Privacy Policy

This Privacy Policy explains how personal data is processed when you use Quizly.

1. Controller

Sascha Heinze
Eckhoffplatz 34
22547 Hamburg
Germany

Email: sascha.heinze.dev@gmail.com

2. What Data Is Processed

Depending on your use of Quizly, the following categories of data may be processed:

• Account data: username, email address, hashed password.
• Quiz data: YouTube URL submitted by you, generated quiz title, description, questions, answer options, and correct answers.
• Usage and technical data: IP address, timestamps, browser data, server log files, and security-related information.
• Authentication data: technically necessary authentication cookies used to keep you logged in securely.

3. Purposes of Processing

• Providing registration, login, logout, and account-related functionality.
• Generating quizzes from YouTube videos requested by users.
• Operating, securing, and improving the technical functionality of the website and API.
• Investigating misuse, errors, and service interruptions.

4. Legal Bases

• Art. 6(1)(b) GDPR for providing the user account and quiz generation requested by the user.
• Art. 6(1)(f) GDPR for ensuring security, preventing misuse, and maintaining stable operation of the service.
• § 25(2) TDDDG for storing or accessing technically necessary information on your device, for example authentication cookies required for login and session security.

5. Registration and Authentication

To use protected Quizly features, you may create an account. Passwords are not stored in plain text. Quizly uses technically necessary HTTP-only authentication cookies to maintain secure login sessions.

6. Quiz Generation from YouTube Links

When you submit a YouTube link, the backend processes that link to retrieve audio content, generate a transcript, and create quiz questions from the transcript. The generated quiz is then stored in your account.

Please do not submit links containing personal or confidential content unless you are legally permitted to do so.

7. External Services

Quizly uses external and third-party technologies where necessary for functionality.

• YouTube: A submitted YouTube URL is processed to retrieve audio or media information needed for quiz generation.
• Google Gemini API: Transcript content is sent to Google's generative AI service to generate structured quiz content.

Depending on the service provider and technical setup, processing may take place outside the EU/EEA. Where required, such processing is based on appropriate safeguards.

8. Hosting and Server Log Files

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

When this website or its API is accessed, technical log files may be processed for operational and security reasons. These may include IP address, date and time, requested resource, browser information, and status information.

IONOS processes personal data such as server log files in order to ensure the secure and stable operation of the website. The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the secure provision and operation of the website).

9. Cookies and Similar Technologies

Quizly does not use analytics or advertising cookies. Only technically necessary cookies are used where required for authentication, security, and operation of the service.

10. Recipients of Data

Personal data may be disclosed to the following categories of recipients where necessary:

• the operator of Quizly,
• technical hosting or infrastructure providers,
• service providers required for quiz generation, especially Google as provider of the Gemini API.

11. Retention Periods

• Account data is stored for as long as the account exists or until deletion is requested, unless legal retention obligations apply.
• Generated quizzes remain stored in the user account until they are deleted.
• Server log files are stored only as long as necessary for operation and security.
• Temporary processing files created during quiz generation are deleted as part of the generation workflow where technically possible.

12. Your Rights

Under the GDPR, you have the right to:

• access your personal data (Art. 15 GDPR),
• rectify inaccurate data (Art. 16 GDPR),
• request erasure (Art. 17 GDPR),
• request restriction of processing (Art. 18 GDPR),
• receive your data in a portable format where applicable (Art. 20 GDPR),
• object to processing based on legitimate interests (Art. 21 GDPR).

If processing is based on consent in the future, you may withdraw that consent at any time with effect for the future.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement.

14. Security

Appropriate technical and organizational measures are used to protect personal data, for example access controls, hashed passwords, and security-related authentication mechanisms. Nevertheless, absolute security cannot be guaranteed for any internet-based service.

15. Changes to This Privacy Policy

This Privacy Policy may be updated if the service, legal situation, or technical processing changes. The current version is published on this page.

Last updated: 2026-04-09