Privacy Policy

Last Updated: November 5, 2025

1. INTRODUCTION

QuintiGr Games j.d.o.o. ("we," "us," or "our") operates the Kwizzdom mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use Kwizzdom.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:

QuintiGr Games j.d.o.o.

Location: Croatia, Brodsko-posavska županija

Contact: kwizzdom.contact@gmail.com

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Username
  • Email address
  • Password (stored in encrypted/hashed format)
  • Country of residence
  • Profile picture (optional - either from Google or uploaded by you)

Financial Information:

  • Stripe Express Connect account details (processed and stored by Stripe, not by us)
  • Bank account information for withdrawals (processed and stored by Stripe)
  • Transaction history (ticket purchases, withdrawals, donations)

Communication Information:

  • Messages you send to our customer support
  • Feedback and correspondence

2.2 Information We Collect Automatically

Usage Data:

  • Quiz participation records
  • Scores and rankings
  • Win/loss records
  • Ticket usage history
  • Winnings and redemption history
  • Login activity and timestamps

Technical Data:

  • JWT authentication tokens (stored as cookies for session management)
  • Basic server logs for security and troubleshooting

2.3 Information We Do NOT Collect

We currently do NOT collect:

  • IP addresses
  • Device identifiers
  • Operating system details
  • Analytics or tracking data
  • Location data beyond country selection
  • Browsing behavior or cookies for advertising

2.4 Information from Third Parties

Google OAuth:

When you sign in with Google, we receive:

  • Your name
  • Email address
  • Profile picture
  • Google account ID

Stripe:

When you make purchases or set up withdrawals, Stripe processes your payment information. We receive confirmation of transactions but do not store your credit card or banking details.

3. HOW WE USE YOUR INFORMATION

3.1 Legal Bases for Processing (GDPR)

We process your personal information based on the following legal grounds:

Contract Performance (GDPR Art. 6(1)(b)):

  • Creating and managing your account
  • Processing ticket purchases
  • Operating quiz competitions
  • Calculating and distributing winnings
  • Processing withdrawals

Legitimate Interests (GDPR Art. 6(1)(f)):

  • Detecting and preventing fraud and cheating
  • Improving our Service
  • Ensuring platform security
  • Customer support

Legal Obligation (GDPR Art. 6(1)(c)):

  • Retaining financial records for tax compliance
  • Complying with anti-money laundering regulations
  • Responding to legal requests

Consent (GDPR Art. 6(1)(a)):

  • Sending promotional communications (if you opt in)

3.2 Specific Uses

We use your information to:

Service Delivery:

  • Create and manage your account
  • Authenticate your identity
  • Process ticket purchases and quiz entries
  • Calculate scores and rankings
  • Distribute winnings
  • Process withdrawal requests
  • Manage charitable donations

Communication:

  • Send transactional emails (purchase confirmations, withdrawal updates)
  • Respond to your inquiries and support requests
  • Send important Service updates
  • Notify you of Terms or Privacy Policy changes

Safety and Security:

  • Detect and prevent fraud, cheating, and abuse
  • Enforce our Terms of Service
  • Protect against unauthorized access
  • Investigate suspicious activity

Business Operations:

  • Analyze Service performance and user engagement
  • Improve quiz content and user experience
  • Comply with legal and regulatory requirements
  • Maintain financial records

Legal Compliance:

  • Fulfill tax reporting obligations
  • Respond to legal processes and government requests
  • Protect our legal rights

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers

We share information with third-party service providers who help us operate the Service:

Stripe (Payment Processing):

  • Processes ticket purchases and withdrawals
  • Handles Express Connect account setup
  • Manages payment verification and fraud detection
Privacy Policy →

Amazon Web Services (AWS):

  • Hosts our servers (EC2 instances)
  • Stores our database (RDS)
  • Stores profile pictures (S3)
Privacy Policy →

Google (Authentication):

  • Provides OAuth authentication
  • Sends transactional emails via Gmail
Privacy Policy →

4.2 Charitable Organizations

We share donation information with recipient charitable organizations, including:

  • Donation amounts
  • Donation dates
  • Aggregate donation totals (not individual donor identities unless required)

4.3 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations (court orders, subpoenas)
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activity
  • Protect the safety of users or the public

4.4 Business Transfers

If QuintiGr Games j.d.o.o. is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different Privacy Policy.

4.5 What We Do NOT Do

We do NOT:

  • Sell your personal information to third parties
  • Share your information for advertising purposes
  • Use third-party analytics or tracking services
  • Share your information for marketing by other companies

5. DATA RETENTION

5.1 Active Accounts

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

5.2 Inactive Accounts

If you do not log in for 1 year:

  • Unclaimed winnings will be forfeited
  • Your account may be deactivated
  • Personal data may be deleted (except as noted below)

5.3 Financial Records

In compliance with Croatian tax law and financial regulations, we retain:

  • Transaction records: 7 years after the transaction
  • Purchase history: 7 years
  • Withdrawal records: 7 years
  • Donation records: 7 years

This retention is necessary for legal compliance even after account deletion.

