Privacy Policy

Last updated: March 2026

© 2026 Iris Digital — Legal Notice · Privacy Policy · Terms · About

1. Data Controller

© 2026 Iris Digital — Legal Notice · Privacy Policy · Terms · About

2. Data We Collect

We collect the following personal data:

• Email address — collected when you subscribe to Pro or sign in via magic link. Used to manage your account and send authentication emails.
• Usage fingerprint — a hashed, anonymized identifier derived from your IP address and browser User-Agent. Used solely to enforce free tier daily limits. Not linked to any personally identifiable information for free users.
• Quiz data — generated quizzes are stored to enable sharing via link. Input topics and text are not permanently stored after quiz generation.
• Payment information — managed exclusively by Stripe. We do not store credit card data.

3. Cookies

We use one cookie:

• aq_session — an HttpOnly, Secure JWT cookie set when you sign in as a Pro user. It is used to authenticate your Pro status. This cookie expires after 30 days and is never accessible to JavaScript.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

4. Legal Basis for Processing

We process your data based on:

• Contract performance — processing your email and subscription data to provide the Pro service.
• Legitimate interest — using anonymized fingerprints to enforce fair use limits and prevent abuse.

5. Third-Party Services

We share data with the following third parties only as necessary to provide the Service:

• OpenAI — quiz generation. Your input text or topic is sent to OpenAI's API. OpenAI's privacy policy applies: openai.com/privacy.
• Stripe — payment processing. Stripe's privacy policy applies: stripe.com/privacy.
• Brevo — transactional email delivery (magic link authentication). Brevos privacy policy applies: brevo.com/legal/privacypolicy.

We do not sell or share your personal data with third parties for advertising or marketing purposes.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription and request deletion, we will delete your account data within 30 days. Anonymized usage logs (fingerprints) are retained for 90 days for abuse prevention.

7. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your personal data ("right to be forgotten").
• Right to portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to restriction — request that we restrict processing of your data.

To exercise any of these rights, contact us at contact@askquiz.co. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): cnil.fr.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, HttpOnly cookies, and hashed fingerprints. No system is completely secure; we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

10. Contact

For privacy-related questions or to exercise your rights: contact@askquiz.co