Legal
Privacy Policy
Last updated: 9 June 2026
TravelQuest by Qlear is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights in relation to it. It applies to all users of the TravelQuest by Qlear platform, including trip organisers and buddies.
1. Who We Are and How to Contact Us
TravelQuest by Qlear ("TravelQuest", "we", "us", "our") is an independent software project operated by a single individual under the Qlear name. Qlear is not a registered company, business, or legal entity of any kind. For the purposes of applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, TravelQuest by Qlear is operated by an individual who acts as the data controller in respect of your personal data.
If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, you may contact us at:
Email: hello@qlear.co.uk
2. Personal Data We Collect
We collect personal data in the following categories:
2.1 Data You Provide Directly
| Data | Who Provides It | When |
|---|---|---|
| Full name | Organisers and buddies | Account registration or first sign-in |
| Email address | Organisers and buddies | Account registration or first sign-in |
| Trip details (title, location, dates, budget) | Organisers | When creating a trip |
| Expense records (title, amounts, descriptions) | Organisers | When logging expenses |
| Contribution references and amounts | Buddies | When submitting a top-up |
| Inflow descriptions and notes | Organisers | When recording manual inflows |
| Document uploads (where enabled) | Organisers and buddies | When uploading trip documents |
2.2 Data Generated Through Your Use of the Platform
- Transaction records, wallet balance history, and approval/rejection logs associated with your account;
- Timestamps and activity records relating to account and trip actions;
- Device and browser information (type, operating system, viewport size) collected passively for operational purposes.
2.3 Data We Do Not Collect
We do not collect payment card details, bank account numbers, government identification, or any sensitive personal data as defined under Article 9 of the UK GDPR. We do not collect or store passwords.
3. How and Why We Use Your Personal Data
We rely on the following legal bases under the UK GDPR to process your personal data:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Contract (Art. 6(1)(b)) — necessary to provide the service |
| Authenticating you via one-time email codes | Contract (Art. 6(1)(b)) |
| Displaying trip, expense, and wallet data to authorised users | Contract (Art. 6(1)(b)) |
| Sending transactional emails (sign-in codes, contribution notifications, approvals) | Contract (Art. 6(1)(b)) |
| Maintaining security, preventing fraud, and enforcing our Terms of Service | Legitimate interests (Art. 6(1)(f)) — to protect users and the platform |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Improving the platform through aggregated, anonymised usage analysis | Legitimate interests (Art. 6(1)(f)) |
We will not use your personal data for purposes that are incompatible with those described in this policy without first obtaining your consent.
4. Data Shared Within the Platform
TravelQuest by Qlear is a collaborative platform and certain data is visible to other authorised users as a core part of the service:
- Organisers can see the full name, wallet balance, transaction history, and document submissions of all buddies in their trip;
- Buddies can see their own wallet balance and transaction history. Depending on trip settings, they may also see aggregated expense information;
- Your display name appears on transaction records visible to other trip members.
By joining or creating a trip on TravelQuest by Qlear, you acknowledge and consent to this visibility as necessary to the functioning of the platform.
5. Third-Party Data Processors
We use the following third-party service providers who process personal data on our behalf under appropriate data processing agreements:
| Provider | Purpose | Data Processed |
|---|---|---|
| Google Firebase (Firestore) | Cloud database storage | All platform data including names, email addresses, trips, transactions |
| Resend | Transactional email delivery | Name, email address, and relevant notification content |
| Netlify | Frontend hosting and delivery | IP address and request metadata (standard server logs) |
We do not sell your personal data to any third party. We do not share your data with third parties for advertising, marketing, or profiling purposes.
6. International Data Transfers
Some of our third-party processors (including Google Firebase and Resend) may process your data on servers located outside the United Kingdom or European Economic Area. Where such transfers occur, we ensure they are conducted with appropriate safeguards, including reliance on the UK Government's adequacy decisions or the International Data Transfer Agreement (IDTA) as applicable.
You can obtain further information about the safeguards in place by contacting us at the address in Section 1.
7. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this policy, and in accordance with our legal obligations. Our standard retention periods are:
- Account data (name, email): retained for the duration your account is active, and for up to 12 months following account deletion or inactivity, to allow for dispute resolution;
- Trip and transaction records: retained for up to 3 years from the end of the trip to which they relate, in case of financial disputes;
- Authentication logs: retained for up to 6 months for security purposes;
- Uploaded documents: retained until deleted by the organiser or for up to 12 months following account deletion.
After the applicable retention period, your data will be securely deleted or anonymised. You may request earlier deletion — see Section 8 for your rights.
8. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at hello@qlear.co.uk. We will respond within one calendar month.
| Right | What It Means |
|---|---|
| Right of access | You may request a copy of the personal data we hold about you. |
| Right to rectification | You may ask us to correct inaccurate or incomplete personal data. |
| Right to erasure | You may ask us to delete your personal data where there is no compelling reason for us to continue processing it. This right is not absolute and may be subject to our legal obligations. |
| Right to restrict processing | You may ask us to pause processing of your data in certain circumstances, for example while a dispute is resolved. |
| Right to data portability | You may request your data in a structured, machine-readable format where we process it on the basis of contract or consent. |
| Right to object | You may object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests. |
| Right to withdraw consent | Where we rely on your consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal. |
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's supervisory authority for data protection — at ico.org.uk or by calling 0303 123 1113.
9. Data Security
We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, accidental loss, alteration, or disclosure. These measures include:
- Authentication via one-time codes sent to your registered email address — we do not store passwords;
- Encrypted data transmission over HTTPS;
- Role-based access controls within the platform, ensuring users can only access data they are authorised to see;
- Restricted access to production systems and databases.
Whilst we take reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and you use the platform at your own risk in this regard.
10. Cookies and Local Storage
TravelQuest by Qlear uses browser local storage to maintain your authenticated session between visits. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Our use of local storage is strictly necessary for the platform to function. You may clear your browser's local storage at any time, which will sign you out of the platform.
11. Children's Privacy
TravelQuest by Qlear is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a person under 18 without appropriate parental consent, we will take steps to delete that data promptly. If you believe a child under 18 has provided personal data to TravelQuest by Qlear, please contact us immediately.
12. Links to Third-Party Sites
The platform may, from time to time, contain links to external websites or services. This Privacy Policy applies solely to TravelQuest by Qlear. We are not responsible for the privacy practices of any third-party site and encourage you to review the privacy policy of any website you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. Where required by law, we will provide more prominent notice or seek your consent. Your continued use of TravelQuest by Qlear after any changes are posted constitutes your acceptance of the revised policy.
14. How to Contact Us
For any privacy-related questions, requests to exercise your rights, or concerns about how we handle your data, please contact:
TravelQuest by Qlear — Privacy
Email: hello@qlear.co.uk
We will acknowledge your request within 72 hours and respond in full within one calendar month.