Privacy Policy

Sidequest is a campus quest marketplace built for UCLA students. This policy explains what data we collect, why we collect it, and how we keep it safe. We believe in collecting only what we need to make the platform work.

Account information

When you create an account, we collect:

• Name: displayed on your profile and quests
• Email address: used for login, notifications, and account recovery
• Profile image: optional, displayed on your profile
• Major: optional, helps match you with relevant quests
• Courses: the UCLA courses you list on your profile for quest matching
• Skills: skills you list to help match you with relevant quests

Authentication data

We store authentication-related data including session tokens, OAuth provider identifiers (e.g. Google account ID), access tokens, and refresh tokens to keep you securely signed in. We also record your IP address and user agent (browser/device info) for each session for security purposes.

Quest and transaction data

When you use the marketplace, we store:

• Quests you post: title, description, required courses/skills, and credits offered
• Quests you take: which quests you accept and their completion status
• Bids: bid amounts and timestamps when you bid on open quests
• Credits balance: your current credit balance on the platform

Reviews

After a quest is completed, users can leave reviews. We store the rating (numeric), written comment, and the identities of both the reviewer and the person being reviewed.

Notifications

We generate and store notifications related to your activity: such as new bids on your quests, quest status changes, and other platform updates. These include read/dismissed status and timestamps.

• Operating the marketplace: matching users with quests, processing bids, managing credits
• Authentication: verifying your identity and maintaining secure sessions
• Notifications: keeping you informed about quest updates and platform activity
• Trust & safety: detecting fraud, enforcing community rules, and resolving disputes
• Improving the platform: understanding usage patterns to build better features

We do not sell your personal data. Information visible to other users is limited to your public profile (name, image, courses, skills, reviews). We may share data with:

• Service providers: hosting (Vercel), database (Neon), and authentication providers that help us run the platform
• Legal compliance: when required by law, subpoena, or to protect safety

We retain your account data for as long as your account is active. Session data is automatically cleaned up after expiration. If you delete your account, we remove your personal information, though anonymized quest and review data may be retained for platform integrity.

You can:

• Access and download your personal data
• Correct inaccurate information on your profile
• Delete your account and associated data
• Opt out of non-essential notifications

To exercise these rights, contact us.

We use industry-standard measures to protect your data, including encrypted connections (TLS), hashed passwords, secure token storage, and access controls. Sessions include IP and device tracking to detect unauthorized access.

We may update this policy from time to time. We’ll notify you of significant changes through the platform or via email. Continued use of Sidequest after changes constitutes acceptance.