Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: January 7, 2026
Version: 1.0

Your Privacy Matters

We are committed to protecting your personal information and being transparent about our data practices.

Last Updated: January 7, 2026

This Privacy Policy (“Policy”) applies to Questt AI and was last updated on January 7, 2026. We may change or update this Policy at any time, and the same will be updated here.

If you are a Questt AI prospect, customer, or website visitor, we shall notify changes or updates either by sending an email or a notification on our website. Please ensure to read such notices carefully.

We sincerely believe that you should always know what data we collect from you, the purposes for which such data is used, and that you should have the ability to make informed decisions about what you want to share with us.

Therefore, we want to be transparent about:

(i) how and why we collect, store and use your personal data in the various capacities in which you interact with us; and

(ii) the rights that you have to determine the contours of this interaction.

Quick Summary

While we would strongly advise you to read the Policy in full, the following summary will give you a snapshot of the salient points covered herein:

  • This Policy details the critical aspects governing your personal data relationship with Questt AI, having its registered office at Urban Vault 1666/A, 4th Floor, 14th Main, Sector 3, Sarjapur - Marathahalli Road, HSR Layout, Bengaluru, Karnataka - 560102, India;
  • Your personal data relationship with QuesttAI varies based on the capacity in which you interact with us/avail of our products and solutions (“Services”). You could be: (i) a visitor to our website (“Visitor”); or (ii) a person/entity availing of our demo booking or lead generation services (“Prospect”);
  • Based on whether you are a Visitor or Prospect, the type of data we collect and the purpose for which we use it will differ and this Policy details such variations;
  • This Policy should be read in conjunction with our Terms of Use; and
  • This Policy will clarify the rights available to you vis-à-vis the personal data you share with us.

Our Contact Information: Company Name: Questt AI Registered Address: Urban Vault 1666/A, 4th Floor, 14th Main, Sector 3, Sarjapur - Marathahalli Road, HSR Layout, Bengaluru, Karnataka - 560102, India Email: support@questt.com Website: https://questt.ai

If you have any queries or concerns with this Policy, please contact our Grievance Officer (refer Section 13). If you do not agree with the Policy, we would advise you to not visit or use our website or services.

By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we rely on your consent for processing personal data; otherwise, processing is based on legitimate interests, contractual necessity, or legal obligations.

1. What Information We Collect and How We Use It

The type of information we collect and how we use it depends on how you interact with Questt AI. Below is a comprehensive breakdown:

TYPE OF USERWEBSITE VISITORDEMO REQUESTOR / PROSPECT
WHAT DATA WE MAY COLLECT1. Your location (based on IP address); 2. How you behave on the website (pages visited, time spent, navigation patterns); 3. Device information (model, operating system, browser type); 4. Basic server log information (IP address, timestamps); 5. Referral source (how you found our website).1. First name and last name; 2. Work email address; 3. Company name; 4. Job title; 5. Phone number; 6. Use case description.
HOW AND WHY WE USE ITWe use this information to: - Analyze and optimize website performance; - Understand user behavior and preferences; - Enhance user experience; - Improve our website functionality; - Ensure website security and prevent fraud.We use this information to: - Schedule and coordinate product demonstrations; - Respond to your inquiries about our GenAI solutions; - Understand your specific use case for Retail & Consumer segments; - Follow up on demo requests; - Maintain records of business interactions; - Provide you with relevant information about our services.
ADDITIONAL USES WITH CONSENTIf you submit your details and provide consent, we may: - Send newsletters about our products and services; - Share updates about GenAI solutions for Retail & Consumer segments; - Invite you to relevant webinars or events.If you provide consent, we may: - Send newsletters and product updates; - Share relevant case studies and whitepapers; - Invite you to industry events and webinars; - Provide personalized recommendations based on your use case.

2. Information We Collect

2.1 Personal Information You Provide

As detailed in the table above, when you request a product demo or express interest in our services, we collect:

  • First name
  • Last name
  • Work email address
  • Company name
  • Job title
  • Phone number
  • Use case description

2.2 Automatically Collected Information

We do not use cookies or third-party tracking technologies for advertising or behavioral profiling. We may collect limited server-side log data (such as IP address, browser type, and timestamps) strictly for security, operational, and performance purposes.

