Privacy Policy

1. Scope

This policy describes how Quizzer collects, uses, shares, and protects information when you use our web platform. It is written to match the current codebase and operating workflows rather than generic SaaS boilerplate.

This policy applies to Quizzer-controlled websites, services, and request flows. It does not govern third-party websites, embeds, payment channels, social platforms, or other services that we do not control even if they are linked from Quizzer.

2. How We Collect Information

• Directly from you when you create an account, complete learning activities, fill forms, contact us, upload content, or interact with classes, rooms, schools, and other features.
• Automatically from your browser, device, and session when you use the product, including through cookies, local storage, security telemetry, and analytics tooling.
• From schools, teachers, family or organizational contacts, and other users who add you to classes, rooms, schools, friend flows, or other collaborative contexts.
• From service providers and technical integrations when needed to operate authentication, messaging, storage, analytics, abuse review, and platform security workflows.

3. Data We Collect

3.1 Account and authentication data

• Account information such as email address, display name, profile image, role, and onboarding state.
• Authentication and security records needed to sign you in and protect the platform, including session state, OTP verification records, and related security-control records where applicable.

3.2 Learning and collaboration data

• Course, question, flashcard, exam, and lesson activity, including attempts, scores, progress, timings, and study history.
• Content you create or upload, such as questions, flashcards, notes, passages, and managed assets.
• Social and classroom data such as friend connections, room participation, class membership, teacher relationships, and school workspace membership.

3.3 Contact and commercial data

• Information you submit through authenticated contact forms, support flows, or partnership quote requests.
• Email delivery status and marketing unsubscribe state needed to operate platform messaging and respect opt-outs.
• Billing, invoice, or plan-related operational records where a purchase, school contract, or pricing workflow applies.

3.4 Technical, analytics, and security data

• Device, browser, IP, user-agent, coarse location, and session activity data used for security, fraud prevention, abuse review, and analytics.
• Hashed IP, network, and device-fingerprint signals used for longer-lived abuse detection without retaining raw network data for the same duration.
• Product analytics and feature usage data stored in the primary database and, where configured, forwarded in reduced form to analytics providers.

4. How We Use Data

• To create and secure accounts, authenticate sessions, and protect against fraud, abuse, or unauthorized access.
• To deliver learning features, store progress, score attempts, manage rooms, classes, schools, and collaboration features.
• To operate support, quote, and messaging workflows, including transactional emails and marketing unsubscribe handling.
• To measure product usage, improve question quality, review explanations, detect weak content, and improve platform reliability.
• To satisfy legal, compliance, moderation, and audit requirements.

5. Sharing and Visibility

We may disclose personal information to the categories below to operate the platform, respond to legal obligations, and protect users. Quizzer is not described here as a traditional data-broker service, but some online disclosures, analytics integrations, or cross-context tracking events may be regulated differently under certain privacy laws.

• Teachers, school staff, and authorized platform staff may see relevant learner progress or operational records when your account is part of a class or school workflow.
• Certain profile, activity, classroom, room, leaderboard, or collaborative information may be visible to other users depending on the product feature, workflow, and your settings.
• Service providers may process limited data to operate the platform, including Supabase, managed PostgreSQL and storage infrastructure, Pusher, Resend, PostHog, and Vercel services.
• External content providers or linked services may receive data from your browser when you open their content, pages, embeds, or downloads from within Quizzer.
• We may disclose data to professional advisers, auditors, transaction counterparties, or successor entities in connection with financing, diligence, reorganization, merger, asset sale, bankruptcy, or similar business events.
• We may disclose data when required by law, for incident response, or to protect the rights and safety of users and the platform.

6. Analytics, Cookies, and Product Improvement

Quizzer uses account-linked learning and product analytics to improve question quality, explanations, recommendations, classroom insight features, and abuse detection. Some analytics remain linked to accounts internally because they support progress views, teacher analytics, export tooling, and operational review.

Where we forward events to third-party analytics services, we aim to reduce direct identifiers and unnecessary internal object IDs. We do not intentionally use names or email addresses as model targets for user-facing learning features.

More detail about cookies and browser storage is available in our Cookie Policy. If applicable law gives you the right to opt out of sale, sharing, targeted advertising, or similar data uses, you can send a request to privacy@nexquizzer.com.

7. Security Safeguards

• Current OTP codes are stored as hashed values.
• OTP session proof cookies are signed and enforced on protected routes.
• Managed lesson, question, and exam assets are served through access-checked routes where that managed access path applies.
• Export routes, restricted internal tools, and security-risk workflows are permission-gated and audited.
• We use administrative, technical, and operational controls intended to reduce unauthorized access, misuse, loss, and accidental disclosure.

No internet system is perfectly secure, but we aim to minimize exposure, restrict access, and reduce unnecessary retention. This policy is not a warranty that unauthorized access or security incidents will never occur.

8. Retention

We retain different categories of data for different operational and security reasons. Current internal targets include a short window for raw session telemetry, generally around 30 days, and longer windows for hashed security signals and audit data where needed for abuse review or accountability.

Some retention workflows are documented and partially implemented; not every purge or archive path is fully automated yet. VIP card redemption records do not store IP address or user-agent fields.

We may retain information longer where reasonably necessary to comply with law, resolve disputes, enforce agreements, investigate abuse, preserve evidence, maintain backups, or complete security and audit workflows.

9. Your Choices and Requests

• You can update account and profile information inside the product where those settings are available.
• You can opt out of marketing emails through the unsubscribe link included in eligible messages.
• Depending on your jurisdiction, you may have rights to ask for access, know, export, correction, deletion, restriction, or opt-out review regarding certain personal information.
• You can request privacy support, export, correction, deletion, or applicable opt-out review by emailing privacy@nexquizzer.com. Some requests require identity and operational verification, and we may deny or limit a request where permitted by law.
• Where applicable law prohibits discrimination for exercising privacy rights, we will not deny those rights because you made a qualifying request. Some features may still require certain data to function.

10. Children and School Use

Quizzer is used in educational contexts and may be accessed by minors. If Quizzer is used in a school setting and law requires parent, guardian, school, or organizational authorization for a user or deployment, we may rely on that authorization where permitted and may also request additional information or action when needed to satisfy legal or operational requirements.

If you believe a child has provided personal information to Quizzer without appropriate authorization, contact privacy@nexquizzer.com so we can review the situation and respond appropriately.

11. International Transfers

Platform data may be processed in countries outside your home jurisdiction depending on our infrastructure, vendors, and support operations. By using the service, you acknowledge that information may be transferred to and processed in locations where privacy laws may differ from those in your jurisdiction.

12. Changes to This Policy

We may update this policy from time to time to reflect product, vendor, legal, or operational changes. When we do, we will update the “Last updated” date at the top of this page and may provide additional notice where required by law or where the changes are material.

13. Contact