Privacy Policy

Last Updated: February 16, 2026

vuxa Inc. ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information when you use our quiz application and related services (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: When you sign up, we collect your name, email address, and profile information (display name, username, avatar) from your chosen authentication provider (Google or Apple).
• User Content: Topics you choose to generate quizzes about, quiz answers, and gameplay data.
• Communications: If you contact us for support, we collect the content of your messages.

1.2 Information Collected Automatically

• Usage Data: Quiz completion rates, scores, streaks, feature usage, and in-app behavior patterns.
• Device Information: Device type, operating system version, browser type, language preferences, screen resolution, and device identifiers.
• Network & Performance Data: Network connection type, API response times, error logs, and crash reports.
• Session Data: Session identifiers, timestamps, navigation paths, and feature interaction sequences stored locally on your device to maintain app state and enable features like lobby recovery after disconnection.
• Push Notification Tokens: If you enable notifications, we collect device-specific push tokens to deliver alerts about game invites, daily challenges, and streak reminders. You can disable notifications in your device settings at any time.
• Advertising Identifiers: We may collect your device's advertising identifier (IDFA on iOS, AAID on Android) if you consent to marketing tracking and when advertising features are enabled. These identifiers are used for attribution and may be shared with advertising partners. You can reset or limit ad tracking in your device settings.
• Log Data: IP address (anonymized after 30 days), access times, pages viewed, and API endpoints accessed.
• Local Storage & Cookies: We store preferences, game state, quiz history, and cached content in your browser's localStorage and cookies to improve performance and enable offline functionality. This data remains on your device and can be cleared via Settings → Privacy & Data. For a complete list of cookies we use, see our Cookie Policy.

1.3 Information from Third Parties & User Reports

We receive basic profile information from authentication providers when you sign in with Google or Apple.

Content Moderation & User Reports: If you report inappropriate content, abusive behavior, or technical issues, we collect the content of your report, associated game data (lobby IDs, question IDs, timestamps), and may retain reported content for investigation and compliance purposes. Reported users may be notified of the report but not the reporter's identity.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Personalize your experience and content
• Process transactions and send related information
• Send notifications about updates, streaks, and social features (with your consent)
• Respond to your comments, questions, and support requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations

3. How We Share Your Information

Data Sharing & Business Use: We do not sell personal information that directly identifies you by name or email address to third parties for their marketing purposes. However, we reserve the right to:

• Share anonymized, aggregated, or de-identified data with partners, advertisers, researchers, or other third parties for analytics, research, advertising measurement, or other business purposes
• Share device identifiers (advertising IDs, IP addresses) with advertising networks when you consent to marketing tracking
• Share usage data with AI providers for model training or improvement (you can opt out in Settings → Privacy & Data)
• Monetize anonymized data through licensing or partnerships (does not include your name, email, or account details)

Under California law (CCPA/CPRA), sharing anonymized data or device identifiers may constitute "sharing" or "selling" even if no money changes hands. You can opt out of this sharing in Settings → Privacy & Data → Marketing → Toggle Off. This will limit personalized advertising but does not affect core Service functionality.

We may share your information in the following circumstances:

• With Your Consent: When you choose to share with friends or in multiplayer sessions.
• Service Providers: With vendors who assist us in operating the Service (hosting, analytics, payment processing, customer support).
• Legal Compliance: When required by law, legal process, government requests, or to protect our rights and users' safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets. You will be notified via email and in-app notice with the option to delete your account before the transfer.
• Advertising Partners: If advertising features are enabled and you have consented to marketing tracking, we may share advertising identifiers with ad networks to deliver personalized ads and measure campaign performance.

