Privacy Policy

Last updated: 4/13/2026

1. Introduction

SnapToQuiz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services.

By using SnapToQuiz, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information you provide

  • Account information — your email address and the authentication method you use (a one-time login code sent to your email, Google sign-in, or Apple sign-in). We do not ask for, store, or transmit passwords; sign-in is handled entirely through one-time codes or trusted identity providers.
  • Photos you upload or capture for AI quiz generation. Photos are stored on our infrastructure and used to generate quiz questions.
  • Quiz and game data — your quiz attempts, scores, XP, streaks, battle results, language preferences, and leaderboard rankings.
  • Payment details when you subscribe or buy credits. Card numbers and bank details are collected and stored by Stripe; we never see or store your full payment instrument. We retain only billing metadata (plan, amount, currency, status, Stripe customer ID).
  • Contact form submissions — your name, email address, and message when you contact us.

Information collected automatically

  • Hashed IP address — we hash your IP using SHA-256 before storing it, so the original IP is not retained. The hash is used to derive approximate location (country, state, city) and to detect bots and abuse.
  • Device and browser information — device type, operating system, browser, screen and viewport size, language, timezone, online status, and User-Agent string. On native mobile builds we collect equivalent values from the device.
  • Authentication and session data — login history (auth method, device, timestamp), refresh-token records (kept for up to 90 days), and one-time-code records (purged after expiry).
  • Usage and analytics data — pages you visit, referrer URL, query parameters, features you use, quizzes you have taken, and photos you have uploaded.
  • Error and diagnostic logs — when something breaks, we record the error message, stack trace, URL, and basic device information so we can investigate and fix it.
  • Cookies and local storage — see our Cookie Policy for the full list and your choices.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our AI photo quiz service
  • Process your photos and generate quiz questions
  • Manage your account, subscription, and credits
  • Track your XP, streaks, battle results, and leaderboard rankings
  • Improve our AI models and quiz quality
  • Send service-related communications
  • Detect and prevent fraud or abuse

4. Legal Bases for Processing (EEA, UK, Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data only when we have a valid legal basis under GDPR / UK GDPR:

  • Contract — to create your account, generate your quizzes, manage your subscription, and provide customer support.
  • Legitimate interests — to keep SnapToQuiz secure, prevent fraud and abuse, debug errors, measure usage, and improve our AI models and product, in a way that is balanced against your rights.
  • Consent — for non-essential cookies and analytics, and for any optional marketing communications. You may withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation — to comply with tax, accounting, fraud-prevention, and law-enforcement requirements.

5. Data Retention

We keep different categories of data for different periods, depending on what they are used for:

  • Account, photos, and quiz history — for as long as your account is active. You can delete your entire account at any time from Account Settings.
  • Deleted accounts — soft-deleted for 30 days (so you can change your mind and reactivate by logging back in) and then permanently purged. When permanent deletion runs, your photos, quiz results, login history, and refresh tokens are deleted with the account. Anonymous operational records (page-visit logs, error logs, and billing transaction rows) are kept for the operational and legal purposes described below, but the link to your user account is removed so the records can no longer be associated with you.
  • Refresh tokens — up to 90 days, or until you log out.
  • One-time login codes — until they expire (a few minutes) and are then purged.
  • Billing and payment records — retained for the period required by tax and accounting laws (typically 7+ years), even after your account is deleted, with the user link removed.
  • Operational logs (page visits, error logs, login history, hashed IPs) — retained only as long as needed for security, fraud prevention, debugging, and product improvement.

6. Sub-processors and Data Sharing

We do not sell your personal information and we do not share it with advertisers. We rely on a small number of trusted sub-processors to operate the Service. Each one is bound by a data processing agreement and may only use your data on our instructions:

