Privacy Policy

This Privacy Policy explains how personal data is collected, processed, and stored when using the Quizly web application (“Service”).

1. Data Controller

The data controller responsible for data processing under applicable data protection laws is:

Name: Simon Maximilian Heistermann

Address: Mutter-Teresa-Weg 6, 46325 Borken, Germany

Email: business@heistermann-solutions.de

2. Legal Basis for Processing

Personal data is processed in accordance with Art. 6(1) GDPR, primarily based on:

• Consent (Art. 6(1)(a) GDPR)
• Contract performance (Art. 6(1)(b) GDPR)
• Legitimate interest in operating and securing the Service (Art. 6(1)(f) GDPR)

3. Data Collected

When using the Service, the following personal data may be processed:

• Email address and authentication credentials
• User-generated content (e.g. quizzes, titles, descriptions)
• Technical data such as IP address, browser type, operating system
• Log data related to system security and error analysis

4. Authentication & Cookies

Quizly uses authentication cookies containing JSON Web Tokens (JWT) to manage user sessions. These cookies are strictly necessary for the operation of the Service and cannot be disabled.

Cookies are used exclusively for authentication, security, and session management purposes. No tracking or advertising cookies are used.

5. Hosting & Infrastructure

The Service is hosted on servers located within the European Union or jurisdictions with an adequate level of data protection. Technical service providers may process data only on our instructions and in compliance with GDPR.

6. External Services & APIs

For core functionality, third-party services may be used to process content provided by users (e.g. video processing, transcription, or AI-based text generation).

Data is transmitted only to the extent necessary to provide the requested functionality. No personal data is sold or shared for marketing purposes.

7. Data Storage & Retention

Personal data is stored only for as long as necessary to fulfill the purpose for which it was collected or to comply with legal obligations. Users may request deletion of their data at any time, unless retention is required by law.

8. User Rights

Under the GDPR, users have the right to:

• Access their stored personal data
• Request correction of inaccurate data
• Request deletion of their data
• Restrict or object to data processing
• Data portability

Requests can be made via email to the contact address listed above.

9. Data Security

Appropriate technical and organizational security measures are implemented to protect personal data against unauthorized access, loss, or manipulation.

10. Changes to this Privacy Policy

This Privacy Policy may be updated to reflect legal or technical changes. The latest version will always be available on this page.