3.1 Third-Party Services We Use

• Google Firebase: Authentication, database, hosting, and push notifications
• Third-Party AI Services: Quiz content generation powered by advanced language models. Topics you submit are processed by our AI service providers to generate quiz questions. No personal data is included in AI prompts—only the topic text. AI providers may use our data to improve their models unless we opt out. Current provider: Google Vertex AI. See Google's AI data governance for details.
  • Custom Topic AI Processing (Premium Feature): When you use the custom topic quiz generator (premium feature), your topic text is sent to Google Vertex AI for real-time processing. We incur immediate costs ($0.02-$0.15 per quiz) for this service. Topic text is not stored by AI providers but is processed through their systems. Generated quiz content is cached on our servers for 14 days for performance optimization.
• Analytics Providers: Usage analytics with anonymized data to understand feature adoption and performance. Current provider: Google Analytics for Firebase.
• Sentry: Error tracking and performance monitoring
• RevenueCat: Subscription management and payment processing (in-app purchase receipts validated through RevenueCat)
• Payment Processors: Apple App Store and Google Play Store process all payments. We receive only transaction confirmations and subscription status—we do NOT store credit card numbers, CVV codes, or payment credentials. Refunds and billing disputes must be directed to your app store provider.
• Advertising Networks: When advertising is enabled, we partner with ad networks (including Google AdMob) to display ads and measure campaign effectiveness. These partners may collect device identifiers and usage data according to their own privacy policies.

3.2 Limits of Our Control

Third-party service providers operate under their own privacy policies and terms. We are not responsible for:

• Data breaches or security failures at third-party providers
• Changes to third-party data retention or privacy practices
• Third-party compliance with GDPR, CCPA, or other privacy laws
• Unauthorized access to data stored by third-party providers

By using the Service, you acknowledge that your data will be processed by these third parties according to their terms. We select providers we believe are reputable, but cannot guarantee their practices.

4. Data Retention

We retain your personal data as follows:

• Account Data: Retained until you delete your account, plus 30 days for recovery purposes.
• Quiz History & Progress: Retained while your account is active. Deleted within 30 days of account deletion.
• Analytics Data: Anonymized usage data may be retained for up to 26 months for trend analysis.
• Content Reports: Retained for 2 years for compliance and pattern detection.
• Payment Records: Retained for 7 years for tax and legal compliance.
• Logs & Crash Reports: Retained for 90 days, then permanently deleted.
• Cached Quiz Content: Retained for 14 days in production systems, refreshed biweekly.

You can request early deletion of your data by contacting us at legal@joinvuxa.com. We will comply with deletion requests within 30 days, except where retention is required by law.

5. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Delete your account and personal data
• Portability: Export your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent at any time

You can exercise these rights directly in the app (Settings → Export Data / Delete Account) or by contacting us.

Important Limitations: While we make reasonable efforts to provide accurate data exports and complete deletions, we cannot guarantee:

• Recovery of data after deletion (deletions are permanent and irreversible)
• Deletion of data retained by third-party service providers (Firebase, analytics, AI providers)
• Deletion of backup copies or archived data retained for legal compliance
• Removal of anonymized or aggregated data that no longer identifies you
• Deletion of data we are legally required to retain (payment records, compliance logs)

Data deletion requests are processed within 30 days. Some data may remain in backups for up to 90 days before permanent deletion.

5A. Consent Management

We collect and process certain data only with your explicit consent. You can manage your consent preferences at any time in Settings → Privacy & Data.

5A.1 Consent Categories

• Essential: Required for the app to function (age verification, language, settings). Cannot be disabled. Legal basis: Legitimate Interest.
• Functional: Quiz history, stats, progress tracking, leaderboards. Legal basis: Consent (GDPR Art 6.1.a).
• Analytics: Firebase Analytics events, feature usage tracking, performance monitoring. Legal basis: Consent (GDPR Art 6.1.a).
• Marketing: Referral attribution, promotional notifications, special offers. Legal basis: Consent (GDPR Art 6.1.a).

5A.2 Withdrawing Consent

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal. When you withdraw consent:

• We immediately stop processing data for that category
• We delete non-essential data associated with that category
• The app continues to function with essential features only

To withdraw consent: Open the app → Settings → Privacy & Data → Toggle off the categories you wish to withdraw.

6. Regional Rights

6.1 European Economic Area (GDPR)

If you are in the EEA, our legal bases for processing are: (a) your consent, (b) performance of our contract with you, and (c) our legitimate interests. You have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.

6.2 California (CCPA/CPRA)

California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale or sharing of personal information. We may share anonymized or aggregated data for business purposes. To opt out of analytics sharing or make other requests, contact us at legal@joinvuxa.com or use the opt-out controls in Settings → Privacy & Data.

6.2.1 California Shine the Light

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing without your explicit consent. To make a request, email legal@joinvuxa.com with "California Shine the Light Request" in the subject line.

6.3 Brazil (LGPD)

Brazilian users have rights under the LGPD, including access, correction, deletion, and data portability. Our Data Protection Officer can be contacted at legal@joinvuxa.com.

6.4 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. If you have questions about your specific rights, please contact us.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our servers are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission where applicable.

7.1 Export Compliance

Our Service is subject to U.S. export control laws. By using the Service, you certify that you are not located in a country subject to U.S. embargo or designated as a "terrorist supporting" country, and that you are not on any U.S. government list of prohibited or restricted parties. We may restrict access from certain regions to comply with export regulations.

8. Children's Privacy

The Service is intended for users aged 13 and older in most regions. In certain jurisdictions (Germany, Netherlands, Ireland, Luxembourg, and Poland), users must be 16 or older to use the Service. We display the appropriate age requirement based on your detected location.

We do not knowingly collect personal information from children under the applicable minimum age. If we learn we have collected information from a user below the required age, we will delete it promptly. Parents or guardians who believe their child has provided us with personal information may contact us at legal@joinvuxa.com.

8.1 Biometric Data

We do not collect or process biometric data. Our authentication relies on third-party providers (Google, Apple) who may use biometric authentication (Face ID, Touch ID) as part of their login process. We do not receive, store, or process any biometric identifiers. Biometric authentication is managed entirely by your device and the authentication provider.

8.2 Children's Data Deletion Rights

If you are a parent or guardian of a child who uses the Service, you have the right to request access to or deletion of your child's personal data. Contact us at legal@joinvuxa.com with proof of guardianship, and we will respond within 10 business days. Children under 18 (or the applicable age in their jurisdiction) can also delete their own account directly through Settings → Delete Account.

9. Security

We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS 1.3) and at rest (AES-256), secure authentication with OAuth 2.0, regular security audits, and automated threat monitoring. Our servers are hosted in SOC 2 compliant facilities.

Security Breach Notification: In the event of a data breach that affects your personal information, we will notify you within 72 hours via email and in-app notification. The notification will include the nature of the breach, affected data types, steps we've taken, and recommended actions for you to protect yourself.

Security Limitations & Your Responsibilities: However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong passwords and enabling two-factor authentication where available
• Monitoring your account for unauthorized access
• Promptly notifying us of suspected security incidents
• Not sharing your account with others

Liability Disclaimer: To the maximum extent permitted by law, we are not liable for:

• Unauthorized access resulting from your failure to secure your credentials
• Breaches caused by third-party service provider failures
• Interception of data during transmission over networks we do not control
• Losses arising from any security breach, except as required by law

Your sole remedy for security concerns is to delete your account and discontinue use of the Service.

10. Do Not Track Signals

The Service does not respond to "Do Not Track" (DNT) browser signals at this time. However, you can control tracking through our consent management settings in the app (Settings → Privacy & Data). Disabling analytics and marketing categories provides similar protection as DNT would.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by:

• Posting the updated policy in the app with a new "Last Updated" date
• Sending an email notification to your registered email address (if you have an account)
• Displaying an in-app banner for 30 days after changes take effect

Material Changes include changes to: data collection practices, data sharing with third parties, your rights, retention periods, or security measures. Non-material changes (formatting, clarifications, contact information updates) may be made without notice.

Acceptance: Your continued use of the Service after the "Last Updated" date constitutes acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and delete your account within 30 days. Using the Service after 30 days constitutes binding acceptance.

Retroactive Application: To the extent permitted by law, updated policies apply to information collected before the change. If your jurisdiction prohibits retroactive application, the prior policy governs data collected before the change.

12. Contact Us