5.4 After Account Deletion

When you request account deletion:

  • Personal identifiable information is deleted within 30 days
  • Financial transaction records are retained for 7 years (anonymized where possible)
  • Aggregated, non-identifiable data may be retained indefinitely

6. YOUR RIGHTS UNDER GDPR

As a user in the European Union, you have the following rights:

6.1 Right to Access (Art. 15)

You can request a copy of the personal information we hold about you.

6.2 Right to Rectification (Art. 16)

You can update or correct your personal information through your account settings or by contacting us.

6.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your personal information by emailing kwizzdom.contact@gmail.com. We will process your request within 30 days. Note: Financial records will be retained for 7 years as required by law.

6.4 Right to Restriction of Processing (Art. 18)

You can request that we limit how we use your information in certain circumstances.

6.5 Right to Data Portability (Art. 20)

You can request a copy of your data in a structured, machine-readable format.

6.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

6.7 Right to Withdraw Consent (Art. 7(3))

Where we process data based on consent, you can withdraw consent at any time.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority (in Croatia: Croatian Personal Data Protection Agency - AZOP).

To Exercise Your Rights:

Email us at: kwizzdom.contact@gmail.com

We will respond within 30 days of your request.

7. DATA SECURITY

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

Technical Measures:

  • Passwords are hashed and encrypted
  • Secure HTTPS connections
  • JWT token-based authentication
  • AWS security infrastructure
  • Stripe's PCI-DSS compliant payment processing

Organizational Measures:

  • Access controls and authentication
  • Regular security assessments
  • Employee confidentiality agreements
  • Incident response procedures

7.2 Your Responsibility

You are responsible for:

  • Keeping your password confidential
  • Not sharing your account credentials
  • Using a strong, unique password
  • Logging out of shared devices

7.3 Data Breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users within 72 hours
  • Report to the Croatian data protection authority (AZOP)
  • Take immediate steps to mitigate harm

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Storage Location

Your data is primarily stored on AWS servers. AWS maintains data centers in multiple regions, and your data may be stored in the EU or other locations with adequate data protection standards.

8.2 Third-Party Transfers

Some service providers (like Stripe) may transfer data internationally. These providers use:

  • Standard Contractual Clauses (SCCs)
  • Adequate safeguards as approved by the European Commission
  • Compliance with GDPR requirements for international transfers

9. COOKIES AND TRACKING

9.1 Cookies We Use

We use minimal cookies for essential functionality:

Strictly Necessary Cookies:

  • JWT authentication tokens (to keep you logged in)
  • Session management

Duration: Session cookies (deleted when you close your browser) or persistent cookies (remain until expiration/logout)

9.2 What We Don't Use

We do NOT currently use:

  • Analytics cookies (Google Analytics, etc.)
  • Advertising cookies
  • Social media tracking pixels
  • Third-party tracking cookies

9.3 Cookie Management

You can manage cookies through your browser settings. Note that disabling authentication cookies will prevent you from logging in.

For more details, see our separate Cookie Policy.

10. CHILDREN'S PRIVACY

Kwizzdom is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18.

If we become aware that we have collected information from someone under 18, we will:

  • Delete the account immediately
  • Remove all personal information
  • Forfeit any remaining balances

If you believe we have collected information from a minor, please contact us at kwizzdom.contact@gmail.com.

11. CHANGES TO THIS PRIVACY POLICY

11.1 Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes to our practices
  • Legal or regulatory requirements
  • New features or services

11.2 Notification

We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date
  • Sending email notifications (for significant changes)
  • In-app notifications

11.3 Your Acceptance

Your continued use of Kwizzdom after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should stop using the Service and request account deletion.

12. THIRD-PARTY LINKS

The Service may contain links to third-party websites or services (such as Stripe's Express Connect setup). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. DATA PROTECTION OFFICER

For any privacy-related questions or concerns, you can contact us at:

Privacy Contact:

Email: kwizzdom.contact@gmail.com

Response Time: Within 30 days

General Contact:

QuintiGr Games j.d.o.o.

Email: kwizzdom.contact@gmail.com

Website: kwizzdom.com

Supervisory Authority (Croatia):

Croatian Personal Data Protection Agency

(Agencija za zaštitu osobnih podataka - AZOP)

Website: https://azop.hr/

14. CALIFORNIA RESIDENTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to request deletion
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at kwizzdom.contact@gmail.com.

15. AUTOMATED DECISION-MAKING

15.1 Scoring and Rankings

Quiz scores and rankings are calculated automatically based on:

  • Correctness of answers
  • Speed of response

These calculations are objective and based on your performance. They do not involve profiling or decision-making that significantly affects your rights.

15.2 Fraud Detection

We may use automated systems to detect suspicious activity or cheating. If your account is flagged:

  • You will be notified
  • You can contest the decision
  • Human review is available upon request

16. YOUR CONSENT

By using Kwizzdom, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein.

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us at kwizzdom.contact@gmail.com.