Privacy Policy

The Short Version

UnQuest is designed from the ground up to never access your data. All AI inference, document processing, and knowledge graph operations happen entirely on your device. We have no servers that process your content, no analytics that capture your prompts, and no way to read your documents. This is an architectural guarantee, not just a policy.

1. Who We Are

UnQuest is developed by Rakesh Roushan (“we,” “us,” “our”). This privacy policy applies to the UnQuest mobile application (“the App”) and the website at unquest.ai (“the Website”). For questions about this policy, contact us at hello@unquest.ai.

2. Data We Do Not Collect From the App

The following data categories are processed and stored exclusively on your device. We never receive, access, transmit, or store any of the following:

• Your documents, PDFs, images, or scanned content
• Your prompts, questions, or AI-generated responses
• Your conversation history or chat metadata
• Your vector embeddings or knowledge graph data
• Cross-conversation memory facts extracted by the AI
• Content shared into the app via the Share Extension
• Voice recordings or speech-to-text transcriptions
• Agent tool inputs, outputs, or execution logs
• Saved prompts or prompt library content
• Your device identifiers, IP address, or location

This data is encrypted with AES-256-GCM on your device with encryption keys stored in the iOS Keychain (backed by the Secure Enclave on supported devices). We cannot decrypt this data even if compelled to, because we do not possess the keys.

3. Data We Do Not Collect — Analytics and Telemetry

UnQuest contains zero first-party or third-party analytics SDKs. We do not use Firebase Analytics, Amplitude, Mixpanel, Segment, Google Analytics, Facebook SDK, Adjust, AppsFlyer, or any similar service. We do not collect:

• App open events or session durations
• Feature usage counts or screen views
• Performance metrics or model load times
• Advertising identifiers (IDFA) or device fingerprints
• Push notification tokens (we do not send push notifications)

The only crash reporting available is Apple's built-in system, which you control via iOS Settings > Privacy & Security > Analytics & Improvements. This data goes to Apple, not to us. We may view anonymized, aggregated crash reports through App Store Connect if you have opted into sharing with developers.

4. Network Requests Made by the App

The App makes network requests only in these scenarios:

• AI model downloads — When you explicitly choose to download a model, the App fetches it from Hugging Face (huggingface.co). The request contains only the model URL. No user data, device identifiers, or content is transmitted.
• Share Extension URL fetch — If you share a web URL into UnQuest, the App may fetch the page content to extract text for on-device processing. The HTTP request contains only the URL and standard browser headers. No user data is included.
• App Store updates — iOS checks for app updates via the App Store. This is handled by the operating system, not by the App.

All AI inference, document processing, embedding generation, vector search, and memory extraction happen entirely on-device with zero network calls. The App functions fully offline once a model is downloaded.

5. On-Device Data Storage

All data is stored locally on your device in the following locations:

• SQLite database (encrypted) — conversations, messages, document metadata, chunk data, saved prompts, and memory facts
• Vector index — document embeddings for semantic search (stored in app sandbox)
• Model files — GGUF model files in the app's Documents directory
• App Group container — temporary shared data from the Share Extension, cleared after processing

All databases are encrypted using AES-256-GCM. Encryption keys are stored in the iOS Keychain and are protected by your device passcode and biometric authentication (Face ID / Touch ID).

6. Cross-Conversation Memory

The App can automatically extract facts about you from your conversations (e.g., “User prefers dark mode” or “User works in healthcare”). This feature:

• Runs entirely on your device using the local AI model
• Stores extracted facts only in the local encrypted database
• Never transmits memory data to any server
• Gives you full control: you can view, edit, confirm, or delete any memory from the Memories screen at any time
• Auto-expires unconfirmed memories after 30 days

7. Share Extension

When you share content from other apps (PDFs, images, text, URLs) into UnQuest, the shared data is written to a local App Group container on your device. The main app processes this data on-device and then clears the shared container. At no point does shared content leave your device.

