Privacy Policy

Quest Digital is a sole proprietorship offering website development and digital marketing services. Oz is our subscription product for managing client websites, content, inquiries, and analytics in one place. You can reach us at [email protected] or by writing to Quest Digital, Atlanta, Georgia, United States.

We collect the following categories of information:

• Account information. When you create an account or are onboarded by Quest Digital staff, we collect your name, email address, business name, phone number, and contact preferences.
• Authentication credentials. If you sign in with Google, we receive your Google account email and basic profile information from Google. If you use a password, we store a hashed (one-way encrypted) version of it; we never store passwords in plain text.
• Subscription and billing data. When you purchase a subscription, we receive billing details from our payment processor, Stripe, including the last four digits of your card, your billing address, invoice history, and subscription status. Stripe holds the full card number; we do not.
• Site content you create or edit. Text, images, and metadata you submit through the dashboard for your website. Images you upload are stored in Cloudflare R2 / Cloudflare Images.
• Inquiries from your website visitors. If you use the Oz inquiry form on your site, the data those visitors submit (name, email, phone, message, and any custom fields you have configured) is stored on your client account so you can view it in the dashboard.
• Third-party integration tokens. When you connect Oz to Google Analytics 4, Google Search Console, Google Business Profile, or another analytics provider, we store a long-lived refresh token issued by the provider so we can fetch your data on your behalf. We never receive your Google account password. You can revoke the connection at any time from within the Oz dashboard or directly from your Google account security settings.
• Analytics data fetched on your behalf. When you connect a Google analytics product, we fetch statistics about your website (visitor counts, search performance, business profile interactions, etc.) and cache the results in our database so the dashboard loads quickly. We do not collect or store personally identifying information about your end visitors through this integration.
• Diagnostic and usage data. We log basic information about requests to the Service (IP address, user agent, paths visited, timestamps) for security, abuse prevention, and debugging.

We use the information we collect to:

• provide, operate, and maintain the Service;
• authenticate you and your team members across sessions;
• process payments, manage subscriptions, and send billing communications;
• fetch and display analytics, inquiries, and other data you have asked us to retrieve from third-party providers;
• send operational emails (welcome messages, password resets, billing receipts, support replies);
• improve the Service, develop new features, and diagnose problems;
• comply with our legal and contractual obligations.

We do not sell your personal information. We do not use your data to train machine-learning models, except when you explicitly invoke an AI feature within the dashboard (for example, the “Ask Oz” suggestions on the SEO page), in which case the relevant content is sent to our AI provider, Anthropic, only for the duration of that request. See the next section.

We work with a small number of trusted vendors to deliver the Service. Each vendor receives only the data needed to perform their specific function and is bound by their own privacy and security obligations:

• Supabase — database and authentication infrastructure. Stores account data, content, inquiries, and tokens described above.
• Cloudflare — web hosting, image storage, content delivery, and bot protection. Routes and accelerates traffic to and from the Service.
• Stripe — payment processing. Handles all card and bank information.
• Google LLC — sign-in and the analytics integrations you choose to connect (Google Analytics 4, Search Console, Business Profile). Data flows are subject to Google’s API Services User Data Policy.
• Microsoft Corporation — Bing Webmaster Tools and Clarity, when you connect them.
• Resend — transactional email delivery (welcome messages, inquiry notifications, password resets, etc.).
• Anthropic — AI model provider used to power the “Ask Oz” suggestion features. Content you explicitly send to these features is processed by Anthropic for the duration of the request and is not used by Anthropic to train models.
• GitHub — version control for your client website’s content repository. Edits you approve are committed to a GitHub repository owned by Quest Digital and rebuilt to your live site.

We may also disclose information when required by law, to enforce our terms, to protect our rights or the rights of others, or in connection with a merger, acquisition, or asset sale (in which case the receiving party will be bound by terms at least as protective as this Policy).

When you connect a Google service (Analytics, Search Console, Business Profile, or Google sign-in), Oz uses and shares Google user data in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum scopes necessary to surface the analytics features you have asked to see.
• We use Google user data only to provide and improve the analytics features visible to you in the Oz dashboard.
• We do not transfer Google user data to third parties for advertising, lending or insurance qualification, sale to data brokers, or other purposes unrelated to the features you connect.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google user data except (a) with your affirmative consent for specific data, (b) when necessary for security purposes (e.g., investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized.

You can revoke our access at any time by visiting myaccount.google.com/permissions, or by clicking “Disconnect” on the relevant analytics panel inside Oz.

We retain your account data, content, and inquiries for as long as your account is active. When you cancel or your account is terminated, we retain your data for a brief reconciliation period (typically up to thirty days), after which we delete or anonymize it from our active systems. Backups may persist for an additional period (typically up to ninety days) before being overwritten.

Billing records are retained for as long as required by applicable tax and accounting law.

You may request earlier deletion at any time by writing to [email protected]. We will respond within a reasonable time frame and delete to the extent permitted by law.

Oz uses essential cookies to keep you signed in and to remember preferences across pages. We do not use third-party advertising cookies or cross-site tracking on the Oz dashboard itself. The websites we build for our clients may use analytics cookies under those clients’ control; those are governed by each client’s own privacy policy.

Depending on where you live, you may have the right to:

• request a copy of the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your data;
• object to or restrict certain processing, including opting out of marketing communications;
• withdraw consent to processing where consent is the basis we rely on;
• request portability of your data in a structured, commonly used format;
• lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at [email protected].

Oz is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly.

Quest Digital is based in the United States, and our service providers process data in the United States and other regions. If you access the Service from outside the United States, you understand and agree that your data may be transferred to and processed in jurisdictions whose data-protection laws may differ from those of your home country.

We use commercially reasonable administrative, technical, and physical safeguards to protect your information. Sensitive credentials are stored with restricted access and encrypted in transit. No system can be made completely secure, but we work to reduce risk and respond promptly to incidents. If we become aware of a security incident that affects your data, we will notify you in accordance with applicable law.

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective” date at the top. Material changes will also be communicated by email or by a notice in the dashboard. Continued use of the Service after a change takes effect constitutes acceptance of the revised policy.

For questions, requests, or concerns about this Privacy Policy, contact us at: