Questies

privacy policy

effective June 24, 2026

privacy at a glance

  • no account, ever. no name, no email, no password. your timer, streaks, and history live in your browser, on your device.
  • we cannot read your focus data. anything we keep on a server is anonymized or end-to-end encrypted with a key only you hold.
  • cookieless, aggregate analytics. no cookies, no profiles, no identifiers, and no consent banner needed.
  • we don't store your IP address in our own data, and we never sell or rent your information.
  • if we ever run ads or offers, we vet them and never sell your data to advertisers or track you across other sites.

This Privacy Policy explains what little data Questies handles and how. It applies to the Questies brand, the questies.app website, and the installable Questies app (together "Questies"), operated by voyanix LLC ("voyanix," "we," "us"). voyanix is the data controller. You can reach us any time at legal@voyanix.com or voyanix LLC, 81-990 Halekii St, Unit #1209, Kealakekua, HI 96750.

our posture, in plain terms

Questies is built privacy-first. There are no accounts and we collect no personal identifiers to use it. Anything that reaches our servers is either anonymized or end-to-end encrypted so that we cannot read it. Our analytics are anonymous and aggregate, and we never sell your individual data. We are honest about two limits: a short-lived sync code (described below) is the one piece of synced data not end-to-end encrypted, and your IP address is necessarily seen by our cloud infrastructure at the network layer to deliver the service, the same way it is by any website. We do not store your IP in our own application data (we use it only in memory, momentarily, to rate-limit abuse), though our cloud provider may log it transiently at the infrastructure layer, as any web host does.

what we collect, by feature

On your device only. Your timer state, streaks, day-by-day completion log, any optional name you give a questie, your settings, and your sound and focus-audio choices are stored in your browser's local storage. This never leaves your device unless you turn on a feature below.

Device sync (if you enable it). Questies encrypts your app state into an end-to-end-encrypted blob before it leaves your device. The encryption key lives only in the sync link, in the part of the URL (the fragment) that browsers never send to a server. We store only ciphertext under a random name and cannot decrypt it. The blob includes a device label like "Windows. Chrome," derived from your browser, which you can rename.

Allyship circles (if you join one). Your weekly questie count and the trail name and avatar you choose are end-to-end encrypted the same way; we see only ciphertext.

Sync code (if you use one). The short six-character code that lets a second device join your sync holds the sync key on our server briefly. It is single-use and is designed to expire in about ten minutes. This is the one piece of synced data that is not end-to-end encrypted.

Reminders (if you enable them). To send a reminder, your browser creates a push subscription with your browser's vendor (Google, Apple, or Mozilla). In our database we keep only a one-way hash of that subscription plus a scheduled time. The full subscription and the reminder message your device composed are held in our scheduled-delivery queue until the send time, then deleted once the reminder is dispatched. The reminder is composed on your device and may include a questie name you typed.

Anonymous global tally (on by default, you can turn it off). When a questie is completed, we add one to shared, aggregate counters (for example, an hourly total and an all-time total). There are no per-user records, no identifiers, and no location, only a timezone-offset bucket. You can disable this in settings.

Analytics. See "analytics" below.

Note that several optional fields are free text: the name you can give a questie, your circle's trail name and circle name, and any device label you set. They stay on your device or are end-to-end encrypted and are never sent to analytics or the tally, but they are stored exactly as you type them, so please do not put sensitive information in them.

no accounts, and security

There is no sign-up, login, password, name, email, or phone field anywhere in Questies. Data that reaches our servers takes one of three shapes: end-to-end-encrypted blobs we cannot read (sync, circles), anonymous aggregate counters (the global tally), or opaque reminder jobs that store only a hashed endpoint. We use AES-GCM encryption with keys held only by you, reach our database over HTTPS, and design the service so that voyanix holds no readable personal data. No method of transmission or storage over the internet is ever 100% secure, but this architecture means there is very little about you for anyone, including us, to expose.

legal bases (GDPR)

  • Data on your device: stays on your device and is generally not processing by us at all.
  • Anonymous, aggregate analytics and any future contextual ad serving: our legitimate interest (Article 6(1)(f)) in understanding and improving Questies. Because our analytics set nothing on your device, no separate cookie consent is required (see "cookies").
  • Reminders: your consent, given through the browser's notification permission prompt.
  • Device sync and circles: your consent and the performance of the feature you asked for (Article 6(1)(b)).

cookies and local storage

Questies is local-storage-first and sets no advertising or cross-site cookies. Storage falls into two buckets:

  • Strictly necessary / functional (no consent needed): the offline app (service worker), the local storage that holds your own timer and questie data, and any reminder subscription you opted into. These exist only to provide the feature you asked for.
  • Analytics (also no consent banner needed): our analytics are cookieless and store nothing on your device (see below), so they do not trigger the consent requirement that cookie-based analytics would.

