Privacy Policy

Last Updated: December 16, 2025

1. Data Controller

The data controller responsible for your personal data under the General Data Protection Regulation (GDPR) is:

Service: World Quiz

Controller: World Quiz Team

Contact Email: [email protected]

Jurisdiction: Czech Republic, European Union

This Privacy Policy explains how we collect, use, process, and protect your personal data in compliance with GDPR (Regulation EU 2016/679) and Czech Act No. 110/2019 Coll. on Personal Data Processing.

2. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

2.1 Contractual Necessity (Article 6(1)(b))

Processing is necessary to provide the Service you have requested:

  • User ID (Firebase UID): Required to identify your unique account and associate your game data
  • Username: Required to display your identity on leaderboards and within the game interface
  • Game Scores & Timestamps: Required to provide leaderboard functionality and track your progress

2.2 Legitimate Interest (Article 6(1)(f))

Processing is necessary for our legitimate interests in ensuring security and technical functionality:

  • Email Address: Used solely for account recovery and to ensure unique user identification. It is NOT used for marketing purposes.

2.3 Consent (Article 6(1)(a))

When you use Google Sign-In, you explicitly consent to:

  • Sharing your Google User ID, email, and name with our Service via Google OAuth 2.0
  • Transient display of your Google profile picture during active sessions (not permanently stored)

3. Data We Collect

3.1 Account Authentication Data

Data TypeSourcePurposeStorage Location
User ID (UID)Firebase AuthenticationUnique account identificationFirebase Auth, Firestore
Email AddressYou / Google OAuthAccount recovery, unique identificationFirebase Authentication only
Password (hashed)You (email/password signup)Secure authenticationFirebase Authentication
Username (Nickname)YouDisplay on leaderboardsCloud Firestore

3.2 Session Data (Not Permanently Stored)

  • Google Profile Picture: Transiently processed for display purposes during your active session. This image is never saved to persistent storage (not stored in Firestore or any database).

3.3 Game Data

  • Scores: Daily best scores and all-time best scores for each game mode
  • Streaks: Current and maximum streak counts
  • Timestamps: Date and time when games are played
  • Play History: Historical record of your gameplay for statistical purposes

3.4 Technical Data

  • Browser Local Storage: Session tokens, cached leaderboard data, user preferences
  • No Cookies: We do not use tracking cookies. Only essential session management via Firebase Authentication tokens.

4. Third-Party Data Processors

Under Article 28 GDPR, we use the following third-party processors who may access your data:

4.1 Google Ireland Limited

Services Used:

  • Firebase Authentication - User login and credential management
  • Cloud Firestore - Database storage for usernames and scores
  • Firebase Hosting - Static file delivery

Data Transferred: User ID, Email, Username, Scores

Location: EU data centers (compliant with GDPR)

Privacy Policy: firebase.google.com/support/privacy

Data Processing Agreement: Google Cloud's GDPR-compliant Data Processing Amendment applies

4.2 External APIs (No Personal Data Shared)

The following services receive NO personal data:

  • REST Countries API: Provides country statistics (anonymous requests)
  • Currency API: Provides exchange rates (anonymous requests)

5. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

5.1 Right of Access (Article 15)

You have the right to obtain confirmation whether we process your personal data and to access that data. You can view your data through the Settings page in the application.

5.2 Right to Rectification (Article 16)

You can update your username at any time through the Settings page.

5.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request complete deletion of your account and all associated data by:

  • Using the "Delete Account" button in Settings (requires re-authentication)
  • Sending an email request to [email protected]

Upon deletion, all your data (User ID, username, scores, timestamps) will be permanently removed from Firebase Authentication and Cloud Firestore within 24 hours.

5.4 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON). Contact [email protected] to request a data export.

6. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: [email protected]

Data Controller: World Quiz Team

Response Time: Within 1 month

7. Consent and Acceptance

By creating an account and using World Quiz, you acknowledge that you have read and understood this Privacy Policy and our Terms & Conditions, and you consent to:

  • The collection and processing of your personal data as described above
  • The use of Firebase (Google Ireland Limited) as a data processor
  • The public display of your username and scores on leaderboards

You may withdraw your consent at any time by deleting your account.

Related Documents

Please also review our Terms & Conditions to understand the rules and guidelines for using World Quiz.