1. General Provisions
This Privacy Policy describes what personal data the Qwizoo platform (qwizoo.com) collects and processes, how it is used and protected. By using Qwizoo, you agree to the terms of this Policy.
Qwizoo is an online platform for creating interactive quizzes and collecting leads. The platform is operated by an individual. Contact: hello@qwizoo.com.
2. What Personal Data We Collect
2.1. Registration and account data
When registering and using your personal account we collect: name, email address, password (stored exclusively as a bcrypt hash), Google or GitHub ID when registering via OAuth, date and time of registration.
2.2. Quiz completion data
When a visitor completes a public quiz, we automatically collect: IP address, device type, browser and operating system, browser language, country and city (determined locally from IP address without external requests), UTM parameters and HTTP Referer, quiz answers, completion time. If the quiz owner has configured hidden fields, additional URL parameters (e.g. `?source=google`) are also stored in submission data without being displayed to the visitor. This also applies to quizzes embedded via the Qwizoo WordPress plugin — the data collection process is identical to regular web embeds.
2.3. Lead contact details
If the quiz includes a contact form, we receive the data entered by the visitor: name, email address, phone number.
2.4. Payment information
Payments are processed by Paddle (Merchant of Record). Qwizoo does not store card numbers or payment data. We only store: Paddle customer ID, subscription status and dates, information about refund guarantee usage.
2.5. SMS verification (optional)
If the quiz owner has enabled SMS OTP verification, the phone number and OTP code hash are temporarily stored. Data is automatically deleted 5 minutes after the code expires.
2.6. Uploaded files
Quiz images (logo, cover background) — up to 5 MB, stored in S3/Cloudflare R2 cloud storage.
3. How We Use Data
- To provide the Qwizoo service and manage your account
- To send transactional emails: email verification, password reset, new lead notifications
- To AI-generate personalised quiz recommendations and follow-up emails (via Anthropic Claude)
- To automatically determine lead scores — hot/warm/cold (Premium only)
- To provide analytics: quiz statistics, conversion rates, step-by-step drop-off
- To process payments and manage subscriptions via Paddle
- To prevent fraud, spam and protect the platform
4. Third-Party Data Sharing
To operate the platform we use the following third-party services. Each processes data according to its own Privacy Policy:
| Service | Purpose | Data shared |
|---|---|---|
| Paddle | Billing (Merchant of Record) | Email, name, plan |
| Resend | Transactional email | Email, name, email body |
| Anthropic (Claude) | AI: generation, follow-up, scoring | Quiz answers, business context |
| Twilio | SMS OTP (optional) | Phone number |
| OAuth login, Google Sheets | Email, name; leads (when Sheets connected) | |
| SendPulse | Email/push notifications (when integration is connected) | Lead email, name |
| GitHub | OAuth login | Email, name |
| Cloudflare Turnstile | CAPTCHA | IP, User-Agent |
| Railway | Database & Redis hosting | All stored data |
| Qwizoo WordPress Plugin | Connecting WordPress sites to the Qwizoo platform via API key | Encrypted API key (stored in WordPress database), quiz list (cached) |
We do not sell personal data to third parties or share it for advertising purposes without your consent.
5. Data Storage and Security
Data is stored in a PostgreSQL database on Railway infrastructure (EU/US). Passwords are stored exclusively as bcrypt hashes (12 rounds). Access tokens have a limited lifespan (access token — 15 minutes, refresh token — 30 days). All connections are secured with HTTPS. Images are stored in S3/Cloudflare R2 with public access only to uploaded files.
We take technical and organisational measures to protect your data from unauthorised access, loss or damage. However, no method of Internet transmission is 100% secure.
6. Cookies and Local Storage
Qwizoo does not use advertising or tracking cookies. To maintain an authorised session we store a JWT token in the browser's localStorage — this is not a cookie in the technical sense but serves a similar function. The token is automatically deleted when you log out or when it expires.
If a quiz owner connects Google Analytics, Google Tag Manager or advertising pixels through their quiz settings — responsibility for informing visitors about such cookies rests with the quiz owner. If a quiz includes a video step with an embedded YouTube or Vimeo video — when that step loads, those services may set their own cookies in the visitor's browser. It is the quiz owner's responsibility to inform visitors accordingly.
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
Right of access
You may request a copy of the personal data we hold about you. Send your request to hello@qwizoo.com.
Right to rectification
You may update your name and email address in your account settings.
Right to erasure
You may delete your account under Settings → Delete account. All your data (quizzes, leads, analytics) will be permanently deleted.
Right to data portability
Lead data can be exported in CSV format via the Leads section of your account.
Right to object
You may opt out of follow-up emails by clicking the unsubscribe link in any email.
To exercise any of these rights or for any questions — contact hello@qwizoo.com.
8. Children's Data
Qwizoo is not intended for persons under 18 and does not knowingly collect personal data from children. If you become aware that a child has provided us with their data — contact hello@qwizoo.com and we will delete it promptly.
9. Policy Changes
We reserve the right to update this Policy. In the event of material changes we will notify you by email or via a notice in the platform interface. By continuing to use Qwizoo after a Policy update you accept the new version.
10. Contact
For questions about this Privacy Policy and personal data protection please contact: