Create Free Account

Effective date: April 23, 2026

Last updated: April 23, 2026

1. About this policy

This Privacy Policy explains how Sameru Arts, Inc., an Ontario, Canada corporation operating as “Side Quest” (“Side Quest,” “Sidequest,” “we,” “us,” or “our”), collects, uses, discloses, and safeguards personal information when you visit sidequestgo.com (the “Site”), create an account, or subscribe to our merchant services (collectively, the “Services”).

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

Data controller:
Sameru Arts, Inc. (operating as “Side Quest”)
215 Niagara St #100, Toronto, ON M6J 2L2, Canada
Privacy contact: [email protected]

2. Who can use the Services (age requirement)

The Services are intended for users who are at least eighteen (18) years old. We do not knowingly collect personal information from anyone under 18. If we learn we have inadvertently collected such information, we will delete it promptly. Parents or guardians who believe their minor child has provided us with personal information may contact us at [email protected].

3. Information we collect

3.1 Information you provide to us

  • Account information: name, email address, username, password (stored in hashed form), and, for merchants, business name, business address, business phone, and website.
  • Subscription and billing information: plan selected, subscription status, billing history, and the last four digits and expiry of the payment method used. Full card numbers and bank details are collected and stored by our payment processors (Stripe and PayPal) and are never stored on our servers.
  • Merchant listing content: information you submit to appear as a quest stop, “Ad” location, or destination, including business descriptions, images, opening hours, geographic coordinates, and any other content you upload.
  • Communications: messages you send us through contact forms, email, or support requests.

3.2 Information collected automatically

  • Device and log data: IP address, browser type and version, operating system, referring/exit pages, timestamps, and diagnostic data.
  • Usage data: pages viewed, features used, quests interacted with, and similar activity within the Services.
  • Approximate location data: the Services may derive an approximate location from your IP address for regional features and security. We do not collect precise GPS location from your device unless you explicitly grant browser permission while using a feature that requires it.
  • Cookies and similar technologies: see Section 8 below.

3.3 Information from third parties

  • Payment processors: Stripe and PayPal send us transaction outcomes, subscription status changes, and limited billing metadata necessary to operate your account.
  • Anti-abuse services: Google reCAPTCHA v3 provides us with risk scores and abuse signals related to form submissions.
  • Analytics and advertising partners: we may receive aggregated reporting from analytics providers (e.g., Google Analytics) and advertising platforms (e.g., Meta/Facebook).

4. How we use your information

We use personal information to:

  • Provide, operate, and maintain the Services, including creating and managing your account and merchant listings;
  • Process subscription payments, renewals, refunds (where applicable), and send receipts and billing notices;
  • Deliver transactional emails, service announcements, and security alerts;
  • Send marketing communications about new features, promotions, and related offerings where permitted by law and, where required, with your consent (you may opt out at any time);
  • Personalize the Services, including displaying merchant listings based on geographic region;
  • Monitor, investigate, and prevent fraud, abuse, spam, and security incidents;
  • Comply with legal obligations, enforce our Terms and Conditions, and protect our rights and the rights of others;
  • Perform analytics to improve the Services and understand usage patterns;
  • Undertake other purposes disclosed at the time of collection or for which you have given your consent.

5. Legal bases for processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to provide the Services you have subscribed to and to process payments.
  • Legitimate interests — to secure our platform, prevent fraud, analyze usage, and promote our Services, provided these interests are not overridden by your rights.
  • Consent — for optional cookies, direct marketing where required, and any processing of sensitive information. You may withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other laws.

6. How we share information

We do not sell personal information for money. We share information only as described below:

6.1 Service providers and processors

We share information with vendors who process data on our behalf under written agreements requiring appropriate safeguards:

  • Stripe, Inc. — payment processing. See Stripe’s privacy policy.
  • PayPal Holdings, Inc. — payment processing. See PayPal’s privacy policy.
  • Google LLC (reCAPTCHA v3) — bot and abuse detection. Use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service.
  • Google LLC (Google Analytics) — aggregated usage analytics.
  • Meta Platforms, Inc. — advertising measurement and retargeting (Meta Pixel), where deployed.
  • Email delivery and marketing providers — for transactional and promotional email.
  • Hosting, backup, and technical infrastructure providers — to run the Services.
  • OpenStreetMap / Nominatim — geocoding of addresses submitted for listings.

6.2 Legal and safety disclosures

We may disclose information when we believe in good faith that disclosure is necessary to comply with a legal obligation, respond to lawful requests from public authorities, enforce our Terms and Conditions, protect our rights or property, or protect the personal safety of users or the public.

6.3 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of all or part of our assets, personal information may be transferred as part of that transaction. We will notify affected users where required by law.

6.4 With your direction

We share content you choose to publish publicly (e.g., merchant listings) with site visitors and other users as you intend.

