Privacy Policy

Our Commitment to Privacy

At innerquests.app, we believe privacy is a fundamental right. We have designed our service to be GDPR compliant by default — not because we have to, but because we believe it is the right thing to do.

innerquests.app provides two services: Philosophy Compass (a one-time philosophical assessment quiz) and innerQuests (a subscription-based AI life companion platform). Each service collects and processes different types of data, as described below.

What We Do Not Collect

Across both services, we do not collect or store:

• Browsing history or tracking cookies
• Device fingerprints or persistent identifiers
• Data from third-party sources about you

What We Process

Quiz Responses

Your quiz answers are stored temporarily in your browser session and sent to our AI analysis service (Anthropic Claude API) when you purchase an analysis. The answers are not stored on our servers and are discarded by Anthropic immediately after generating your results.

Philosophical Profile Analysis

When you purchase an analysis, we generate a philosophical profile based on your quiz responses. This profile may contain information about your philosophical and religious views, which constitutes special category data under Article 9 of the GDPR.

Your explicit consent is required before we process this data. EU/EEA visitors provide this consent before starting the quiz. You may withdraw your consent at any time by contacting us at privacy@bigawerk.com.

Your analysis results are stored on our servers for 7 days to give you time to access and download your PDF report. After 7 days, the results are automatically and permanently deleted. During this period, the data is stored on Vercel's infrastructure within the European Economic Area and protected by encryption at rest and in transit.

Account Data

When you create an innerQuests account, we collect and store:

• Email address — used for authentication, service communications (check-in reminders, weekly insights, monthly reviews), and account recovery
• Display name (optional) — used to personalize your experience
• Password — stored as a cryptographic hash; we never have access to your plain-text password

Philosophical Profile & Assessment Data

innerQuests builds a persistent philosophical profile based on your onboarding assessments (philosophy, values, life satisfaction) and life context interview. This profile may contain information about your philosophical and religious views, which constitutes special category data under Article 9 of the GDPR.

Your explicit consent is required before we process this data. You provide this consent during account creation. You may withdraw your consent at any time by deleting your account or contacting us at privacy@bigawerk.com.

Unlike Philosophy Compass, this data is stored persistently in our database for as long as your account is active. It is used to personalize your check-in questions, AI-generated insights, and goal recommendations.

Check-in & Wellness Data

When you complete weekly check-ins, we store:

• Your energy and wellness ratings
• Your responses to reflective questions
• AI-generated insights based on your responses
• Timestamps for each check-in

Goals & Experiments

Goals, experiments, and related progress data you create within innerQuests are stored in your account. This data is used to track your progress and personalize AI insights.

Subscription Data

We store your subscription status (trial, active, cancelled), trial expiration date, and billing period dates. We do not store your payment method or credit card details — these are handled entirely by Paddle.

Payment Information

Payment is processed securely by Paddle, our merchant of record. We never have access to your credit card or payment details. Paddle collects and processes your payment data (including email, country, and billing information) independently as a data controller for payment processing purposes.

Marketing Communications (Optional)

During checkout, you may choose to opt in to marketing communications from us. If you do, Paddle shares your contact details (email address) with us for this purpose. The legal basis for this processing is your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email or contacting us at privacy@bigawerk.com.

Data Retention

• Philosophy Compass results: automatically deleted after 7 days.
• innerQuests account data: stored for as long as your account is active. When you delete your account, all personal data (profile, check-ins, insights, goals) is permanently deleted within 30 days. Anonymized, aggregated statistics may be retained.
• Subscription/billing records: Paddle may retain transaction records as required by applicable financial regulations, independently of your account status.

Third-Party Services

Paddle (Payment Processing)

Paddle acts as our merchant of record and is an independent data controller for payment data. Paddle is PCI-DSS compliant and handles all payment processing. We never have access to your credit card information. Paddle may retain transaction records as required by applicable financial regulations. See Paddle's Privacy Policy.

Anthropic Claude API (AI Analysis)

Your multiple-choice quiz responses are transmitted to Anthropic's Claude API to generate your philosophical profile. No name, email, or other identifying information is included in this transmission. Anthropic does not use API inputs or outputs to train its models and does not retain your data beyond the duration of the API call. We are the data controller; Anthropic acts as a data processor on our behalf under appropriate data processing terms. Anthropic's servers are located in the United States. This transfer is covered by Standard Contractual Clauses (SCCs) as approved by the European Commission. See Anthropic's Privacy Policy.

Supabase (Database & Authentication)

innerQuests uses Supabase for user authentication and database storage. Your account data, philosophical profile, check-in history, and goals are stored in a Supabase PostgreSQL database protected by Row Level Security (you can only access your own data). Supabase's infrastructure is hosted on Amazon Web Services (AWS). This transfer is covered by Standard Contractual Clauses (SCCs). See Supabase's Privacy Policy.

