1. Introduction
Quest Labs Limited ("Company", "we", "us") operates the Quest Labs platform at thequestlabs.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform or related services. By using the Service, you consent to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, and password when you register
- Billing information: payment method details processed securely through our third-party payment provider (we do not store full credit card numbers)
- Template data: Docker image URLs, startup scripts, and configuration data you submit
- Communications: messages, feedback, and support requests you send to us
2.2 Information Collected Automatically
- Usage data: Template submissions, instance activity, compute resource consumption, and billing events
- Technical data: IP address, browser type and version, operating system, device information, and access timestamps
- Log data: server logs including request URLs, response codes, and error messages for security and debugging
2.3 Cookies & Tracking Technologies
We use the following types of cookies:
- Essential cookies: required for authentication, session management, and security. Cannot be disabled.
- Analytics cookies: help us understand how users interact with the platform. We may use third-party analytics services (e.g., Google Analytics) that set their own cookies.
You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
3. How We Use Your Information
- Provide, operate, and maintain the Service
- Process transactions, manage billing, and maintain your account
- Review and approve templates submitted to the platform
- Provision and manage GPU instances on your behalf
- Send important service updates, security alerts, and billing notifications
- Monitor and analyze usage patterns to improve performance and user experience
- Detect, prevent, and respond to fraud, abuse, security threats, and technical issues
- Enforce our Terms of Service and acceptable use policies
- Comply with legal obligations and respond to lawful requests
4. Your Data & Workloads
Your Docker images, startup scripts, configuration data, and any outputs generated by your instances belong to you. We do not access, use, or share your workload data for any purpose other than providing and maintaining the Service.
We do not use your data to train AI models. Workload data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Each instance runs in a fully isolated compute environment.
5. Data Sharing & Disclosure
We do not sell your personal information. We may share data in the following circumstances:
- Service providers: payment processors, cloud infrastructure providers, and analytics tools that help us operate the Service, bound by contractual data protection obligations
- Legal requirements: when required by law, subpoena, court order, or government request
- Safety & security: to protect against fraud, abuse, or threats to the safety of users or the public
- Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, with notice to affected users
We contractually require third parties who receive your data to protect it in accordance with standards consistent with this policy.
6. Data Retention
Account data is retained while your account is active and for a reasonable period thereafter for legal, billing, and operational purposes. Instance logs are retained for 30 days. Template data is retained as long as the template exists on the platform.
Upon account deletion, all personal data is permanently removed within 30 days. Anonymized and aggregated usage analytics may be retained indefinitely for service improvement. Billing records may be retained as required by applicable tax and accounting laws.
7. Security
We implement industry-standard security measures to protect your information, including: TLS encryption for all data in transit, AES-256 encryption for data at rest, isolated compute environments for each instance, regular security audits and vulnerability assessments, and access controls with role-based permissions. Despite our efforts, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data, subject to legal retention requirements
- Portability: request your data in a structured, machine-readable format
- Restriction: request limitation of data processing under certain circumstances
- Objection: object to data processing based on legitimate interests
- Withdrawal of consent: withdraw consent at any time where processing is based on consent
- Complaint: lodge a complaint with your local data protection authority
To exercise these rights, contact us at privacy@thequestlabs.com. We will respond within 30 days.
9. International Data Transfers
Your data may be processed in countries other than your country of residence, including jurisdictions where data protection laws may differ. We ensure appropriate safeguards for international data transfers, including the use of Standard Contractual Clauses (SCCs) where required by the General Data Protection Regulation (GDPR) or equivalent legislation.
10. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us.
11. Do-Not-Track Signals
Our platform does not currently respond to Do-Not-Track (DNT) browser signals. We will update this policy if we adopt DNT support in the future.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
13. Contact
For questions or concerns about this Privacy Policy or our data practices, please contact: