Privacy Policy

Effective date: April 14, 2026 · Last updated: April 14, 2026

Side Quest is built around a simple idea: your location, your messages, and your plans belong to you and the friends you choose to share them with — not to us, and not to advertisers.

Who we are

Side Quest is operated by Jorrel Patterson (an independent developer).
Contact: info@sidequesting.io
Website: https://sidequesting.io

What information we collect

Side Quest is a local-first app. Most of what you do lives on your device and only travels between you and your squad.

Information you provide

• Account info. An email address for sign-in codes. No password, no phone number.
• Profile info. A display name, optional avatar, and a public key (auto-generated) for message verification.
• Squad info. Squad names and 6-character join codes.

Information generated by usage

• Schedule picks, check-ins, messages, and positions you share within a squad. Stored locally and synced to squad members via cloud or Bluetooth mesh.
• Location data. GPS coordinates for the radar feature. Only shared with your squad — never with us or third parties. Disable anytime in Settings.
• Motion / compass data. Magnetometer for the compass. Never leaves your device.
• Bluetooth discovery data. Scans for nearby Side Quest users for mesh relay. We do not log Bluetooth device identifiers.

Information we do NOT collect

We do not collect analytics, crash reports, advertising IDs, browsing history, contacts, photos, or any data unrelated to the features you use. No third-party trackers or advertising SDKs.

How we use information

• To run the app. Syncing your schedule, messages, and location between squad members.
• To authenticate you. Sending one-time sign-in codes by email.
• To operate the mesh. Encrypted messages may relay through other squad members' phones. Relay devices cannot read the contents.

We do not use your information for advertising, profiling, or any commercial purpose.

How your information is protected

• End-to-end encryption. Messages and events within a squad are encrypted with a symmetric key (XSalsa20-Poly1305). The server stores encrypted blobs but cannot read them.
• Local-first storage. Sensitive data stored on-device. Private keys in iOS Secure Enclave / Android Keystore.
• HTTPS in transit. All cloud traffic uses TLS.
• Row-level security. Backend (Supabase / Postgres) enforces that only squad members can read squad data.

Sharing

We do not sell, rent, or share your data with advertisers, data brokers, or analytics providers.

Your data is seen by:

• You, on your devices.
• Your squad members, who receive data you explicitly share.
• Supabase (our backend provider), which stores encrypted blobs. Their privacy policy.

We may disclose information if legally compelled, but due to end-to-end encryption, we cannot provide message contents even if asked.

Your controls

• Leave a squad from the squad settings screen.
• Delete your account by emailing info@sidequesting.io. Deleted within 30 days.
• Disable location and Bluetooth from your phone's Settings.
• Export your data by contacting us. Provided within 30 days.

Children

Side Quest is not directed at children under 13. If you believe a child has provided information, contact us and we'll delete it.

Retention

• Cloud event log: 90 days after festival end date, then deleted.
• Local event log: on your device until you delete the app.
• Account info: until you request deletion.

International users

Side Quest is operated from the United States. Data is transferred to and processed in the US.

California / GDPR rights

California residents (CCPA) and EU/UK residents (GDPR) have the right to know, request deletion, request correction, and opt out of data sales (we don't sell). Email info@sidequesting.io.

Changes

Material changes will be posted here with an updated date. Continued use constitutes acceptance.

Contact

Questions? info@sidequesting.io