Privacy Policy
Last updated: 4 June 2026
This Privacy Policy explains how your personal data is collected, used, shared, and protected when you use the QuizLocky mobile application and the website at quizlocky.site (together, the "Service"). It also describes your rights under the EU General Data Protection Regulation (the "GDPR"), as applied in Sweden, and under other applicable privacy laws.
1. Who is responsible for your data (Data Controller)
The data controller responsible for your personal data is:
2. The personal data we collect
We collect only the data described below. We do not collect special-category data (such as health, religion, or biometric data), and we do not ask for your date of birth or precise location.
| Category | What it includes | Why & legal basis |
|---|---|---|
| Account data | Email address; a password (stored only in hashed form by our authentication provider — we never see your raw password). With "Sign in with Apple", the identifier and any email Apple shares. | To create and secure your account. Performance of a contract. |
| Onboarding & profile | An optional name/nickname, the subjects you study, your goals and study challenges, and your self-estimated daily screen-time. You can use the app without giving a name. | To personalize your plan. Consent / contract. |
| Study content | Material you add — text you paste, PDFs you import, and photos of notes — plus the flashcards and quizzes generated from it. | To generate and store your decks. Performance of a contract. |
| Usage & progress | Your decks, cards, study sessions, scores, streaks, XP, and in-app activity needed to run features. | Progress, streaks, stats. Contract / legitimate interests. |
| Subscription data | Your subscription status (trial, active, expired) and related transaction identifiers from Apple / RevenueCat. We never receive your full card number. | To manage your subscription. Contract / legal obligation. |
| Technical & diagnostic | Basic technical information needed to operate and secure the Service and to fix crashes or errors. | Reliability & security. Legitimate interests. |
3. Data we deliberately do NOT collect: your blocked apps
QuizLocky's app-locking uses Apple's Screen Time / Family Controls framework. The selection of apps and categories you choose to lock is stored and enforced by Apple entirely on your device, using Apple's privacy-preserving tokens. This information is never transmitted to us and is never stored on our servers. We cannot see which apps you block.
4. How we use your data
- To create, secure, and manage your account.
- To generate flashcards, quizzes, and AI study-coach responses from material you provide.
- To personalize your study plan and tailor the app experience.
- To track your progress, streaks, and statistics.
- To send reminders and notifications you have enabled (you can turn these off at any time).
- To process and manage your subscription and provide customer support.
- To maintain the security, integrity, and reliability of the Service and to comply with our legal obligations.
We do not use your data for advertising, we do not sell or rent your personal data, and we do not carry out automated decision-making that produces legal or similarly significant effects on you.
5. AI processing of your material
To turn your material into study cards and to power the study coach, the text, document content, or image you submit is sent — through our secure backend — to our AI processing provider, OpenAI, which generates the result and returns it to you. We send only what is necessary to produce your cards or coach reply. This content is used to deliver the feature to you and is not used by us to build advertising or marketing profiles. Please do not paste sensitive personal information about yourself or others into study material.
6. Who we share data with (processors & recipients)
We never sell your data. We share data only with the service providers that operate QuizLocky, each acting as our processor under a data-processing agreement:
- Supabase — database, authentication, and secure backend hosting.
- OpenAI — AI generation of study cards and coach responses.
- RevenueCat — subscription management.
- Apple — payment processing and "Sign in with Apple".
We may also disclose data if required by law, to enforce our Terms, or to protect the rights, safety, and security of our users and the Service.
7. International data transfers
Some of our providers process data outside the EU/EEA, including in the United States. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards approved under the GDPR — such as the European Commission's Standard Contractual Clauses and, where applicable, the provider's certification under an approved data-transfer framework. Contact us for more information about these safeguards.
8. How long we keep your data
We keep your personal data for as long as your account is active. When you delete your account from within the app, your account and associated study data are deleted from our active systems. We may retain limited information where necessary to comply with legal obligations (for example, records relating to transactions), to resolve disputes, or to enforce our agreements, after which it is deleted or anonymized.
9. How we protect your data
Data is transmitted over encrypted connections (HTTPS/TLS) and stored in databases that are encrypted at rest. We apply strict access controls and row-level security so that you can only access your own data and one user cannot read another user's information. Access to systems is limited to what is necessary to operate the Service.
10. Your rights under the GDPR
If you are in the EU/EEA (including Sweden), you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten") — you can do this yourself by deleting your account in the app.
- Restrict or object to certain processing, including processing based on legitimate interests.
- Data portability — receive your data in a portable format.
- Withdraw consent at any time where processing is based on consent (this does not affect processing already carried out).
To exercise any of these rights, contact us at support@quizlocky.site. We will respond within the timeframes required by law.
11. Right to lodge a complaint
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. In Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) — imy.se.
12. Children
QuizLocky is intended for users aged 13 and over. We do not knowingly collect personal data from children under that age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@quizlocky.site and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, where the changes are significant, notify you within the app. Your continued use of the Service after an update means you accept the revised policy.
14. Contact us
For any questions about this policy or your personal data, contact us at support@quizlocky.site.
← Back to QuizLocky