Functions Platform Customers About Contact us →
Legal

Privacy Policy

Last updated: February 2026

Welcome to QUESTT.ai, operated by Questt Technologies Private Limited ("Company", "we", "us", or "our"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, mobile application, and use our products and services (collectively, the "Services"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Services.

1. Information We Collect

1.1 Personal Data

We may collect personally identifiable information that you voluntarily provide when registering for our Services, expressing interest in obtaining information about us or our products, or otherwise contacting us. This includes:

  • Name
  • Email address
  • Phone number
  • Company name and job title
  • Mailing address
  • Payment information (credit card numbers, billing address)
  • Login credentials

1.2 Usage Data

We automatically collect certain information when you visit, use, or navigate our Services. This information does not reveal your specific identity but may include:

  • Device and browser information
  • Operating system
  • IP address
  • Pages visited and features used
  • Time and date of visits
  • Referring URLs
  • Click patterns and interaction data

1.3 Business Data

When you use our AI-powered enterprise decision intelligence platform, we may process:

  • Supply chain data
  • Sales and revenue data
  • Inventory and procurement data
  • Customer relationship data
  • Operational metrics and KPIs

2. How We Collect Information

2.1 Direct Collection

Information you provide directly through:

  • Account registration
  • Contact forms and enquiries
  • Service subscriptions
  • Customer support interactions
  • Surveys and feedback forms

2.2 Automated Collection

Information collected automatically through:

  • Cookies and similar tracking technologies
  • Log files
  • Web beacons
  • Analytics tools

2.3 Third-Party Sources

Information received from:

  • Business partners and integrations
  • Public databases
  • Social media platforms (when you choose to connect)
  • Data enrichment providers

3. Use of Your Information

We use the information we collect for:

3.1 Service Delivery

  • Providing and maintaining our AI platform
  • Processing transactions and managing subscriptions
  • Delivering AI-powered insights and recommendations
  • Customer support and technical assistance

3.2 Service Improvement

  • Analysing usage patterns to improve our Services
  • Training and improving our AI models
  • Developing new features and capabilities
  • Conducting research and analytics

3.3 Communication

  • Sending service-related notifications
  • Responding to enquiries and support requests
  • Providing product updates and announcements
  • Marketing communications (with your consent)

3.4 Security and Compliance

  • Protecting against unauthorised access
  • Detecting and preventing fraud
  • Complying with legal obligations
  • Enforcing our terms and policies

4. Cookies and Tracking Technologies

4.1 Types of Cookies We Use

Cookie TypePurpose
Essential CookiesRequired for basic site functionality and security
Analytics CookiesHelp us understand how visitors interact with our Services
Functional CookiesRemember your preferences and settings
Marketing CookiesTrack visitors across websites for advertising purposes

4.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies
  • Delete all cookies when you close your browser

Please note that blocking or deleting cookies may affect your experience with our Services.

5. Disclosure of Your Information

We may share your information in the following situations:

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure (e.g., AWS, Google Cloud)
  • Payment processing
  • Email delivery services
  • Analytics providers
  • Customer support tools

5.2 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.3 Legal Requirements

We may disclose your information where required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our terms and agreements

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee security training and awareness programmes
  • Incident response procedures
  • Regular backups and disaster recovery planning

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Account Data: Retained for the duration of your account plus 90 days after deletion
  • Transaction Data: Retained for 7 years for tax and accounting compliance
  • Usage Data: Retained for 24 months for analytics purposes
  • Marketing Data: Retained until you withdraw consent
  • Support Data: Retained for 3 years after resolution

When data is no longer needed, we securely delete or anonymise it.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 General Rights

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing
  • Withdrawal: Withdraw consent at any time

8.2 For Indian Residents

Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

  • Access information about how your data is processed
  • Correct and erase your personal data
  • Nominate another person to exercise your rights
  • Grievance redressal

8.3 For EU/EEA Residents

Under GDPR, you have additional rights including the right to lodge a complaint with a supervisory authority and the right not to be subject to automated decision-making.

8.4 For California Residents

Under CCPA/CPRA, you have the right to:

  • Know what personal information is collected
  • Delete personal information
  • Opt out of the sale or sharing of personal information
  • Non-discrimination for exercising your rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence. We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules
  • Your explicit consent where required

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

11. Third-Party Links and Services

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our platform.

12. AI and Machine Learning

12.1 How We Use AI

Our platform uses artificial intelligence and machine learning to provide enterprise decision intelligence. This includes:

  • Processing business data to generate insights
  • Providing predictive analytics and recommendations
  • Automating decision support workflows
  • Natural language processing for user interactions

12.2 AI Data Practices

  • Your business data is processed to deliver the Services you have subscribed to
  • We do not use your business data to train general-purpose AI models without your explicit consent
  • AI-generated insights are based on your data and our proprietary models
  • You retain ownership of your business data at all times

13. Data Processing Agreements

For enterprise customers, we offer Data Processing Agreements (DPAs) that outline:

  • The scope and purpose of data processing
  • Data security obligations
  • Sub-processor management
  • Data breach notification procedures
  • Data return and deletion procedures

Please contact us to request a DPA for your organisation.

14. Security Incident Response

In the event of a data breach that affects your personal information:

  • We will notify affected users within 72 hours of becoming aware of the breach
  • We will notify relevant supervisory authorities as required by law
  • We will provide details of the breach, its impact, and the measures taken
  • We will take immediate steps to contain and remediate the breach

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. We currently respond to DNT signals and do not track users who have enabled this feature.

16. Email and Marketing Communications

You may opt out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us directly
  • Updating your communication preferences in your account settings

Please note that you may still receive service-related communications even after opting out of marketing emails.

17. Compliance and Certifications

We are committed to maintaining compliance with applicable data protection regulations, including:

  • Information Technology Act, 2000 and rules thereunder (India)
  • Digital Personal Data Protection Act, 2023 (India)
  • General Data Protection Regulation (GDPR) for EU/EEA users
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

18. Grievance Officer

In accordance with Indian data protection laws, we have appointed a Grievance Officer who can be contacted for any privacy-related concerns:

  • Name: Akhil Gupta
  • Email: akhil@questt.com
  • Response time: Within 30 days of receiving your concern

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification (for registered users)
  • Displaying a prominent notice on our Services

Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

20. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka, India.

21. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have any concerns about our data practices, please contact us: