Privacy policy.
We collect what we need to run the work and nothing else. We do not sell data. We do not use your traffic to train models. The longer version is below. Last updated 27 April 2026.
An unincorporated team, operating remotely.
This policy is published by School of Quest(the “School”, “we”, “our”), an unincorporated team operating remotely from around the world. School of Quest is not currently registered as a company. Once we incorporate, we will update this policy and notify you in advance.
Three buckets, named honestly.
Identity. If you write to us or apply to a program, we collect your name, email, role, and the contents of the letter. If you create a platform account, we additionally collect a hashed password (or your SSO token), your billing entity, and your billing email.
Telemetry. When you call the SoQ Platform, we log the request ID, the model you targeted, prompt and completion token counts, latency, status code, and your API key ID. Where you have opted in, we log redacted prompts and completions for a rolling 30-day debugging window. You can disable the redaction-and-store feature at any time from your dashboard.
Operational metadata. Cookies that keep you signed in. A first-party analytics ping that records page, country, and referrer. We do not load third-party tracking pixels and we have no advertising relationships.
Storage, retention, and the people who can see it.
Letters and program data are hosted in our primary data region with daily encrypted backups. Platform telemetry is stored in our Observatory product. Regional residency is available on enterprise plans — pick the region your data has to live in. Billing records are kept with our payment processor and in our books for the period applicable tax law requires.
Access to identifying data is restricted to a small number of named operators. We log every access and we audit those logs quarterly. We will tell you within 72 hours if we discover a breach that affects your data, and we will notify the relevant regulator inside the same window.
Retention
- Letters from prospective parents: kept for 12 months after the last conversation, then deleted
- Platform request logs (with content): 30 days, then either redacted or fully purged depending on your setting
- Platform request logs (metadata only): 13 months, for billing reconciliation
- Workshop and program records: kept for the duration of the cohort and the period applicable tax law requires after
The promises we can actually keep.
- We do not sell or share your personal data with third parties for marketing
- We do not use your platform traffic to fine-tune our own or any partner's models
- We do not run third-party advertising trackers or third party session recorders
- We do not share content with our model providers beyond what is necessary to fulfil the request, subject to their published data policies
- We do not retain prompts longer than 30 days unless you have explicitly opted in to longer-window debugging
You can ask, and we will answer.
Under the Digital Personal Data Protection Act (DPDPA, 2023), the EU GDPR (where it applies to you), and analogous laws, you have the right to access the data we hold about you, to correct it, to ask for it to be deleted, to object to its processing, and to withdraw consent. We honour these requests inside 30 days, free of charge. These rights apply to you regardless of where School of Quest is based.
One inbox for every data question.
Write to foundersdesk@schoolofquest.com with the subject line “data request”. Our privacy contact reads that inbox personally. If we cannot resolve your concern, you may file a complaint with your local supervisory authority. (We do not yet operate a formal Data Protection Officer role; once we incorporate, we will appoint one where the law requires it and update this page.)