← Back to Home

PRIVACY POLICY — STARQUESTS

(GDPR, Quebec Law 25, PIPEDA Canada Compliant)
Last updated: 2025-11-15

1. Introduction

This Privacy Policy explains how StarQuests, operated by Noasys Holdings Inc., collects, uses, stores, and protects your personal data when you use:

• The StarQuests mobile application
• Geolocated experiences
• Voice features
• Digital ticketing
• Interactions with artificial intelligence

We strictly comply with the following laws:

• GDPR (EU)
• Law 25 (Quebec)
• PIPEDA (Canada)
• California Consumer Privacy Act (CCPA), when applicable

Your privacy is a fundamental priority.

2. Data Controller (Law 25 & GDPR)

Person responsible for the protection of personal information (PRPPI)
Noasys Holdings Inc.
Email: privacy@noasys.io

3. Data We Collect

We only collect the data necessary for the application to function.

3.1 Data Provided by the User

• Email address
• Password (hashed and salted)
• Preferred language
• History of completed missions
• Purchases made (tickets, passes, events)

3.2 Technical Data

• Phone model
• Operating system version
• Anonymized device identifier
• Browser type (for web-app)

3.3 Geolocation Data (required for functionality)

• Real-time GPS position
• Signal accuracy
• Phone orientation angle

These data are not stored permanently.
They are used only to:

• Detect entry and exit from zones
• Trigger media and AI interactions
• Generate real-time experiences

3.4 Voice Data

When you use the Talk function:

• Audio is temporarily captured by your microphone
• It is sent to Whisper (OpenAI) for transcription
• Audio is not stored by StarQuests
• Only the transcribed text is stored for AI conversations

⚠️ We do not store any user audio files.

3.5 AI Data ("Teachings")

When you say "Remember," "Learn," or equivalent:

• The following text is added as a Zone Teaching
• This information is linked only to that zone
• It can be deleted upon request (right to erasure)

4. Purposes of Processing

Your data is used to:

• Operate geolocated experiences
• Trigger sounds, videos, and AI within zones
• Personalize AI interactions
• Ensure account security
• Analyze usage to improve the application
• Prevent fraud (API call limits)
• Manage ticketing and billing

We never sell your personal data.

5. Cookies and Local Storage

✔️ Necessary Cookies:

• Authentication
• Language preferences
• Access tickets for experiences

✔️ Local storage:

• Temporary caching of compressed videos
• Caching of M4A sounds
• Minimizing repeated downloads

❌ No advertising cookies

StarQuests contains no advertising.

6. Data Sharing

We share only the data necessary with essential service providers.

6.1 Hosting & Servers (Bunny.net)

• Video storage
• Storage of converted sounds
• Backend FFmpeg processing

6.2 OpenAI (Whisper, GPT)

• Voice transcription
• AI text generation

These data are processed in environments compliant with:

• GDPR
• SOC 2
• ISO 27001

6.3 VoiceKiller / Gemini TTS

• Voice synthesis
• No permanent storage of requests

6.4 Payments

• Stripe / Square

We never store your payment information.

7. Data Retention

Data Type	Retention Duration
User account	As long as the account exists
Anonymized logs	90 days
AI requests	30 days
AI Teachings	Until manually deleted
Raw user audio	Not stored
GPS data	Not stored

Data is anonymized as soon as possible.

8. Data Security

We apply:

• 256-bit SSL/TLS encryption
• Hashed and salted passwords
• GDPR / SOC-2 compliant servers
• Regular monitoring and auditing
• Database separation
• Minimalist data storage

9. User Rights (GDPR & Law 25)

At any time, you may:

• ✔ Access your data
• ✔ Correct your data
• ✔ Delete your account
• ✔ Request deletion of an AI Teaching
• ✔ Withdraw consent
• ✔ Request data portability
• ✔ Request limitation of processing
• ✔ File a complaint with a data protection authority

Request: privacy@noasys.io

10. Minors

The application is intended for users aged 13 and up.
For users under 14 years old in Quebec, parental authorization is required to create an account.

11. International Transfers

Some data may be processed by:

• OpenAI (USA & EU)
• Google (USA)
• Bunny.net (EU)
• Replit (USA)
• Other compliant cloud servers

All these providers comply with GDPR or offer lawful transfer mechanisms.
(Standard Contractual Clauses — SCCs — are used when applicable.)

12. Policy Modifications

We reserve the right to modify this policy at any time.
A notice will be displayed in the app in case of significant changes.

13. Contact

For any questions:
privacy@noasys.io

Or to exercise your rights:
Law 25 Form (available upon request)

← Back to Home