7. International data transfers

We are based in Canada, and our service providers may process data in Canada, the United States, the European Economic Area, the United Kingdom, and other countries. Where we transfer personal information out of the EEA, UK, or Switzerland to a country not recognized as providing an adequate level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms.

8. Cookies and similar technologies

We and our service providers use cookies, pixels, local storage, and similar technologies to operate the Site, keep you signed in, remember preferences, analyze usage, and measure the effectiveness of marketing. Categories we use include:

  • Strictly necessary — required for the Site and login to function.
  • Functional — remember preferences and settings.
  • Analytics — measure traffic and feature usage (e.g., Google Analytics).
  • Advertising — support retargeting and campaign measurement (e.g., Meta Pixel).

You can control cookies through your browser settings. Where required by law, we will present a cookie banner enabling you to accept or reject non-essential categories.

9. How long we keep information

We retain personal information for as long as your account is active and for as long as needed to provide the Services, comply with legal obligations (such as tax and accounting rules, typically six to seven years in Canada), resolve disputes, and enforce our agreements. When we no longer need personal information, we will delete or anonymize it.

10. How we protect information

We use administrative, technical, and physical safeguards designed to protect personal information, including TLS encryption in transit, hashed passwords, access controls, and regular software updates. No method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential.

11. Your privacy rights

Subject to applicable law and verification of your identity, you may have the rights described below. To exercise any right, email [email protected]. We will respond within the time required by applicable law (generally 30 days in Canada and 45 days in California; GDPR requests are responded to within one month, extendable by two additional months for complex requests).

11.1 Canada (PIPEDA and Québec Law 25)

If you are in Canada, you may:

  • Access the personal information we hold about you;
  • Request correction of inaccurate or incomplete information;
  • Withdraw consent where processing is based on consent (subject to legal or contractual limits);
  • If you are in Québec, request that your personal information be communicated in a structured, commonly used technological format (data portability) and request de-indexing where legally applicable.

Our Privacy Officer can be reached at [email protected]. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, for Québec residents, the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).

11.2 California residents (CCPA/CPRA)

If you are a California resident, subject to verification you have the right to:

  • Know the categories and specific pieces of personal information we have collected about you, the sources, the purposes of collection, and the categories of third parties with whom we share information;
  • Request deletion of your personal information, subject to exceptions permitted by law;
  • Correct inaccurate personal information we maintain about you;
  • Opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information for money. Where our use of advertising cookies (e.g., Meta Pixel) constitutes “sharing” under the CPRA, you may opt out by emailing us or using a Global Privacy Control (GPC) signal;
  • Limit the use of sensitive personal information (note: we do not use sensitive personal information for purposes that require this right to apply);
  • Be free from unlawful discrimination for exercising any of these rights.

You may submit a request by emailing [email protected]. You may use an authorized agent; we will require written proof of authorization. We retain personal information for the periods described in Section 9.

Categories collected in the last 12 months (CCPA categories): identifiers; customer records; commercial information; internet or other electronic network activity; geolocation data (approximate); inferences. We have not knowingly sold personal information for money in the last 12 months. We may have “shared” identifiers and online activity for cross-context behavioral advertising where advertising cookies are active.

11.3 EEA, UK, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, you have the rights to access, rectification, erasure, restriction of processing, portability, and objection, as well as the right to withdraw consent and the right to lodge a complaint with your local supervisory authority (for UK residents, the Information Commissioner’s Office — ico.org.uk).

12. Automated decision-making

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing. Anti-abuse tools such as reCAPTCHA may use automated scoring, but a human reviews any account decision that results from a flagged signal.

13. Do Not Track

Our Site does not currently respond to browser “Do Not Track” signals. We honour Global Privacy Control (GPC) signals where legally required as an opt-out of “sale” or “sharing” under the CPRA.

14. Third-party links

The Services may contain links to third-party websites, including merchant websites, payment processors, and social platforms. This Privacy Policy does not apply to those sites. We encourage you to read their privacy policies before providing any information.

15. Data breaches

In the event of a personal data breach likely to result in a real risk of significant harm (Canada) or a risk to the rights and freedoms of natural persons (EEA/UK), we will notify affected individuals and competent authorities as required by applicable law.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes we will post the updated policy on this page with a revised “Last updated” date and, where required by law, notify you directly. Your continued use of the Services after the changes take effect constitutes acceptance of the revised policy.

17. How to contact us

Questions about this Privacy Policy or our privacy practices can be sent to:

Sameru Arts, Inc. (Side Quest) — Privacy Officer
215 Niagara St #100, Toronto, ON M6J 2L2, Canada
Email: [email protected]

Turn wherever you are into
an adventure.

Experiences

Weekenders

Quests

Challenges

Epics

Company

About Us

Contact Us

Legal

Privacy Policy

Terms and Conditions

© 2026 Sameru Arts, Inc. All rights reserved.

Privacy Policy

Terms and Conditions

Contact Us