GDPR Compliance and Data Protection

Last updated September 25, 2025

Commitment to Data Privacy

At Quizify (a SaaS product of Arham Web Works), we are committed to safeguarding personal data and helping our customers meet their obligations under the EU General Data Protection Regulation (GDPR). Our platform provides the infrastructure to create and distribute quizzes, forms, and surveys while ensuring compliance with applicable data protection laws.

This page explains how Quizify processes personal data, our role as a processor and controller, the responsibilities of our customers, and the rights of individuals who submit responses.

Roles and Responsibilities

Quizify as Data Processor

• When a customer uses Quizify to collect responses through a quiz, form, or survey, that customer is the data controller.

• Quizify acts as the data processor, handling the data only on the customer’s documented instructions.

• We do not decide what data is collected, how long it is stored, or how it is used.

Quizify as Data Controller

• For customer account data (e.g., registration details, billing information, subscription management, support requests), Quizify is the data controller.

• In this role, we determine the purpose and lawful basis for processing such data, typically to perform our contract with the customer and to meet legal obligations.

Customers as Data Controllers

• Customers who use Quizify are responsible for ensuring their collection and use of personal data complies with GDPR.

• Customers must provide privacy notices to respondents, establish a lawful basis for data collection, and respond to data subject requests regarding their submissions.

Data We Process on Behalf of Customers

When acting as processor, Quizify may process:

• Responses submitted to quizzes, forms, and surveys

• Metadata such as IP addresses, browser details, timestamps, and device identifiers

• Files or media uploaded by respondents

• Any other personal data the customer chooses to collect

Data We Control Directly

When acting as controller, Quizify manages:

• Customer account details (name, email, company, login credentials)

• Subscription and billing records

• Customer support communications

• Usage and analytics necessary to maintain and improve our services

Subprocessors

Quizify works with carefully selected subprocessors to deliver our services. Each subprocessor is bound by contractual obligations to ensure GDPR compliance.

Current subprocessors include:

• Cloudways – Hosting and infrastructure

• Brevo – Marketing email communications

• Zeptomail – Transactional and notification emails

• Charla – Customer support chat services

• Paddle – Subscription billing and payment processing

International Data Transfers

• Data may be transferred and stored outside the European Economic Area (EEA).

• Quizify uses appropriate safeguards, such as contractual commitments, to ensure lawful data transfers.

• Customers should review these subprocessors as part of their own compliance documentation.

Security Measures

Quizify applies strict technical and organizational measures to safeguard data, including:

• Encryption of data in transit (TLS) and at rest

• Role-based access controls and monitoring

• Regular data backups and secure recovery processes

• Security audits and vulnerability testing

Data Retention and Deletion

• Customers control how long response data is retained in their account. Submissions can be deleted manually or via API.

• Quizify retains account and billing data only as long as necessary to provide services and meet legal obligations.

• If a customer terminates their account, data is securely deleted in accordance with our internal policies.

Data Subject Rights

For Respondents

If you filled out a quiz, form, or survey hosted by Quizify:

• The data controller is the organization that sent you the form.

• Requests to access, correct, delete, or restrict your data should be made directly to them.

• If you cannot identify the controller, contact support@quizify.io and we will assist where possible, without disclosing customer information improperly.

For Customers

If you are a Quizify customer, you may exercise your rights over your account data (e.g., access, rectification, erasure) by contacting support@quizify.io.

Data Breach Notification

In the event of a personal data breach affecting customer data, Quizify will notify affected customers without undue delay and provide details required for compliance with GDPR. Customers, as controllers, are responsible for notifying their respondents where necessary.

Cookies and Tracking

• Quizify uses cookies for authentication, analytics, and performance optimization.

• Customers embedding forms may also use their own cookies.

• Respondents should review the privacy policy of the controller (form creator) for details on additional cookies.

Responsibilities of Customers

To remain GDPR compliant, customers must:

1. Provide a clear privacy notice on every quiz or form.

2. Establish a lawful basis for data collection.

3. Configure data retention and deletion policies in their account.

4. Review subprocessors used by Quizify.

5. Manage contracts and compliance with any third-party integrations.

Limitation of Responsibility

Quizify provides the technical platform to collect and process data. We do not control what data customers collect, how they use it, or to whom they transfer it. Customers are solely responsible for ensuring their forms and data practices comply with GDPR and local laws.

Contact Information

For privacy-related questions or to request a copy of the Data Processing Addendum (DPA):

📧 support@quizify.io

If you believe your GDPR rights have been violated, you may also contact your local supervisory authority.