analytics

We use Umami, a cookieless, privacy-first analytics tool, for aggregate measurement only (hosted in the European Union). It sets no cookies and no identifiers on your device, and it builds no profile of you. It counts visits using a non-reversible daily hash derived from your IP address, browser, and the day, which cannot link you across days or across other sites; your IP is used only momentarily to compute that count and is never stored. We use it to understand things like how many people use Questies, where visits come from, and how often questies are completed. We never send your questie names, trail names, or circle names to analytics, and we do not use it to identify you or to sell your data. We may in future adopt other privacy-preserving, non-identifying measurement, and if any tool ever required cookies or device storage, we would ask for your consent first.

advertising (a reserved right)

Questies shows no ads today. We reserve the right to show unobtrusive, contextual ads in the future, meaning ads chosen by what is on the page or by your in-app engagement (for example, a questie you logged or a challenge you are running), never by an individual profile of you and never tracked across other sites. We would share no personal profile or identifier with advertisers. Advertisers may pay for placement in Questies, but they receive no data about you or your activity in return, and any relevance is decided on your device. We vet advertisers and offers for alignment with our values to the best of our ability, but we are not responsible for what happens on their sites after you leave Questies. Because these ads are contextual rather than behavioral, they are not a "sale" or a "share" of personal information under California law, so no "Do Not Sell or Share" link is required. If we ever moved to targeted or behavioral advertising, we would first add consent, an opt-out, and updated disclosures.

we do not sell or share your personal information

voyanix does not sell, rent, or lease your information, and does not share personal information for cross-context behavioral advertising. We collect no sensitive personal information (no precise location, no special categories, no account), so the right to limit the use of sensitive personal information is not triggered.

service providers

A few providers help us run Questies, and each handles only anonymized, encrypted, or opaque data:

  • Google Firebase Hosting and Firestore host the website and store the end-to-end-encrypted and anonymous server data.
  • Umami provides cookieless aggregate analytics (EU-hosted).
  • Voyanix Notify, our own reminder service on Google Cloud Run, schedules and dispatches reminders.
  • Your browser's push gateway (Google, Apple, or Mozilla) receives a push subscription only when you enable reminders.

We may also disclose information if required to do so by law, or in the good-faith belief that it is necessary to comply with legal process, protect our rights or property, or protect the safety of users or the public.

international data transfers

Some of our infrastructure (Firebase Hosting, Firestore, and our reminder service on Google Cloud Run) is operated by Google in the United States. The data it holds is anonymized or end-to-end encrypted, but to the extent any of it is personal data, transfers rely on Google's certification under the EU-US Data Privacy Framework and its UK Extension, with Standard Contractual Clauses as a fallback. Our analytics are hosted in the European Union.

how long we keep things

  • On-device data: until you clear it, which you fully control.
  • Analytics: aggregate, non-identifying counts, retained for measurement.
  • Sync and circle blobs: designed to expire after a period of inactivity (about 60 days for sync, 90 days for circles) and deleted when you unpair or leave.
  • Sync codes: single-use and designed to expire in about ten minutes.
  • Reminder jobs: deleted after the reminder is sent or cancelled.
  • Anonymous tally: retained indefinitely as non-personal aggregate counts.

your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal data, to opt out of its sale or sharing or targeted advertising, and to withdraw consent. We will not discriminate against you for exercising them. Here is the honest part: because Questies has no account and holds no identifier for you, most of your data never leaves your device, and we usually cannot connect a request to a specific person. We are not required to collect extra information just to identify you for a request.

In practice you can exercise these rights yourself: clear your browser storage or use the in-app reset to delete your local data; uninstall the app or clear site data to remove everything; turn off notifications to revoke reminders; and unpair a sync or leave a circle to delete those server blobs. For anything else, email legal@voyanix.com. Anonymous, aggregate analytics and tally counts cannot be tied back to, or deleted for, a single person. Because we do not sell or share your personal information and do not use cross-context behavioral advertising (see "advertising"), an opt-out signal such as Global Privacy Control has nothing to act on today; if that ever changes, we will honor recognized opt-out signals.

notice at collection (California)

The categories of information we may handle are limited to internet and device activity (such as an IP address processed transiently for analytics and device identifiers used for reminders or sync), used to provide and measure the service and, in future, to serve contextual ads. We retain it as described above. We do not sell or share your personal information, and we collect no sensitive personal information.

reminders

Reminders are opt-in through your browser's permission prompt. Your device composes the reminder; in our database we store only a hashed subscription and a scheduled time, while the full subscription and message are held in our scheduled-delivery queue until send time and then deleted once the reminder is dispatched. A reminder may include a questie name you typed. You can turn reminders off at any time in your browser or device settings.

children

Questies is not directed to children under 13, or under the applicable age of digital consent in your country. Because Questies requires no account and collects no personal information from anyone, we do not knowingly collect personal information from children. If you are under 18, the Terms ask that you use Questies only with the permission of a parent or guardian.

changes to this policy

We may update this Policy from time to time, for example when our practices or the law change. When changes are significant, we will note them here. Your continued use of Questies after a change means you acknowledge the updated Policy.

contact

voyanix LLC
81-990 Halekii St, Unit #1209
Kealakekua, HI 96750
Email: legal@voyanix.com

See also our Terms of Service.

terms of service · questies.app · free forever