analytics cookies, personalization (you can withdraw consent at any time)
Legal Compliance: Tax compliance, financial audit requirements, and compliance with Philippine laws

4. How We Use Your Information

Provide and maintain our platform services
Process transactions and manage quest rewards
Send transactional emails (order confirmations, quest updates)
Communicate with you about your account
Detect and prevent fraud, abuse, and security incidents
Analyze platform usage and improve our services
Send marketing communications (with your consent)
Comply with legal obligations (tax, financial reporting)

5. Information Sharing

We share your information in the following circumstances:

5.1 With Businesses on Our Platform

When you make a purchase, enroll in a quest, or book a service, we share relevant information with the business to fulfill your request. The business owner acts as a separate data controller for this information.

Data shared with businesses:

Your name and contact information (phone, email)
Order details (products, quantities, delivery address)
Quest enrollment and progress
Booking information (appointment times, service details)

Important: Business owners are responsible for protecting your data according to their own privacy practices. If you delete your Daily Quest account, your order history with businesses may be retained for their legal compliance (e.g., financial records) but will be anonymized where possible.

5.2 With Service Providers

Supabase: Database and authentication (Data Processing Agreement in place)
Vercel: Hosting and infrastructure (DPA in place)
Email Service: Transactional and marketing emails (DPA in place)

All service providers are contractually bound to protect your data and process it only as instructed.

5.3 For Legal Reasons

We may disclose your information if required by law, court order, or to protect our rights, safety, or property.

5.4 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Where We Store Your Data

Cross-Border Data Transfer: Your data is stored on secure cloud servers located outside the Philippines. We use trusted international service providers:

Supabase: Database and authentication (data centers in various regions)
Vercel: Website hosting and infrastructure (global network)

While these services are located internationally, we ensure they maintain industry-standard security measures including:

Encryption of data at rest and in transit (HTTPS/TLS, AES-256)
Regular security audits and certifications (SOC 2 Type II, ISO 27001)
Data Processing Agreements to protect your information
Compliance with international data protection standards

By using our service, you consent to this cross-border data transfer, which is necessary to provide you with our platform's features and services.

7. Data Retention

We retain your personal data as follows:

Active Accounts: As long as your account is active
After Account Deletion: 90 days (soft delete period for recovery and compliance)
Transaction Records: 10 years (BIR tax compliance under NIRC)
Consent Records: 3 years after withdrawal (audit compliance)
Marketing Data: Until you unsubscribe or withdraw consent

See our Data Retention Policy for full details.

8. Your Privacy Rights

Under the Data Privacy Act of 2012, you have the following rights:

Manage Your Privacy Settings

Exercise your rights from your account settings:

Settings

8.1 Right to Access Your Information

Request a copy of all personal data we hold about you in a downloadable format (JSON). Processing time: Available immediately via self-service download.

8.2 Right to Correct Your Information

Update or correct inaccurate personal data. Edit your profile at /profile/edit.

8.3 Right to Delete Your Account

Request deletion of your account and all associated personal data. Processing time: Data is soft-deleted immediately and permanently removed after 90 days. During the 90-day period, you can contact us to restore your account if you change your mind.

8.4 Right to Restrict Processing

Request that we temporarily freeze processing of your data while disputes are resolved.

8.5 Right to Data Portability

Download your data to transfer to another service.

8.6 Right to Object

Object to processing for direct marketing purposes or other legitimate business interests.

8.7 Right to Withdraw Consent

Withdraw consent for cookies, analytics, or marketing at any time.

8.8 Automated Decision-Making

We do not use automated decision-making or profiling that would significantly affect you without human oversight. Any automated systems (like quest progress tracking) are designed to enhance your experience, not make consequential decisions about you.

8.9 Right to File a Complaint

If you believe we have violated your privacy rights, you may:

Contact us directly at support@dailyquest.co or +63 905 669 1964
File a formal complaint with the National Privacy Commission (NPC)

9. Data Security

We implement industry-standard security measures:

Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
Access Controls: Role-based access, Row Level Security (RLS) policies
Authentication: Passwordless OTP code authentication with JWT tokens
Security Headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
Rate Limiting: API rate limits to prevent abuse
Audit Logging: All access and modifications logged for security monitoring
Regular Audits: Security reviews and vulnerability assessments

10. Cookies and Tracking

We use cookies for essential functionality, analytics, and personalization. You can manage your cookie preferences in our Cookie Policy or through the cookie banner.

11. Age Requirements

Our platform is intended for users 18 years and older. If you are between 13-17 years old, you may use our platform with verifiable parental or guardian consent.

We do not knowingly collect personal data from children under 13 years old. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@dailyquest.co and we will delete it promptly.

12. Data Breach Notification

In the event of a data breach that poses a risk to your privacy, we will:

Notify the National Privacy Commission within 72 hours of becoming aware of the breach
Notify affected users within 5 business days of confirming the breach affects your data
Provide details about the breach, affected data, and steps you can take to protect yourself
Send notifications via email and display alerts in your account dashboard

For urgent security issues (account compromise, suspicious activity), contact us immediately:

Email: support@dailyquest.co
Phone: +63 905 669 1964

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date at the top
Sending email notifications for material changes (if you've opted in)

Your continued use of the platform after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Privacy Contact:

Email: support@dailyquest.co

Phone: +63 905 669 1964

Support Portal: Contact Support

Response Time: Within 15 business days for privacy requests

Related Policies

→ Cookie Policy → Data Retention Policy → Terms of Service → Privacy Settings

This policy complies with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission of the Philippines.

1. Who We Are

Daily Quest is the data controller responsible for your personal data.

Privacy Contact:

Email: support@dailyquest.co

Phone: +63 905 669 1964

Response Time: Within 15 business days

2. Information We Collect

2.1 Personal Information (PII)

Account Information: First name, last name, nickname, email address, phone number (optional)
Contact Information: Address (street, city, region, postal code, country)
Hub Owner Data: Hub name, hub contact details, team member information
Authentication Data: OTP codes, session tokens (via Supabase Auth)

2.2 Transaction Data

Order Information: Order numbers, product purchases, payment method, payment status
Quest Progress: Quest enrollment, progress count, rewards claimed
Reviews: Product ratings and review text
Bookings: Service bookings, appointment times

2.3 Technical Data

Usage Data: Pages visited, features used, activity logs
Device Data: IP address, browser type, user agent, device identifiers
Cookies: See our Cookie Policy

2.4 Consent Records

We track your consent preferences for cookies, analytics, and marketing, including when and how you granted or revoked consent.

3. Why We Process Your Information

We process your data based on the following reasons:

Service Delivery: To provide our services (account creation, order processing, quest management)
Business Operations: Fraud prevention, service improvement, security
Your Consent: Marketing communications, analytics cookies, personalization (you can withdraw consent at any time)
Legal Compliance: Tax compliance, financial audit requirements, and compliance with Philippine laws

4. How We Use Your Information

Provide and maintain our platform services
Process transactions and manage quest rewards
Send transactional emails (order confirmations, quest updates)
Communicate with you about your account
Detect and prevent fraud, abuse, and security incidents
Analyze platform usage and improve our services
Send marketing communications (with your consent)
Comply with legal obligations (tax, financial reporting)

5. Information Sharing

We share your information in the following circumstances:

5.1 With Businesses on Our Platform

Data shared with businesses:

Your name and contact information (phone, email)
Order details (products, quantities, delivery address)
Quest enrollment and progress
Booking information (appointment times, service details)

5.2 With Service Providers

Supabase: Database and authentication (Data Processing Agreement in place)
Vercel: Hosting and infrastructure (DPA in place)
Email Service: Transactional and marketing emails (DPA in place)

All service providers are contractually bound to protect your data and process it only as instructed.

5.3 For Legal Reasons

We may disclose your information if required by law, court order, or to protect our rights, safety, or property.

5.4 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Where We Store Your Data

Cross-Border Data Transfer: Your data is stored on secure cloud servers located outside the Philippines. We use trusted international service providers:

Supabase: Database and authentication (data centers in various regions)
Vercel: Website hosting and infrastructure (global network)

While these services are located internationally, we ensure they maintain industry-standard security measures including:

Encryption of data at rest and in transit (HTTPS/TLS, AES-256)
Regular security audits and certifications (SOC 2 Type II, ISO 27001)
Data Processing Agreements to protect your information
Compliance with international data protection standards

By using our service, you consent to this cross-border data transfer, which is necessary to provide you with our platform's features and services.

7. Data Retention

We retain your personal data as follows:

Active Accounts: As long as your account is active
After Account Deletion: 90 days (soft delete period for recovery and compliance)
Transaction Records: 10 years (BIR tax compliance under NIRC)
Consent Records: 3 years after withdrawal (audit compliance)
Marketing Data: Until you unsubscribe or withdraw consent

See our Data Retention Policy for full details.

8. Your Privacy Rights

Under the Data Privacy Act of 2012, you have the following rights:

Manage Your Privacy Settings

Exercise your rights from your account settings:

Settings

8.1 Right to Access Your Information

Request a copy of all personal data we hold about you in a downloadable format (JSON). Processing time: Available immediately via self-service download.

8.2 Right to Correct Your Information

Update or correct inaccurate personal data. Edit your profile at /profile/edit.

8.3 Right to Delete Your Account

8.4 Right to Restrict Processing

Request that we temporarily freeze processing of your data while disputes are resolved.

8.5 Right to Data Portability

Download your data to transfer to another service.

8.6 Right to Object

Object to processing for direct marketing purposes or other legitimate business interests.

8.7 Right to Withdraw Consent

Withdraw consent for cookies, analytics, or marketing at any time.

8.8 Automated Decision-Making

8.9 Right to File a Complaint

If you believe we have violated your privacy rights, you may:

Contact us directly at support@dailyquest.co or +63 905 669 1964
File a formal complaint with the National Privacy Commission (NPC)

9. Data Security

We implement industry-standard security measures:

Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
Access Controls: Role-based access, Row Level Security (RLS) policies
Authentication: Passwordless OTP code authentication with JWT tokens
Security Headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
Rate Limiting: API rate limits to prevent abuse
Audit Logging: All access and modifications logged for security monitoring
Regular Audits: Security reviews and vulnerability assessments

10. Cookies and Tracking

We use cookies for essential functionality, analytics, and personalization. You can manage your cookie preferences in our Cookie Policy or through the cookie banner.

11. Age Requirements

Our platform is intended for users 18 years and older. If you are between 13-17 years old, you may use our platform with verifiable parental or guardian consent.

12. Data Breach Notification

In the event of a data breach that poses a risk to your privacy, we will:

Notify the National Privacy Commission within 72 hours of becoming aware of the breach
Notify affected users within 5 business days of confirming the breach affects your data
Provide details about the breach, affected data, and steps you can take to protect yourself
Send notifications via email and display alerts in your account dashboard

For urgent security issues (account compromise, suspicious activity), contact us immediately:

Email: support@dailyquest.co
Phone: +63 905 669 1964

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date at the top
Sending email notifications for material changes (if you've opted in)

Your continued use of the platform after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Privacy Contact:

Email: support@dailyquest.co

Phone: +63 905 669 1964

Support Portal: Contact Support

Response Time: Within 15 business days for privacy requests

Related Policies

→ Cookie Policy → Data Retention Policy → Terms of Service → Privacy Settings