This Privacy Policy explains how Requset ("we", "us") collects, uses, discloses, and protects personal information when you use our marketing websites, the Requset web application, and related services (the "Service"). Requset is operated from Sri Lanka; the Service is available to teams worldwide. The product is built around workspaces: teams configure templates, run request and approval workflows, upload files, and may use optional AI-assisted features. For contractual terms, see our Terms of Service.
1. Scope
This Policy applies to personal information we process as a controller or processor in connection with the Service. It does not govern third-party sites or services that we link to but do not operate. If you use Requset as part of your job, your employer may have additional policies.
2. Information we collect
We collect the following categories of information:
- Account and profile: name, email address, username, password or OAuth tokens (handled by our authentication provider), profile details you choose to add, and workspace membership and role.
- Workspace and product content ("Customer Data"): data you or your users enter into the Service—such as template definitions, form responses, requests, comments, approval actions, file attachments, and integration-related configuration. This may include personal information about your colleagues or third parties you choose to collect through your workflows.
- Usage and technical data: IP address, device and browser type, approximate location derived from IP, log and diagnostic data, and in-product events we use to operate and improve the Service.
- Billing: billing contact details, plan and seat information, and payment metadata processed by our payment processor (we do not store full payment card numbers on Requset infrastructure).
- Support and communications: messages you send us (for example via contact forms or email), including any attachments.
- Cookies and similar technologies: as described in our Cookie Policy.
3. How we use information
We use personal information to:
- Provide, operate, and secure the Service (authentication, workspaces, templates, requests, notifications, billing, and support).
- Improve and develop features, including usage analytics in aggregated or de-identified form where appropriate.
- Send service-related notices, security alerts, and (where permitted) product updates.
- Enforce our Terms, prevent abuse, and comply with legal obligations.
- Provide AI-powered functionality when you or your workspace use it, as described below.
We do not sell your personal information.
4. How we share information and subprocessors
We share personal information with vendors that process data on our behalf to run the Service—such as cloud hosting, authentication, database and file storage, email delivery, payment processing, and optional analytics or AI inference. A current list appears on our Subprocessors page. We may also share information:
- With other users in your workspace where needed to operate shared features (for example showing a request to assigned approvers).
- With professional advisers, regulators, or law enforcement when required by law or to protect rights, safety, and integrity.
- In connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.
5. AI processing
When you use AI features (such as assisted drafting, summarization, or chat), relevant prompts, template or request content, and context you provide are sent to our AI backend, which runs on Microsoft Azure (including our Python-based AI application). Large language model inference is performed through Microsoft Foundry (Azure AI services) as configured for our deployment. Do not submit secrets or regulated data you are not allowed to share with Microsoft or other subprocessors. Outputs are probabilistic—you should review before relying on them. See Subprocessors for details.
6. Security
We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
7. Data retention
We retain personal information for as long as your account or workspace is active and as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Retention periods may differ by data category; contact us for workspace-specific questions.
8. Your choices
You may update certain profile information in the app, manage workspace settings if you are an admin, and adjust cookie preferences where offered (see our Cookie Policy). You may opt out of non-essential marketing emails using unsubscribe links where present.
9. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, or restrict processing of your personal information, or to object to certain processing. To exercise rights, contact us at the address below. We may need to verify your request and may decline where permitted by law (for example to preserve another person's rights or meet legal obligations).
10. International transfers
We operate from Sri Lanka and serve customers globally. Personal information may be processed and stored in Sri Lanka, the United States, the European Economic Area, the United Kingdom, and other regions where our subprocessors maintain facilities (including, for example, the region configured for Supabase, Azure, and content delivery networks). If we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as standard contractual clauses where required.
11. Children
The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.
12. Changes to this Policy
We may update this Policy from time to time. We will revise the "Last updated" date and, where required, provide additional notice.
13. Contact
Privacy questions or requests: privacy@requset.com. General support: support@requset.com.
Last updated April 2, 2026. Questions? support@requset.com