Privacy Policy
Last updated 2026-05-14
1. What we collect
We collect the minimum we need to operate the service:
- Account data: your email address (for sign-in), your chosen handle and brand color, your subscription state.
- Quiz content: the prompts you submit and the quizzes you create, edit, and publish.
- Audience data: for each completed quiz, the result your audience member landed on, a completion timestamp, and (only if you have enabled email capture) the email they provide.
- Usage data: page views, basic analytics events, and crash reports — sent to PostHog (EU Cloud, anonymized) and Sentry.
2. What we don't collect
- We don't store passwords. Sign-in is by magic link or one-time code.
- We don't store payment card numbers. Lemon Squeezy processes payments and we only receive subscription status.
- We don't track audience members across other websites.
3. Cookies
FanQuiz uses functional cookies for authentication (a Supabase session cookie) and locale preference. We do not use third-party advertising or tracking cookies. Our product analytics provider (PostHog) is configured to identify only logged-in creators, not anonymous visitors.
4. AI processing
Your prompts and any quiz content you generate or edit are sent to Anthropic (our AI model provider) to produce the quiz output. Anthropic processes this content as a data processor on our behalf and is contractually prohibited from using it to train models. See Anthropic's privacy policy for their handling practices.
5. Who else processes your data
The services we use to operate FanQuiz, and what they do:
- Supabase — database, authentication, file storage. Hosted in the European Union (Ireland).
- Vercel — application hosting and CDN.
- Anthropic — AI generation (see section 4).
- Lemon Squeezy — payment processing and merchant of record for subscriptions.
- Cloudflare — DNS and inbound email routing.
- Resend — outbound email delivery (magic links, payment receipts).
- Sentry — error monitoring (org "ant-dev-lab").
- PostHog — product analytics (EU Cloud).
- Bing IndexNow — we ping the IndexNow API with published quiz URLs so they get crawled faster. The URL is public anyway.
6. Audience data on quizzes you publish
When your audience completes a quiz you have published, FanQuiz records the completion on your behalf. You are the data controller for any email addresses your audience members provide. You must have a lawful basis to contact them (such as consent collected at the moment of capture) and you must honor their requests to delete their data. If you receive a deletion request you cannot fulfil yourself, contact us and we will help.
7. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and the data associated with it.
- Export your quiz content and captured emails (CSV export is built into the dashboard).
- Object to specific processing where the legal basis is our legitimate interest.
Email hello@fanquiz.io to exercise any of these rights. We will respond within 30 days.
8. Retention
We keep your account data while your account is active and for up to 30 days after deletion (for backups). Quiz completions and audience emails are kept as long as the parent quiz exists; deleting a quiz cascades to delete its completions, views, and any captured emails attached to it.
9. International transfers
FanQuiz is operated from Malaysia. Our infrastructure providers are based in the EU, US, and other jurisdictions. By using FanQuiz you consent to the transfer and processing of your data in these locations, subject to the safeguards each provider implements (typically Standard Contractual Clauses for EU↔third-country transfers).
10. Children
FanQuiz is intended for users aged 16 and over. If you believe a child under 16 has provided personal data through the service, please contact us and we will delete it.
11. Changes to this policy
We may update this policy as the service evolves. Material changes will be notified to active users by email at least 14 days in advance.