Important: We do not intentionally collect Special Categories of Personal Data (such as information about race, ethnic origin, genetics, health, biometrics, or political opinions). Users are requested not to provide such information through our website or services.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Demo Booking and Lead Generation: To schedule product demonstrations, follow up on your inquiries, and manage our sales pipeline
  • Communication: To respond to your requests, answer questions, and provide information about our GenAI solutions for Retail & Consumer segments
  • Service Delivery: To understand your specific use case and tailor our solutions to your business needs
  • Business Operations: To improve our services, maintain records of business interactions, and conduct internal analytics
  • Marketing (with consent): To send newsletters, product updates, case studies, and event invitations
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Security: To protect against fraud, unauthorized access, and ensure the security of our systems

4. Legal Basis for Processing

4.1 For Users in the European Economic Area (EEA), United Kingdom, and Switzerland

We process your personal data based on the following legal grounds under GDPR:

  • Legitimate Interests (Article 6(1)(f) GDPR): We process your data to respond to your demo requests and provide information about our services. This processing is necessary for our legitimate business interests in generating leads and marketing our services, which we have balanced against your rights and freedoms.
  • Consent (Article 6(1)(a) GDPR): Where required by law, we obtain your explicit consent before processing your personal data, particularly for marketing communications.
  • Contractual Necessity (Article 6(1)(b) GDPR): Processing may be necessary to enter into or perform a contract with you or to take steps at your request before entering into a contract.

4.2 Legal Basis Summary Table

NATURE OF DATALEGAL GROUNDS
Website Visitor Data• Legitimate Interest• Consent (where applicable)
Demo Request / Lead Data• Performance of a Contract• Legitimate Interest• Consent (for marketing)
Security and Compliance Data• Compliance with Legal Obligations• Legitimate Interest

5. International Data Transfers

We are based in India and serve clients globally. Your personal information may be transferred to and processed in India or other countries where we or our service providers operate.

For data transfers outside your country of residence, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission for GDPR compliance when transferring data from the EEA/UK/Switzerland
  • Adequate Security Measures: We implement technical and organizational measures as required by applicable data protection laws
  • Data Processing Agreements: We enter into comprehensive Data Processing Agreements (DPAs) with any third parties that process personal data on our behalf
  • Cross-Border Transfer Mechanisms: We comply with applicable cross-border data transfer requirements under DPDPA and other relevant laws

Your rights and protections will, under no circumstances, be diluted by these transfers.

6. Data Retention

We retain your personal information for 180 days from the date of collection, unless:

  • Legal Obligation: A longer retention period is required or permitted by law
  • User Request: You request deletion of your data earlier (subject to our legal obligations)
  • Legal Claims: The data is necessary for establishing, exercising, or defending legal claims
  • Legitimate Business Purpose: We have an ongoing legitimate business need to retain the information

6.1 Retention Schedule

DATA TYPERETENTION PERIODREASON
Demo Request Information180 days from submissionLead generation and follow-up
Marketing Consent RecordsUntil consent is withdrawn + 30 daysCompliance and documentation
Website Analytics Data90 daysPerformance optimization
Security Logs180 daysSecurity and fraud prevention
Legal/Compliance RecordsAs required by applicable lawRegulatory compliance

6.2 Secure Deletion

After the retention period expires, we securely delete or anonymize your personal information using industry-standard methods to ensure it cannot be reconstructed or identified. This includes:

  • Secure deletion from all production systems
  • Removal from backup systems within the next backup cycle
  • Anonymization of any data required for statistical purposes

You may request early deletion of your personal data by contacting our Grievance Officer. We will honor such requests unless we have a legal obligation to retain the data.

7. Data Security

We implement appropriate technical and organizational security measures consistent with industry standards to protect your personal information, including:

  • Encryption: SSL/TLS encryption for data transmission
  • Data Encryption: Encryption where appropriate
  • Access Controls: Restricted access to personal data on a need-to-know basis
  • Security Protocols: Regular security assessments and updates
  • Employee Training: Staff training on data protection and privacy practices

However, no method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. Your Privacy Rights

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

We may disclose your information only in the following limited circumstances:

  • Legal Obligations: When required by law, regulation, legal process, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets. In such cases, we will provide notice before your personal information is transferred and becomes subject to a different privacy policy
  • Protection of Rights: To protect and defend our rights, property, or safety, or that of our users, customers, or the public, as required or permitted by law
  • With Your Consent: When you have given us explicit permission to share your information
  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you, provided that these parties agree to keep this information confidential and secure

Important: We do not have any automatic data sharing arrangements with third parties. Any sharing is limited, purposeful, and bound by strict confidentiality and data protection obligations.