  • Hetzner Online GmbH (Germany / EU) — hosting and database infrastructure.
  • Cloudflare, Inc. (USA) — photo storage (Cloudflare Images) and content delivery. Cloudflare privacy.
  • Stripe, Inc. (USA) — payment processing, subscription billing, and PCI-compliant card storage. Stripe privacy.
  • Google LLC — Firebase Authentication — verifies the Google sign-in tokens we receive when you log in with Google. Firebase privacy.
  • Apple Inc. — Sign in with Apple — verifies the Apple sign-in tokens we receive when you log in with Apple. Apple privacy.
  • Resend — transactional email delivery (one-time login codes, account notifications, contact-form replies). Resend privacy.
  • PostHog Inc. (USA) — product analytics and session-replay tooling, loaded only if you accept analytics in our cookie banner. PostHog records pages you visit, clicks, and a replay of your in-page activity, and receives your user id, email, and display name once you are logged in. Session replay captures the visible page including text content and form input (with input masking enabled). PostHog privacy.
  • Google LLC — Firebase Analytics — event logging and screen tracking on native mobile builds, loaded only if you accept analytics. Once you are logged in, Firebase Analytics receives your user id, email, and subscription tier. Firebase privacy.
  • Zenixr CookieConsent — the cookie banner script loaded on every page. It receives your IP and country in order to determine which consent flow to show you (opt-in for the EEA/UK, opt-out for certain US states, otherwise auto-grant), and stores a record of the consent choice you make.
  • Google Fonts — to deliver the typefaces used on the site. Loading fonts shares your IP and User-Agent with Google.
  • Zenixr LLM API — our AI processing service. The photos you upload are sent to this service to generate your quiz questions. See section 8 for details.

We may also disclose information when we are legally required to (court order, lawful request, regulatory investigation), to enforce our Terms, or to protect the rights, safety, and property of SnapToQuiz, our users, or the public. If SnapToQuiz is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you and this Privacy Policy will continue to apply.

7. International Data Transfers

Our primary infrastructure is hosted in the European Union (Hetzner). Some of our sub-processors — including Stripe, Cloudflare, Firebase (Authentication and Analytics), PostHog, and Google Fonts — process data in the United States or other regions. Where personal data is transferred outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK / Swiss mechanisms.

8. AI Processing Notice

SnapToQuiz is an AI-powered service. When you upload or capture a photo, it is transmitted to our AI processing service (the Zenixr LLM API) where it is analyzed by a large language model to generate quiz questions. By using SnapToQuiz, you understand and agree that:

  • The photos you submit will be processed by an AI model in order to produce your quiz.
  • You must not submit photos containing personal data about other people without their consent, confidential information you are not authorized to share, or content that violates any third party's rights.
  • AI-generated quizzes are produced automatically and may contain errors, omissions, or inaccuracies. They are intended for entertainment and learning, not as authoritative educational or professional assessments.

9. Your Rights

Depending on where you live, you have some or all of the following rights over the personal data we hold about you:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to fix inaccurate or incomplete information.
  • Deletion ("right to be forgotten") — delete your account and associated data from Account Settings, or by contacting us.
  • Portability — request a machine-readable export of your data. Self-service export is not yet available; please email us and we will fulfill your request within the timeframe required by law.
  • Restriction or objection — ask us to limit how we process your data, or object to processing based on our legitimate interests.
  • Withdraw consent — for analytics or any optional processing, at any time, via the Cookie Policy manager or by contacting us.
  • Opt out of marketing communications.

EEA / UK / Swiss residents — you also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data properly.

California, Virginia, Colorado and other US state residents — you have rights to know what categories of personal data we collect, request access and deletion, correct inaccurate data, and opt out of "sales" or "sharing" of personal data for cross-context behavioral advertising. We do not sell or share personal data for advertising. You have the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, email us at [email protected] from the email address associated with your account. We may need to verify your identity before fulfilling the request, and we will respond within the timeframe required by applicable law.

10. Children's Privacy

SnapToQuiz is intended for users aged 18 and older and is not designed for or directed at children. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, please do not use the Service or provide any personal data. If we learn that we have collected personal information from a person under 18, we will delete it as soon as reasonably possible. If you believe a minor has provided us with personal data, please contact us at [email protected].

11. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. There is no industry-standard way to interpret DNT signals, so our first-party page-visit logging does not currently respond to them. However, our analytics provider PostHog is configured to respect DNT, which means PostHog tracking and session replay are automatically suppressed when your browser sends a DNT signal. You can also manage analytics directly through our cookie consent banner and your browser settings.

12. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and regular security audits. However, no method of transmission over the internet is 100% secure.

13. Hosting Provider

Our primary infrastructure is operated by Hetzner Online GmbH in the European Union. All personal data we store directly is held on EU-based infrastructure governed by Hetzner's data protection commitments and EU GDPR. For details:

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Service, sub-processors, or legal obligations. When we do, we will revise the "Last updated" date at the top of this page. If the changes are material, we will notify you by email or with a prominent in-app notice before they take effect. We encourage you to review this policy periodically.

15. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or how we handle your personal data, contact us at [email protected].