VSITEM Privacy Policy

Effective date: 2025-10-17

This Privacy Policy (the “Policy”) applies to the website and services vsitem.com (the “Service”) operated by Quester Inc. (the “Company,” “we,” or “us”). It explains the purposes for which and the ways in which we process users’ personal information.

1. Controller Information

• Operator (Legal Name): Quester Inc.
• Department: Privacy Team
• Email (for privacy inquiries): support@quester.app

2. Personal Data We Collect

1. Account Information: Email, password (hash value), nickname, profile image, social login identifiers (where applicable)
2. Content/Activity Information: Comparison creation/edit history, comments/feedback, bookmarks, reports
3. Technical/Log Information (collected automatically): Access timestamps, IP address, cookies, device/browser information, referrer URL, advertising identifiers
4. Customer Support: Inquiry details, contact information, attachments
5. Payment/Billing (if paid features are introduced): Payment method identifiers (tokenized), billing information, transaction history

3. How We Collect Personal Data

• Entered directly by users during registration and use of the Service
• Collected automatically during use (cookies/similar technologies, logs)
• Collected in the course of customer support

4. Purposes of Processing

• Creating/authenticating accounts and providing core Service functions
• Providing product comparison/recommendation results and enhancing personalized features
• Service improvement, statistics, and analytics (including quality management and troubleshooting)
• Security and fraud prevention (spam/bot detection, access control)
• Responding to inquiries and sending notices/alerts
• (Optional) Marketing, promotions, and events
• Complying with legal obligations and responding to disputes

5. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies for Service delivery, analytics, and advertising.

• Strictly Necessary Cookies: Essential for login, security, and session continuity
• Analytics Cookies (optional): Used to analyze usage patterns and improve the Service
• Advertising Cookies (optional): Used to provide interest-based advertising (personalized or non-personalized)

Users can refuse or delete cookies via their browser settings; however, doing so may limit the use of certain features.

6. Advertising & Third-Party Cookies (e.g., AdSense)

We may implement code from third-party advertising partners such as Google AdSense. These partners may use cookies and mobile advertising IDs to deliver, measure, and optimize ads. Users can manage preferences for personalized ads via the links below.

• Google Ad Settings: https://adssettings.google.com/
• AdChoices (US/Canada): https://www.aboutads.info/choices
• YourOnlineChoices (EU): https://www.youronlinechoices.eu/

For users in the EEA/UK, we may request prior consent for the use of advertising and analytics cookies via a consent-management banner.

7. Analytics Tools

We may use analytics tools such as Google Analytics. These tools use log information (e.g., IP addresses, which may be masked) to analyze Service usage. The servers of analytics providers may be located outside your country. When used, we will inform users about how these tools operate and how to opt out or block them.

8. Retention Periods

• Account Information: Deleted without undue delay upon account deletion (and then removed from backup systems sequentially within a defined period)

• Statutory Retention (where applicable):

  • Records of contracts, withdrawals, payments, and supply of goods/services: 5 years (Electronic Commerce Act)
  • Records of consumer complaints/dispute resolution: 3 years (Electronic Commerce Act)
  • Records of advertisements/labels: 6 months (Electronic Commerce Act)
  • Access logs: 3 months (Protection of Communications Secrets Act)

• We delete personal data without undue delay once the retention period has expired or the processing purpose has been achieved.

9. Third-Party Disclosure and Entrusted Processing (Subprocessors)

• Third-Party Disclosure: We disclose personal data only when required by law or with the user’s consent.
• Entrusted Processing: We may entrust certain operations—such as cloud/hosting, notifications, payment processing, analytics, or advertising—to service providers. We will disclose the name of each provider, the scope of work, and the retention period.

10. International Data Transfers

Our cloud infrastructure and the servers of analytics/advertising partners may be located outside your country. We will notify users of the items transferred, destination countries, transfer date/method, and retention/use periods in accordance with applicable laws.

11. Security Measures

• Access control and least-privilege management; enforcement of password policies
• Encryption (TLS in transit; one-way hashing of passwords, etc.)
• Logging, monitoring, and incident response
• Physical access controls and backup/restore systems

12. Children’s Personal Data

As a rule, users under the age of 14 are not permitted to register. If we determine that a child’s personal data has been collected, we will delete it without undue delay.

13. Your Rights

Users (and legal guardians, where applicable) may request access, correction, deletion, restriction of processing, and withdrawal of consent at any time. Please submit requests to the contact information in Section 1, and we will act without undue delay as required by law.

14. Automated Decision-Making

The Service may include certain automated processing, such as recommendations or scoring. We design such features so they do not produce legal or similarly significant effects on users.

15. Notice and Changes

If we amend this Policy, we will provide advance notice via in-Service announcements or email (at least 7 days before the effective date for material changes, or 30 days if the changes significantly affect users’ rights).