Legal
Privacy Policy
Last updated: May 13, 2026
TL;DR
QuizMi is a real-time multiplayer trivia game. To play, you sign in with Google or Apple (or stay anonymous), and we store the gameplay data needed to match you with opponents, run the game, and rank players. We use a small number of named sub-processors (listed below). We don't sell your personal data. You can delete your account from inside the app at any time.
Who we are
QuizMi (the "Service") is provided by the QuizMi team ("we", "us"). You can reach us at hello@quizmi.app. This policy covers the QuizMi mobile app (iOS and Android) and the QuizMi website at quizmi.app.
Information we collect
Account data
When you sign in with Google or Apple, the provider shares with us your email address, your display name, and a stable user identifier (the OAuth sub claim). Apple users who choose "Hide My Email" share a private relay address instead of their real email. We pass these to Supabase Auth, which issues you a QuizMi user ID. You can also play anonymously; in that case no email or name is collected until you choose to link an account.
Gameplay data
Matches you join, answers you submit, scores, levels, XP, category-by-category history, leaderboard rankings, friend relationships, challenges, and rewards. This data is stored on our real-time game backend (SpacetimeDB, hosted by Clockwork Labs).
Device and connection data
IP address, device type, operating system, app version, and crash/diagnostic information. This is collected automatically when your device connects to our services. We use it to operate the Service, prevent abuse, and debug issues.
Advertising and reward data
QuizMi shows Google AdMob rewarded ads. When you complete a rewarded ad, Google sends us a server-side verification callback containing your QuizMi user ID, the ad unit, a transaction ID, and a timestamp; we store this in a private audit table to prevent fraud. We do not receive your Google advertising ID directly from this callback. Standard ad personalization data (such as your mobile advertising ID) is handled by Google AdMob under its own policy.
Product analytics
We use PostHog to understand how players use QuizMi. Analytics events are keyed by your QuizMi user ID; we deliberately exclude personally identifying fields such as your display name and avatar URL from analytics events.
How we use information
- Operate the game — match you with opponents, run the round timer, score answers, build leaderboards.
- Identify you across sessions so your level, XP, friends, and history persist.
- Show rewarded ads and verify completions to credit Sparks.
- Debug crashes, fight abuse and cheating, and improve the product.
- Communicate service updates (e.g. major policy changes). We do not send marketing email unless you opt in.
Who processes your data
We use a small number of sub-processors. Each acts on our instructions under its own privacy policy:
| Sub-processor | Purpose | Policy |
|---|---|---|
| Supabase | Authentication, database, edge functions. | link |
| Clockwork Labs (SpacetimeDB) | Real-time game state hosting. | link |
| Google (Sign in with Google) | OAuth sign-in. | link |
| Apple (Sign in with Apple) | OAuth sign-in. | link |
| Google AdMob | Rewarded video ads and server-side verification. | link |
| PostHog | Product analytics. | link |
| Apple App Store & Google Play | App distribution and in-app purchases. | link / link |
What other players see
QuizMi is a multiplayer game. Your display name, avatar, level, and ranks are visible to opponents you are matched against, to friends you add, and on public leaderboards. Your email, sign-in provider identifiers, and ad reward history are not shown to other players.
Advertising
QuizMi shows Google AdMob rewarded ads inside the mobile app. In the European Economic Area, the United Kingdom, and Switzerland, we show a consent prompt (powered by Google's User Messaging Platform) the first time you open the app so you can choose between personalized and non-personalized ads. Outside those regions, ads may be personalized based on signals collected by AdMob under Google's policies. You can reset your advertising ID at any time in your device settings.
In-app purchases
If you buy Sparks or other in-app items, the transaction is processed by Apple App Store or Google Play. QuizMi receives a receipt confirming the purchase and the amount; we do not see your card number, billing address, or other payment credentials.
Children
QuizMi is not directed to children under the age of 13 (or under 16 in the European Economic Area where local law sets a higher minimum age). We do not knowingly collect personal data from anyone below that age. If you believe a child has provided us data, contact us at hello@quizmi.app and we will delete it.
Data retention
We keep your account and gameplay data for as long as your account exists. When you delete your account, we remove your profile, gameplay history, friend relationships, and leaderboard rows within 30 days. Encrypted backups containing the deleted data roll off within a further 30 days. Ad reward verification logs may be retained for up to 12 months for fraud prevention even after account deletion; they are keyed to a Supabase user ID that is no longer linked to any identifying account.
Your rights
Delete your account
You can delete your QuizMi account at any time from Settings → Account → Delete Account inside the mobile app. You can also email hello@quizmi.app and we will process the deletion. See the data retention section above for what gets deleted and on what timeline.
Access, correction, portability
You can request a copy of the personal data we hold about you, ask us to correct inaccurate data, or ask for a portable export. Contact hello@quizmi.app.
EEA / UK (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights of access, rectification, erasure, restriction, portability, and objection under the GDPR / UK GDPR. Our legal bases are: performance of a contract (running the game once you have an account), legitimate interests (security, fraud prevention, product improvement), and consent (personalized advertising in the EEA / UK / CH). You can lodge a complaint with your local data-protection authority.
California (CCPA / CPRA)
California residents have the right to know, delete, correct, and limit use of personal information, and to opt out of sale or sharing for cross-context behavioral advertising. We do not sell personal information for money. To exercise any of these rights, contact hello@quizmi.app.
International transfers
Our sub-processors are located primarily in the United States. When we transfer personal data of EEA, UK, or Swiss users to the U.S., we rely on the EU-US and UK-US Data Privacy Framework where the recipient is certified, and otherwise on Standard Contractual Clauses.
Security
We use TLS for traffic between your device and our backend, store credentials hashed and salted at our auth provider (Supabase), encrypt our database at rest, and limit administrative access. No system is perfectly secure, and we cannot guarantee absolute security.
Changes to this policy
We will update this page when our practices change and bump the "Last updated" date at the top. If the changes are material we will also notify you in the app or by email.
Contact
Questions, requests, or complaints? Email hello@quizmi.app.