SendGrid (Email Delivery)

We use SendGrid (a Twilio company) to deliver service emails to innerQuests subscribers, including check-in reminders, weekly insight summaries, and monthly review reports. SendGrid processes your email address on our behalf as a data processor. SendGrid's infrastructure is located in the United States, covered by Standard Contractual Clauses. See Twilio's Privacy Policy.

Vercel (Hosting)

Our website is hosted on Vercel. Vercel may collect standard web server logs (IP addresses, browser information) for security and performance purposes. Vercel's infrastructure may process data in the United States, covered by Standard Contractual Clauses. See Vercel's Privacy Policy.

Amazon Associates

We participate in the Amazon Associates Program. When you click book recommendation links, you are redirected to Amazon's website where Amazon may track your activity according to their own privacy policy. We do not use any cookies or tracking mechanisms in connection with these links on our website. We earn a small commission from qualifying purchases at no extra cost to you. See Amazon's Privacy Policy.

Bookshop.org

We are an affiliate of Bookshop.org. When you click Bookshop.org links, you are redirected to their website where they may track your activity according to their own privacy policy. We do not use any cookies or tracking mechanisms in connection with these links on our website. We earn a commission from qualifying purchases at no extra cost to you. See Bookshop.org's Privacy Policy.

Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data on the following legal bases:

• Explicit consent (Article 9(2)(a)) — Processing your quiz responses and assessment data through the Anthropic Claude API to generate a philosophical profile that may reveal your philosophical or religious views. For Philosophy Compass, consent is provided before starting the quiz. For innerQuests, consent is provided during account creation. You may withdraw consent at any time.
• Performance of a contract (Article 6(1)(b)) — Delivering the services you have purchased: temporary storage of Compass results for 7 days; operating your innerQuests account, generating personalized check-in questions and AI insights, sending service emails (reminders, insights, reviews), and maintaining your subscription.
• Consent (Article 6(1)(a)) — Sending marketing communications, if you have opted in.
• Legal obligation (Article 6(1)(c)) — Paddle may retain transaction records as required by applicable financial regulations.

We do not sell your data to third parties. We do not process your data for profiling or automated decision-making purposes beyond generating the philosophical analysis and personalized insights that are part of the services you use.

International Data Transfers

Some of our service providers process data outside the European Economic Area (EEA):

• Anthropic (United States) — quiz response and AI insight processing
• Supabase / AWS (United States) — database and authentication
• SendGrid / Twilio (United States) — email delivery
• Vercel (United States) — website hosting and server logs

These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

Analytics

We do not currently use any analytics or tracking tools on our website.

Cookies

We do not use any tracking or marketing cookies. The only cookies used are strictly necessary for the service to function:

• Authentication cookies (innerQuests) — Supabase sets secure, HttpOnly session cookies to keep you logged in. These are strictly necessary for account functionality and do not require consent under the ePrivacy Directive.
• Paddle payment session cookies — set during checkout to process your payment securely.
• Browser session storage (Philosophy Compass) — stores quiz answers temporarily; cleared when you close the tab.

Because we only use strictly necessary cookies, no cookie consent banner is required.

Your Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal data:

• Right of access — You may request a copy of any personal data we hold about you.
• Right to rectification — You may request correction of inaccurate data.
• Right to erasure — You may request deletion of your data at any time. Philosophy Compass results are automatically deleted after 7 days. For innerQuests, you can delete your account at any time, which permanently removes all your personal data (profile, check-ins, insights, goals) within 30 days.
• Right to restrict processing — You may request that we limit how we use your data.
• Right to data portability — You may request your data in a machine-readable format. For innerQuests subscribers, this includes your profile, check-in history, and insights.
• Right to object — You may object to our processing of your data.
• Right to withdraw consent — You may withdraw your consent for processing of special category data (philosophical profile) or marketing communications at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For innerQuests, withdrawing consent for philosophical profile processing will result in account deletion, as this data is essential to the service.
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. The supervisory authority for the data controller is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl. You may also contact your local supervisory authority.

To exercise any of these rights, contact us at privacy@bigawerk.com. We will respond within 30 days.

Age Restriction

Our service is intended for users aged 16 and over. Users under 16 may only use the service with verifiable parental consent. We do not knowingly collect or process data from users under 16 without such consent. If you believe a user under 16 has used our service without parental consent, please contact us at privacy@bigawerk.com and we will promptly delete any associated data.

Changes to This Policy

We may update this policy occasionally. Changes will be posted on this page with an updated date. If we make material changes that affect how we process your data, we will make reasonable efforts to notify affected users.

Data Controller

Supervisory Authority

Contact

Questions about privacy? Contact us at: privacy@bigawerk.com