Your privacy matters to us

Last updated: 03 June 2026 — This policy explains how Quizly collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller
The data controller responsible for your personal data is Quizly. If you have questions about how your data is processed, please contact us at [email protected].
2. Data We Collect

We collect the following categories of personal data:

  • Identity Data: Name, username, profile photo, date of birth, gender.
  • Contact Data: Email address, phone number, postal address.
  • Account Data: Password (hashed), role, status, registration date.
  • Usage Data: Quiz attempts, scores, badges earned, coins, leaderboard rank.
  • Transaction Data: Orders, payments, invoices.
  • Technical Data: IP address, browser type, device information, cookies.
  • Communications: Support messages, notifications.
3. Legal Basis for Processing
  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our quiz platform services.
  • Consent (Art. 6(1)(a)): Marketing communications and optional analytics cookies — you may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations.
4. How We Share Your Data

We do not sell your personal data. We may share it with:

  • Service providers acting as data processors (hosting, payment processors, email delivery).
  • Public leaderboards display your username and score — you can manage visibility in your profile settings.
  • Regulatory authorities where required by law.
5. Data Retention
We retain your personal data for as long as your account is active. After account deletion:
  • Profile and usage data: deleted within 30 days.
  • Transaction and financial records: retained for 7 years as required by tax law.
  • Activity logs: retained for 90 days for security purposes.
6. Your Rights (GDPR Arts. 15–22)

As an EU data subject, you have the following rights:

  • Right to Access (Art. 15): Request a copy of your personal data.
  • Right to Rectification (Art. 16): Correct inaccurate data in your profile settings.
  • Right to Erasure (Art. 17): Request deletion of your account and data.
  • Right to Restrict Processing (Art. 18): Request we limit how we process your data.
  • Right to Data Portability (Art. 20): Download your data in machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for marketing.
  • Right to Withdraw Consent (Art. 7): Withdraw marketing or cookie consent at any time without affecting prior processing.

Exercise your rights via your Privacy Centre or by emailing us.

7. Cookies
We use cookies to operate the platform. For details on cookie categories and your choices, see our Cookie Policy.
8. International Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33–34.
10. Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
11. Policy Changes
We may update this policy from time to time. We will notify you of significant changes by email or via a notice on the platform. The "Last updated" date at the top of this page always reflects the current version.
Cookie Policy