Depending on your location, you may have the following rights regarding your personal information:

8.1 GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

RIGHTDESCRIPTION
Right to be InformedYou have a right to be informed about the manner in which any of your personal data is collected or used, which we have endeavored to do by way of this Policy.
Right of AccessYou have a right to access the personal data you have provided by requesting us to provide you with a copy of the same.
Right to RectificationYou have a right to request us to amend or update your personal data if it is inaccurate or incomplete.
Right to ErasureYou have a right to request us to delete your personal data (“right to be forgotten”).
Right to RestrictionYou have a right to request us to temporarily or permanently stop processing all or some of your personal data.
Right to ObjectYou have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to us processing your personal data for the purposes of direct marketing.
Right to Data PortabilityYou have a right to request us to provide you with a copy of your personal data in electronic format so you can transmit that personal data for use with another third party’s service.
Right Not to be Subject to Automated Decision-MakingYou have a right to not be subject to a decision based solely on automated decision making, including profiling, which produces legal or similarly significant effects.
Right to Withdraw ConsentYou can withdraw your consent at any time (without affecting prior processing based on consent before withdrawal).
Right to Lodge a ComplaintYou have the right to file a complaint with your local data protection authority if you believe we have violated your privacy rights.

8.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to know what personal information is collected, used, shared, and sold
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Opt-Out: You have the right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: You have the right to non-discrimination for exercising your CCPA/CPRA rights
  • Right to Correct: You have the right to correct inaccurate personal information
  • Right to Limit Use: You have the right to limit the use and disclosure of sensitive personal information

Important Note: Questt AI does not sell any data of its users, customers, or prospects. We assure no discrimination against consumers exercising their right of privacy under CCPA/CPRA. We will not ask for a waiver of privacy rights from California consumers.

8.3 Rights Under Indian Data Protection Laws

If you are located in India, you have rights under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) and the Digital Personal Data Protection Act, 2023 (DPDPA):

RIGHTDESCRIPTION
Right to be Informed and Give ConsentBefore we collect any of your personal data, we will clearly explain what information we need, why we need it, and how we will use it. We collect personal data with your consent or as otherwise permitted under applicable Indian data protection laws, including for legitimate uses and legal obligations.
Right to Access Your DataYou have the right to request access to the personal information we hold about you, including the ability to review and verify its accuracy and completeness.
Right to Correct MistakesIf you find any errors or missing information in your data held by us, you have the right to request corrections. We will take reasonable steps to update your information promptly upon verification of your request.
Right to Withdraw ConsentYou can withdraw your consent for us to process your personal data at any time. Once you withdraw consent, we will stop using your data for the purpose originally agreed upon, unless there’s a legal reason for continued processing.
Right to ErasureYou have the right to request deletion of your personal data, subject to legal requirements for retention.
Right to NominateYou have the right to nominate another person to exercise your rights in case of death or incapacity (under DPDPA).

8.4 Rights for Users in Other Jurisdictions

We respect privacy rights under applicable laws in all jurisdictions where we operate. If you are located in a jurisdiction not specifically mentioned above, please contact us to learn about your rights.

8.5 Exercising Your Rights

To exercise any of these rights, please contact our Grievance Officer at dheeraj@questt.com or using the details provided in Section 13. We will respond to your request within the timeframes required by applicable law:

  • GDPR requests: Within 30 days (may be extended by 2 months in complex cases)
  • CCPA/CPRA requests: Within 45 days (may be extended by an additional 45 days)
  • DPDPA requests: As required under applicable Indian law

Verification: To protect your privacy and security, we may need to verify your identity before processing your request. We may ask for additional information to confirm your identity.

No Fee: Generally, we do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.

If you believe we have used your personal data in violation of your rights or have not responded appropriately to your requests, you may lodge a complaint with your local supervisory authority or data protection regulator.

9. Data Sharing and Disclosure

Children’s Privacy

Our website and services are intended for business professionals and are not directed at individuals under 18 years of age (or under 16 in the EEA, where applicable). We do not knowingly collect personal data from children and will delete such data if discovered.