8. Website Data (unquest.ai)

The UnQuest website is hosted on Cloudflare Workers. We collect the following data through the website:

• Waitlist emails — If you sign up for the waitlist, we store your email address in Cloudflare KV to notify you of the app launch. This is the only personal data we collect anywhere.

The website does not use cookies, local storage, or any tracking scripts. Cloudflare may log standard web server metrics (IP addresses, request timestamps) as part of its infrastructure; this is governed by Cloudflare's Privacy Policy.

9. Third-Party Services

The App and Website interact with the following third parties:

• Hugging Face — CDN for downloading AI model files. No user data transmitted. Subject to Hugging Face's Privacy Policy.
• Apple App Store — App distribution, in-app purchases, and crash reporting (opt-in). Subject to Apple's Privacy Policy.
• Cloudflare — Website hosting and waitlist email storage. Subject to Cloudflare's Privacy Policy.

We do not use any advertising networks, analytics services, or social media SDKs.

10. Data Retention and Deletion

App data: All data persists on your device until you delete it. You can delete individual conversations, documents, memories, or prompts from within the app. Uninstalling the app permanently deletes all app data, including the encrypted database, vector indexes, and downloaded models. There is no cloud backup and no way for us to recover deleted data.

Waitlist emails: We retain your email address until the app launches and initial notifications are sent, after which emails are deleted. You can request immediate deletion at any time by emailing hello@unquest.ai.

11. Your Rights (GDPR, CCPA, and Other Regulations)

Because we do not collect or process personal data from the App, most data protection rights (access, rectification, portability, restriction) are not applicable to app usage — there is nothing for us to provide, correct, or transfer because we never had your data.

For the website waitlist, you have the right to:

• Access — Request confirmation of whether we hold your email address
• Deletion — Request immediate deletion of your email from our waitlist
• Objection — Object to receiving waitlist communications
• Portability — Request a copy of your email data in a standard format

To exercise any of these rights, email hello@unquest.ai. We will respond within 30 days.

California residents (CCPA): We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes other than those disclosed here.

EU/EEA residents (GDPR): The legal basis for processing your waitlist email is consent (Article 6(1)(a) GDPR), which you provide when you submit the waitlist form. You may withdraw consent at any time.

12. Children's Privacy

UnQuest is not directed at children under 16. We do not knowingly collect personal information from children under 16. Since the App collects no personal information from any user, there is no children's data at risk. The website waitlist requires an email address, which we assume belongs to an individual aged 16 or older. If you believe a child under 16 has submitted an email to our waitlist, contact us at hello@unquest.ai and we will delete it immediately.

13. International Data Transfers

App data never leaves your device, so no international transfer occurs. Waitlist email addresses are stored on Cloudflare's global infrastructure. Cloudflare maintains appropriate data transfer mechanisms including Standard Contractual Clauses for EU data.

14. Data Security

On-device data is protected by:

• AES-256-GCM encryption for all stored data
• iOS Keychain for encryption key storage (Secure Enclave backed)
• iOS App Sandbox isolation (apps cannot access each other's data)
• Device passcode / biometric protection
• No network transmission of content data

Website waitlist data is protected by Cloudflare's enterprise-grade infrastructure, including encryption in transit (TLS) and at rest.

15. Future Features

We may offer optional encrypted sync via Apple's CloudKit private database in the future. This would use your personal iCloud storage with end-to-end encryption. We would have no access to synced data. This feature will be opt-in and this policy will be updated before its release.

16. Changes to This Policy

We will update this page when this policy changes. For material changes — especially any that would alter our data collection practices — we will notify users via the App and post a prominent notice on the Website at least 30 days before the changes take effect. Our core commitment, that your content never leaves your device, is an architectural constraint that cannot change without rebuilding the App from scratch.

17. Contact

For privacy-related inquiries, data deletion requests, or complaints:

• Email: hello@unquest.ai
• Response time: within 30 days

If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.