Privacy Policy

Last Updated: 17 May 2026

Our Commitment to Privacy

At innerquests.app, we believe privacy is a fundamental right. We have designed our service to be GDPR compliant by default — not because we have to, but because we believe it is the right thing to do.

innerquests.app provides two services: Philosophy Compass (a one-time philosophical assessment quiz) and innerQuests (a subscription-based AI life companion platform). innerQuests is available through our website and through our iOS mobile application. Each service collects and processes different types of data, as described below.

What We Do Not Collect

Across both services, we do not collect or store:

  • Browsing history or tracking cookies
  • Device fingerprints or persistent identifiers
  • Data from third-party sources about you

What We Process

A. Philosophy Compass (one-time quiz)

Ephemeral processing — no account required, data auto-deleted

Quiz Responses

Your quiz answers are stored temporarily in your browser session and sent to our AI analysis service (Anthropic Claude API) when you purchase an analysis. The answers are not stored on our servers and are discarded by Anthropic immediately after generating your results.

Philosophical Profile Analysis

When you purchase an analysis, we generate a philosophical profile based on your quiz responses. This profile may contain information about your philosophical and religious views, which constitutes special category data under Article 9 of the GDPR.

Your explicit consent is required before we process this data. EU/EEA visitors provide this consent before starting the quiz. You may withdraw your consent at any time by contacting us at privacy@bigawerk.com.

Your analysis results are stored on our servers for 7 days to give you time to access and download your PDF report. After 7 days, the results are automatically and permanently deleted. During this period, the data is stored on Vercel's infrastructure within the European Economic Area and protected by encryption at rest and in transit.

B. innerQuests (subscription platform)

Persistent processing — account required, data stored while subscribed

Account Data

When you create an innerQuests account, we collect and store:

  • Email address — used for authentication, service communications (check-in reminders, weekly insights, monthly reviews), and account recovery
  • Display name (optional) — used to personalize your experience
  • Password — stored as a cryptographic hash; we never have access to your plain-text password

Philosophical Profile & Assessment Data

innerQuests builds a persistent philosophical profile based on your onboarding assessments (philosophy, values, life satisfaction) and life context interview. This profile may contain information about your philosophical and religious views, which constitutes special category data under Article 9 of the GDPR.

Your explicit consent is required before we process this data. You provide this consent during account creation. You may withdraw your consent at any time by deleting your account or contacting us at privacy@bigawerk.com.

Unlike Philosophy Compass, this data is stored persistently in our database for as long as your account is active. It is used to personalize your check-in questions, AI-generated insights, and goal recommendations.

Check-in & Wellness Data

When you complete weekly check-ins, we store:

  • Your energy and wellness ratings
  • Your responses to reflective questions
  • AI-generated insights based on your responses
  • Timestamps for each check-in

Goals & Experiments

Goals, experiments, and related progress data you create within innerQuests are stored in your account. This data is used to track your progress and personalize AI insights.

Subscription Data

We store your subscription status (trial, active, cancelled), trial expiration date, billing period dates, the platform you subscribed on (web or iOS), and an anonymous subscription identifier from our subscription-management provider (Paddle on the web, RevenueCat on iOS). We do not store your payment method, credit card details, or Apple ID — these are handled entirely by Paddle and Apple, respectively.

iOS Push Notification Token (iOS app only)

If you grant the iOS app permission to send push notifications, we store the device-specific Apple Push Notification service (APNs) token associated with your account so that we can deliver check-in reminders and weekly insight summaries. The token does not identify you outside of Apple's notification system, and you can revoke it at any time by disabling notifications in iOS Settings → Notifications → innerQuests or in the app's settings.

C. Shared (both services)

Payment Information

Web purchases. Payment is processed securely by Paddle, our merchant of record for the web. We never have access to your credit card or payment details. Paddle collects and processes your payment data (including email, country, and billing information) independently as a data controller for payment processing purposes.

iOS app purchases. Subscriptions purchased through the iOS app are sold by Apple Inc. as the seller of record. Payment is processed through your Apple ID. We do not receive your name, Apple ID, payment method, or billing details from Apple — we only receive the subscription status associated with the App Store account that completed the purchase, via RevenueCat (see below). Apple processes your payment data independently as a data controller. See Apple's Privacy Policy.

Marketing Communications (Optional)

During checkout, you may choose to opt in to marketing communications from us. If you do, Paddle shares your contact details (email address) with us for this purpose. The legal basis for this processing is your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time by clicking the unsubscribe link in any marketing email or contacting us at privacy@bigawerk.com.

Data Retention

  • Philosophy Compass results: automatically deleted after 7 days.
  • innerQuests account data: stored for as long as your account is active. When you delete your account, all personal data (profile, check-ins, insights, goals) is permanently deleted within 30 days. Anonymized, aggregated statistics may be retained.
  • Subscription/billing records: Paddle may retain transaction records as required by applicable financial regulations, independently of your account status.

Third-Party Services

Paddle (Payment Processing — web)

Paddle acts as our merchant of record for web purchases and is an independent data controller for payment data. Paddle is PCI-DSS compliant and handles all payment processing. We never have access to your credit card information. Paddle may retain transaction records as required by applicable financial regulations. See Paddle's Privacy Policy.

Apple (Payment Processing — iOS app)

For subscriptions purchased through the iOS app, Apple Inc. acts as the seller of record and is an independent data controller for payment data. Payment is charged to your Apple ID. We do not receive your Apple ID, name, payment method, or billing details from Apple. See Apple's Privacy Policy.

RevenueCat (Subscription Management — iOS app)

We use RevenueCat to manage iOS in-app subscriptions, validate App Store receipts, and synchronize subscription status across your devices. When you make or restore a purchase in the iOS app, RevenueCat receives an anonymous user identifier (your innerQuests user ID), the identifier of the product you purchased, a coarse country code, and your App Store receipt. RevenueCat acts as a data processor on our behalf under appropriate data processing terms and does not have access to your Apple ID, name, email, or payment information. RevenueCat's infrastructure is located in the United States. This transfer is covered by Standard Contractual Clauses (SCCs). See RevenueCat's Privacy Policy.

Apple Push Notification service (iOS app)

The iOS app uses Apple Push Notification service (APNs) to deliver notifications to your device. If you grant notification permission, we store the device-specific APNs token to send you reminders and insight summaries. Apple operates APNs as an independent controller for the delivery mechanism. The notification content is provided by us. You can disable notifications at any time in iOS Settings → Notifications → innerQuests.

Anthropic Claude API (AI Analysis)

Your multiple-choice quiz responses are transmitted to Anthropic's Claude API to generate your philosophical profile. No name, email, or other identifying information is included in this transmission. Anthropic does not use API inputs or outputs to train its models and does not retain your data beyond the duration of the API call. We are the data controller; Anthropic acts as a data processor on our behalf under appropriate data processing terms. Anthropic's servers are located in the United States. This transfer is covered by Standard Contractual Clauses (SCCs) as approved by the European Commission. See Anthropic's Privacy Policy.

Supabase (Database & Authentication)

innerQuests uses Supabase for user authentication and database storage. Your account data, philosophical profile, check-in history, and goals are stored in a Supabase PostgreSQL database protected by Row Level Security (you can only access your own data). Supabase's infrastructure is hosted on Amazon Web Services (AWS). This transfer is covered by Standard Contractual Clauses (SCCs). See Supabase's Privacy Policy.

SendGrid (Email Delivery)

We use SendGrid (a Twilio company) to deliver service emails to innerQuests subscribers, including check-in reminders, weekly insight summaries, and monthly review reports. SendGrid processes your email address on our behalf as a data processor. SendGrid's infrastructure is located in the United States, covered by Standard Contractual Clauses. See Twilio's Privacy Policy.

Vercel (Hosting)

Our website is hosted on Vercel. Vercel may collect standard web server logs (IP addresses, browser information) for security and performance purposes. Vercel's infrastructure may process data in the United States, covered by Standard Contractual Clauses. See Vercel's Privacy Policy.

Amazon Associates

We participate in the Amazon Associates Program. When you click book recommendation links, you are redirected to Amazon's website where Amazon may track your activity according to their own privacy policy. We do not use any cookies or tracking mechanisms in connection with these links on our website. We earn a small commission from qualifying purchases at no extra cost to you. See Amazon's Privacy Policy.

Bookshop.org

We are an affiliate of Bookshop.org. When you click Bookshop.org links, you are redirected to their website where they may track your activity according to their own privacy policy. We do not use any cookies or tracking mechanisms in connection with these links on our website. We earn a commission from qualifying purchases at no extra cost to you. See Bookshop.org's Privacy Policy.

Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data on the following legal bases:

  • Explicit consent (Article 9(2)(a)) — Processing your quiz responses and assessment data through the Anthropic Claude API to generate a philosophical profile that may reveal your philosophical or religious views. For Philosophy Compass, consent is provided before starting the quiz. For innerQuests, consent is provided during account creation. You may withdraw consent at any time.
  • Performance of a contract (Article 6(1)(b)) — Delivering the services you have purchased: temporary storage of Compass results for 7 days; operating your innerQuests account, generating personalized check-in questions and AI insights, sending service emails (reminders, insights, reviews), and maintaining your subscription.
  • Consent (Article 6(1)(a)) — Sending marketing communications, if you have opted in.
  • Legal obligation (Article 6(1)(c)) — Paddle may retain transaction records as required by applicable financial regulations.

We do not sell your data to third parties. We do not process your data for profiling or automated decision-making purposes beyond generating the philosophical analysis and personalized insights that are part of the services you use.

International Data Transfers

Some of our service providers process data outside the European Economic Area (EEA):

  • Anthropic (United States) — quiz response and AI insight processing
  • Supabase / AWS (United States) — database and authentication
  • SendGrid / Twilio (United States) — email delivery
  • Vercel (United States) — website hosting and server logs
  • RevenueCat (United States) — iOS subscription management and receipt validation
  • Apple (United States) — iOS App Store payment processing and push notification delivery (independent controller)

These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection.

Analytics

We do not currently use any analytics or tracking tools on our website.

Cookies

We do not use any tracking or marketing cookies. The only cookies used are strictly necessary for the service to function:

  • Authentication cookies (innerQuests web) — Supabase sets secure, HttpOnly session cookies to keep you logged in. These are strictly necessary for account functionality and do not require consent under the ePrivacy Directive.
  • Paddle payment session cookies — set during web checkout to process your payment securely.
  • Browser session storage (Philosophy Compass) — stores quiz answers temporarily; cleared when you close the tab.
  • iOS app local storage — the iOS app stores your authentication session and a small amount of preference data on your device (using native iOS secure storage). It does not use browser cookies.

Because we only use strictly necessary cookies, no cookie consent banner is required.

Your Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of access — You may request a copy of any personal data we hold about you.
  • Right to rectification — You may request correction of inaccurate data.
  • Right to erasure — You may request deletion of your data at any time. Philosophy Compass results are automatically deleted after 7 days. For innerQuests, you can delete your account at any time — directly in the iOS app via Settings → Delete account, or by contacting privacy@bigawerk.com. Deletion permanently removes all your personal data (profile, check-ins, insights, goals) within 30 days. Note: deleting your account does not cancel an active App Store subscription billed by Apple — cancel that separately in your Apple ID Subscriptions to stop renewals.
  • Right to restrict processing — You may request that we limit how we use your data.
  • Right to data portability — You may request your data in a machine-readable format. For innerQuests subscribers, this includes your profile, check-in history, and insights.
  • Right to object — You may object to our processing of your data.
  • Right to withdraw consent — You may withdraw your consent for processing of special category data (philosophical profile) or marketing communications at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For innerQuests, withdrawing consent for philosophical profile processing will result in account deletion, as this data is essential to the service.
  • Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. The supervisory authority for the data controller is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl. You may also contact your local supervisory authority.

To exercise any of these rights, contact us at privacy@bigawerk.com. We will respond within 30 days.

Age Restriction

Our service is intended for users aged 16 and over. Users under 16 may only use the service with verifiable parental consent. We do not knowingly collect or process data from users under 16 without such consent. If you believe a user under 16 has used our service without parental consent, please contact us at privacy@bigawerk.com and we will promptly delete any associated data.

Changes to This Policy

We may update this policy occasionally. Changes will be posted on this page with an updated date. If we make material changes that affect how we process your data, we will make reasonable efforts to notify affected users.

Data Controller

BIGAWERK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

NIP: 5214149417

REGON: 543795186

Address: Świeradowska 47, 02-662 Warszawa, Polska

Supervisory Authority

Prezes Urzędu Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Polska

uodo.gov.pl

Contact

Questions about privacy? Contact us at: privacy@bigawerk.com