10. Compelled Disclosure

In addition to the purposes set out in this Policy, we may disclose any data we collected or processed from you if it is required:

  • Under applicable law or to respond to a legal process, such as a search warrant, court order, subpoena, or other judicial or administrative order
  • To comply with national security or law enforcement requirements
  • To protect our safety, your safety, or the safety of others
  • In the legitimate interest of any party in the context of preventing death, imminent bodily harm, or significant property damage
  • If required in connection with legal proceedings brought against Questt AI, its officers, employees, affiliates, customers, or vendors
  • To establish, exercise, protect, defend, and enforce our legal rights and interests

We will notify you of such compelled disclosures unless prohibited by law or court order.

11. Third-Party Links and Services

Our website may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those external websites or services.

We are not responsible for:

  1. The privacy practices of third-party websites
  2. The content or accuracy of third-party services
  3. The security measures employed by external platforms

We strongly encourage you to review the privacy policies of any third-party sites or services you visit or use. Your interaction with third-party websites or services is at your own discretion and risk, and is governed by their respective privacy policies.

12. Grievance Officer

In accordance with applicable data protection laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your privacy concerns.

The name and contact details of our Grievance Officer, whom you may contact if you have any concerns, complaints, feedback, or requests pertaining to this Policy, are as follows:

Grievance Officer Details: Name: Dheeraj Bhavsar Email: dheeraj@questt.com Address: Questt AI, Urban Vault 1666/A, 4th Floor, 14th Main, Sector 3, Sarjapur - Marathahalli Road, HSR Layout, Bengaluru, Karnataka - 560102, India

Response Timeline:

We acknowledge all complaints within 24 hours and aim to resolve them within 30 days of receipt, as required by Indian law.

What to Include in Your Request:

  1. Your full name and contact information
  2. Description of your concern or request
  3. Relevant account or transaction information (if applicable)
  4. Any supporting documentation

13. Data Protection Officer (DPO)

For GDPR-related inquiries, particularly if you are located in the EEA, UK, or Switzerland, you may contact our Data Protection Officer:

Data Protection Officer Details:

Name: Dheeraj Bhavsar Email: dheeraj@questt.com Address: Questt AI, Urban Vault 1666/A, 4th Floor, 14th Main, Sector 3, Sarjapur - Marathahalli Road, HSR Layout, Bengaluru, Karnataka 560102, India

14. Supervisory Authority

14.1 For EEA, UK, and Switzerland Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights under GDPR.

You can find your local supervisory authority contact information at: EU: https://edpb.europa.eu/about-edpb/about-edpb/members_en UK: Information Commissioner’s Office (ICO) - https://ico.org.uk Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

14.2 For India Residents

If you are located in India, you may lodge a complaint with the Data Protection Board of India once it is constituted under the Digital Personal Data Protection Act, 2023.

15. Marketing Communications and Consent Withdrawal

15.1 Marketing Communications

With your explicit consent, we may send you marketing communications including:

  1. Newsletters about our GenAI solutions
  2. Product updates and new feature announcements
  3. Case studies and whitepapers relevant to Retail & Consumer segments
  4. Invitations to webinars, events, and demonstrations
  5. Industry insights and thought leadership content

15.2 How to Opt-Out

You can withdraw your consent for marketing communications at any time by:

  1. Clicking the “unsubscribe” link in any marketing email
  2. Contacting our Grievance Officer at dheeraj@questt.com
  3. Updating your communication preferences (if applicable)
  4. Sending a written request to our registered address

Important: Even if you opt out of marketing communications, we may still send you essential transactional or service-related communications.

16. Do Not Track Signals

We do not track users over time and across third-party websites. Our website does not respond to Do Not Track (DNT) signals as we do not employ tracking technologies, cookies, or behavioral advertising.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

17.1 How We Notify You

We will notify you of material changes by:

  1. Updating the “Last Updated” date at the top of this policy
  2. Posting a prominent notice on our website
  3. Sending an email notification to the address you provided (if available)
  4. Displaying an in-app notification (if applicable)

17.2 Material vs. Non-Material Changes

  • Material Changes: Changes that significantly affect your rights or how we process your data will be notified at least 30 days in advance
  • Non-Material Changes: Minor updates or clarifications may be posted immediately

17.3 Your Acceptance

Your continued use of our website and services after we publish or notify you of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated policy, please discontinue use of our services.

