Skip to main content

Privacy Policy

Last updated: 14 May 2026

This Privacy Policy describes how SkillQuest (“we”, “us”, “our”) collects, uses, and shares personal information when you use the SkillQuest websites and related services (the “Services”), including the SkillQuest product.

SkillQuest is operated from the United Kingdom. This notice is written with UK data protection law (including the UK GDPR and the Data Protection Act 2018) in mind. It is provided for transparency and does not constitute legal advice.

Who we are

The data controller for personal information processed through the Services is the organisation operating SkillQuest under the name SkillQuest (contact: use the channels published on our website, for example the contact or waitlist forms).

Information we collect

We may collect the following categories of information, depending on how you use the Services:

  • Account and profile data — for example name, email address, organisation details, and authentication identifiers when you create or use an account.
  • Pseudonymous visitor and identity graph data — for example sqid, linked email from account, waitlist, or confirm flows, PostHog distinct ids and traits (hashed where applicable), UTM/referrer session attributes, and consent decision history (category, domain, version, timestamp, and source).
  • Waitlist and marketing requests — information you submit when joining a waitlist or requesting updates (such as email, role, or organisation type).
  • Content you provide — text, files, or other materials you upload or generate while using product features (for example learning content, assignments, or chat messages where those features exist).
  • Technical and usage data — such as IP address, device and browser type, approximate location derived from IP, pages viewed, timestamps, and diagnostic logs needed to operate and secure the Services.
  • Support communications — information you send when you contact us or share feedback.

We do not intentionally collect special categories of personal data (such as health data) unless a feature clearly requires it and we tell you separately.

Identity resolution and analytics

When analytics is enabled and you consent, we may: assign a browser continuity cookie (sq_sid); mint or restore a pseudonymous sqid on our servers; link an email address from account, waitlist, or confirm flows to that person record; and configure PostHog so we alias any prior anonymous analytics id to sqid and then identify on sqid. Your email is stored as a person property, not as the primary analytics user id. With analytics consent we may also use session replay (pseudonymous recordings of on-screen interactions via PostHog) to understand product usage and fix issues; replay does not run before you opt in and stops when you revoke analytics consent. Revoking analytics consent stops further capture and clears client identity keys tied to analytics.

How we use your information

We use personal information to:

  • provide, maintain, and improve the Services;
  • authenticate users, enforce security, and prevent abuse;
  • communicate with you about the product, your account, or support requests;
  • comply with legal obligations and respond to lawful requests;
  • analyse usage in aggregated or pseudonymised form to understand product performance (where permitted and configured).

We separate product / transactional notifications (SaaS settings, recorded under our SAAS_NOTIFICATION consent domain) from waitlist or newsletter marketing (WAITLIST_MARKETING, NEWSLETTER_MARKETING). These are not the same as the CMP marketing cookie category.

We process personal information where we have a lawful basis under UK GDPR, typically: performance of a contract with you, legitimate interests (such as securing our systems and improving the product, balanced against your rights), or consent where we rely on it (for example certain optional communications or non-essential cookies, where applicable).

Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies may be set without consent where they are strictly necessary to provide a service you have requested. Optional categories cover preferences (including local storage keys sq-theme and sq-cursor-style), analytics, and marketing.

Before a sqid exists, browser CMP storage (sq_consent / sq:consent:v1) is authoritative for your choices. After sqid exists and we successfully sync, our server consent state is authoritative for site CMP categories unless your browser copy is newer and is reconciled on the next sync.

When you view this notice on our website, you can reopen optional cookie categories using Manage cookie settings above (and via footer links or your account menu where we surface them).

How we share information

We may share personal information with:

  • Service providers who process data on our instructions (for example hosting, email delivery, database, error monitoring, or PostHog for analytics when enabled, including EU hosting where configured), subject to appropriate contractual safeguards;
  • professional advisers where required (for example lawyers or accountants);
  • authorities when we believe disclosure is required by law or to protect rights, safety, or security.

We do not sell your personal information in the conventional sense of “selling” data for money.

International transfers

Where we use providers outside the UK, we implement appropriate safeguards (such as the UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses) where required by law.

Retention

We retain personal information only as long as needed for the purposes described in this policy, unless a longer period is required by law. Retention periods depend on the type of data and whether you maintain an active account. We keep an append-only consent decision audit trail and a materialised consent state per person; waitlist signup marketing fields may be cached alongside the ledger. On account deletion we redact or remove consent row personal data where appropriate.

Your rights

Depending on your situation, you may have the right to:

  • access, correct, or delete your personal information;
  • restrict or object to certain processing;
  • withdraw consent where processing is based on consent (including via the CMP, waitlist unsubscribe, SaaS notification settings, or account deletion requests);
  • lodge a complaint with the UK Information Commissioner’s Office (ICO) or another supervisory authority.

To exercise these rights, contact us using the details published on our website. Some requests can also be fulfilled from in-product account settings where available.

Security

We implement technical and organisational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage strong passwords and safe handling of your credentials.

Children

The Services are not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

Changes

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate, and may trigger a consent re-prompt when the CMP or policy version changes.

Contact

For privacy-related questions, contact us via the contact options shown on our website.