Privacy Policy
Last updated: 16 March 2026
1. Controller
The controller responsible for this service is:
Oleg Anedchenko
Address: Berlin, Germany
Email: privacy@quiznia.com
Oleg Anedchenko operates this platform and determines the purposes and means of processing personal data.
2. Hosting and infrastructure
This service is hosted on infrastructure provided by Scaleway SAS in the European Union.
The application servers, databases, and storage used to operate the platform are located within the EU.
Scaleway processes data on our behalf as a data processor under a Data Processing Agreement incorporated into their Terms of Service.
3. Personal data we collect
Account data
When you create an account we collect:
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Account identification, login, transactional communication (verification, password reset) | Art. 6(1)(b) GDPR |
| Display name (if provided) | Displayed alongside your public content | Art. 6(1)(b) GDPR |
| Password | Authentication (stored only as a secure one-way hash) | Art. 6(1)(b) GDPR |
Providing this information is necessary to create an account and use account-based features.
Session and authentication data
To operate login and account security mechanisms we process temporary authentication data:
| Data | Purpose | Legal basis |
|---|---|---|
| Refresh tokens | Maintaining login sessions | Art. 6(1)(b) GDPR |
| Verification tokens | Email verification, password reset, account deletion confirmation | Art. 6(1)(b) GDPR |
| Authentication session data | Secure operation of the login system | Art. 6(1)(b) GDPR |
These items are stored only for the time required for authentication.
User-generated content
If you create quizzes or upload content to the platform, we store that content so the service can function.
| Data | Purpose | Legal basis |
|---|---|---|
| Quiz questions, answers, and other content | Displaying quizzes and enabling users to participate | Art. 6(1)(b) GDPR |
| Uploaded images (if applicable) | Display as part of quiz content | Art. 6(1)(b) GDPR |
| Profile picture (optional) | Display on your profile | Art. 6(1)(b) GDPR |
Content reports and abuse prevention
If users report content for moderation we may process limited information necessary to review the report.
| Data | Purpose | Legal basis |
|---|---|---|
| Report description | Content moderation | Art. 6(1)(f) GDPR |
| IP address (anonymised or pseudonymised) | Abuse prevention and security | Art. 6(1)(f) GDPR |
Our legitimate interest is maintaining a safe and functional platform.
4. Analytics
We use a self-hosted instance of Umami analytics to understand how the platform is used. This script is loaded on all pages in production.
This system is configured to operate without advertising trackers and without identifying individual users.
Collected information may include:
- page views
- referrer pages
- browser type
- approximate country
- visited pages
- timestamps
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving the service.
5. Cookies
The service is designed to operate without advertising cookies or behavioural tracking technologies.
Session cookies or similar mechanisms may be used where technically necessary for login or basic platform functionality.
6. Server logs and security
For technical and security purposes, our servers may temporarily process technical information such as:
- IP address
- request timestamps
- accessed pages
- browser information
This information helps ensure system security, detect abuse, and maintain service stability.
Legal basis: Art. 6(1)(f) GDPR.
7. Sub-processors
We rely on infrastructure providers to operate the service.
| Provider | Purpose | Location |
|---|---|---|
| Scaleway SAS | Cloud hosting, storage, infrastructure | European Union |
These providers process data only under our instructions.
8. Data retention
Personal data is stored only as long as necessary to operate the service.
| Data | Retention |
|---|---|
| Account data | Until the account is deleted |
| User-generated content | Until deleted by the user or account removal |
| Authentication tokens | Until logout, expiration, or account deletion |
| Content reports | Up to 12 months after resolution |
| Server logs | Up to 30 days |
| Encrypted backups | Up to 30 days |
Backup data may persist temporarily until automatically overwritten.
9. Security
We implement reasonable technical and organisational measures to protect personal data.
Examples include:
- encrypted network connections (TLS)
- secure password hashing
- restricted administrative access
- encrypted backups
However, no system can guarantee absolute security.
10. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on users.
11. Your rights
Under the GDPR you have the right to:
| Right | Article |
|---|---|
| Access your personal data | Art. 15 GDPR |
| Correct inaccurate data | Art. 16 GDPR |
| Request deletion of your data | Art. 17 GDPR |
| Restrict processing | Art. 18 GDPR |
| Data portability | Art. 20 GDPR |
| Object to processing based on legitimate interest | Art. 21 GDPR |
You may contact us at privacy@quiznia.com to exercise these rights.
We will respond within 30 days.
12. Right to complain
If you believe your personal data is processed unlawfully, you have the right to lodge a complaint with a supervisory authority.
In Berlin this authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstraße 219 10969 Berlin https://www.datenschutz-berlin.de
13. Changes to this policy
We may update this Privacy Policy if the service or legal requirements change.
The current version will always be available on this page.