We encourage you to review this Policy periodically to stay informed about how we protect your information.

18. Data Controller Information

Questt AI acts as the data controller for all personal information collected through our website and services.

Data Controller: Dheeraj Bhavsar Entity Name: Questt AI Registered Address: Urban Vault 1666/A, 4th Floor, 14th Main, Sector 3, Sarjapur - Marathahalli Road, HSR Layout, Bengaluru, Karnataka - 560102, India Email: dheeraj@questt.com Phone: +91 9408587404

As the data controller, we are responsible for determining the purposes and means of processing your personal data in accordance with applicable data protection laws.

19. Compliance Frameworks

This Privacy Policy has been designed to comply with multiple international data protection frameworks and regulations:

19.1 Global Compliance

FRAMEWORK / REGULATIONJURISDICTIONKEY REQUIREMENTS ADDRESSED
General Data Protection Regulation (GDPR)European Union, EEA, UK, SwitzerlandEU Regulation 2016/679 - Lawful basis, data subject rights, accountability, data protection by design, cross-border transfers
California Consumer Privacy Act (CCPA)California, USAConsumer rights, transparency, opt-out rights, non-discrimination
California Privacy Rights Act (CPRA)California, USAEnhanced consumer rights, sensitive personal information protections
Digital Personal Data Protection Act (DPDPA)IndiaData Principal rights, consent management, cross-border transfers, data security
Information Technology Act, 2000IndiaReasonable security practices, sensitive personal data protection
IT (Reasonable Security Practices) Rules, 2011IndiaSecurity standards, privacy policies, consent requirements
SOC 2 Type IIInternationalSecurity, availability, processing integrity, confidentiality, privacy controls
ISO/IEC 27001:2022InternationalInformation security management system standards
ISO/IEC 27701:2019InternationalPrivacy information management system standards

19.2 Ongoing Compliance Commitment

We are committed to:

  1. Regularly reviewing and updating our privacy practices
  2. Staying informed about evolving privacy regulations worldwide
  3. Implementing new compliance requirements as they emerge
  4. Conducting periodic privacy impact assessments
  5. Maintaining transparency about our data practices
  6. Ensuring our team is trained on the latest privacy requirements

20. Consent and Acknowledgment

By using our website, requesting a demo, or providing your personal information to Questt AI, you:

  1. Acknowledge that you have read and understood this Privacy Policy in its entirety
  2. Consent to the collection, use, storage, and processing of your personal information as described in this Policy
  3. Understand your rights regarding your personal data and how to exercise them
  4. Agree to the terms and conditions outlined in this Policy

20.1 Withdrawing Consent

You may withdraw your consent at any time by:

  1. Contacting our Grievance Officer at dheeraj@questt.com
  2. Sending a written request to our registered address
  3. Using the opt-out mechanisms provided in our communications

Important: Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. We may continue to process your data if we have another legal basis to do so (such as legal obligation or legitimate interest).

21. Contact Us

For any questions, concerns, requests, or feedback regarding this Privacy Policy or our data practices, please contact us:

General Inquiries

Privacy-Specific Inquiries

*The Grievance Officer handles privacy requests under Indian law, while the Data Protection Officer (DPO) handles GDPR-related matters for individuals in the EEA, UK, and Switzerland.

Mailing Address

Questt AI

Urban Vault 1666/A, 4th Floor

14th Main, Sector 3

Sarjapur - Marathahalli Road, HSR Layout,

Bengaluru, Karnataka - 560102

India

Document Information

Policy Name: Questt AI Privacy Policy

Version: 1.0

Effective Date: January 7, 2026

Last Updated: January 7, 2026

Next Review Date: January 7, 2027

Document Owner: Data Protection Officer, Questt AI

Acknowledgment

We value your privacy and are committed to protecting your personal information. This Privacy Policy reflects our dedication to transparency, security, and compliance with global data protection standards.

If you have any questions or need clarification about any aspect of this Privacy Policy, please do not hesitate to contact us.

Thank you for trusting Questt AI with your information.

Questions about this policy?

We're here to help you understand how we protect your data.

Get in Touch