Questverse – Privacy Policy

Last updated: 15 March 2026


1. Who we are

Questverse ("the platform") and StudyBlast ("the App") are published by Questverse AS, a company registered in Norway.

Contact: hello@questverse.io

2. What data we collect and why

Account Information

  • Email address and password — used for account creation, login, and authentication. Your password is securely hashed.

  • First name and display name — provided optionally during signup to personalise your experience. Linked to your identity.

User-Generated Content

  • Topics, questions, flashcards, and study materials you create — stored in our database to enable syncing across devices and backups. Linked to your account.


Subscription and Purchase Data | StudyBlast iOS

  • Subscription status and tier — stored to manage your access to premium features. Linked to your account.

  • Crystal transaction history — records of crystals earned, spent, and purchased for account integrity and support purposes. Linked to your account.

  • Apple processes all payment information directly. We do not receive or store your credit card details.

Device and Analytics Data

  • Device identifiers (IDFA, IDFV) — used by Google AdMob to show personalised or contextual ads. Not linked to your real-world identity. Used for tracking.

  • Anonymous device ID (generated locally) — used for legacy cloud save compatibility. Not linked to your identity.

  • Advertising data (ad impressions, clicks, completions) — lets us and our ad partners measure ad performance. Not linked to your identity. Not used for tracking.

  • Product interaction (level completions, button taps, session counts) — helps improve gameplay balance and user experience. Not linked to your identity. Not used for tracking.

3. Third-party services we use

  • Cloud database and authentication. Stores account data, user-generated content, subscription status, and crystal balances. Hosted in EU (eu-west).

  • Apple StoreKit — processes in-app purchases and subscriptions. We receive transaction confirmations but not payment details.

  • Google AdMob — serves interstitial and rewarded ads; handles IDFA, coarse device info, ad-interaction events.

  • Google Firebase — legacy cloud save, anonymous authentication.

  • OpenAI & Other AI services — processes text users submit for topic generation. Text is sent to AI providers to generate questions, flashcards, and formatted study material. We do not use your content to train AI models.

Please refer to each provider's own privacy documentation for details on how they handle data.

4. App Tracking Transparency (ATT)

When you first open the App, iOS will ask whether you allow tracking. If you decline, AdMob shows only non-personalised ads. You can change this choice at any time in iOS Settings > Privacy & Security > Tracking.

5. Data retention

  • Account data (email, name, content) is retained for as long as your account is active. You may request deletion at any time.

  • Subscription and transaction records are retained for up to 36 months for accounting and dispute resolution purposes.

  • Anonymous analytics and advertising logs are retained for up to 36 months for aggregate analysis, then deleted or further anonymised.

6. Children's privacy

The App is not specifically directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

7. Security

All network traffic uses HTTPS/TLS encryption. Account passwords are cryptographically hashed. Database access is protected by row-level security policies ensuring users can only access their own data. Authentication tokens are refreshed automatically and stored securely on-device.

8. Your rights

Depending on your region, you may have the right to:

  • Access the personal data we hold about you

  • Correct inaccurate data

  • Request deletion of your data and account

  • Export your data in a portable format

  • Object to or restrict certain processing

  • Withdraw consent at any time

If you are in the EU/EEA, these rights are provided under the General Data Protection Regulation (GDPR). If you are in Norway, the Norwegian Personal Data Act (Personopplysningsloven) applies.

To exercise any of these rights, contact us at hello@questverse.io. We will respond within 30 days.

9. International data transfers

Your data is primarily stored in the EU (eu-west). Some third-party services may process data outside the EU/EEA. Where this occurs, appropriate safeguards are in place, including safe handling of data and Standard Contractual Clauses or equivalent measures.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes to how we collect or use your data, we will notify you through the App. We will update the "Last updated" date whenever the policy changes.