Who Is Wilson? ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.
We respect your data. We collect the minimum necessary to provide the service, we never sell your information, and we give you control over your account and content.
1. Data We Collect
Account information: When you create an account, we collect your email address and display name. If you sign in via Google or Microsoft, we receive your name and email from the identity provider. We do not receive or store your Google or Microsoft password.
Quiz content: Quizzes, images, and other content you upload are stored on our servers and in cloud object storage. This content belongs to you.
Quiz responses: When you take a quiz, we record your answers, scores, and timing information to provide results and progress tracking.
Technical data: We collect standard server logs including IP addresses, browser type, and request timestamps. These are used for security, debugging, and service reliability.
Cookies: We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies. We do not use third-party analytics.
2. How We Use Your Data
- To provide the service: authenticating you, storing your quizzes, recording your attempts and scores
- To enable quiz authors to enrol students by email address
- To maintain security and prevent abuse
- To improve the service based on aggregate, non-identifying usage patterns
We do not use your data for advertising, profiling, or automated decision-making. We do not sell, rent, or share your personal data with third parties for their own purposes.
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:
- Contract: Processing necessary to provide the service you signed up for (account management, quiz delivery, score tracking)
- Legitimate interest: Security monitoring, fraud prevention, and service improvement
- Consent: Where required, such as for optional communications
4. Data Sharing
We share data only in these limited circumstances:
- Quiz authors can see the email address, display name, attempt count, and best score of students enrolled in their quizzes
- Infrastructure providers (hosting, object storage) process data on our behalf under data processing agreements
- Legal requirements: We may disclose data if required by law, court order, or to protect safety
We do not share data with advertising networks, data brokers, or social media platforms.
5. Data Storage and Security
Your data is stored on servers in data centres operated by our infrastructure provider. Quiz files and images are stored in cloud object storage. All connections to the service use TLS encryption (HTTPS).
Passwords (for email/password accounts) are hashed using bcrypt and never stored in plain text. Authentication tokens are stored in secure, httpOnly cookies that are not accessible to JavaScript.
6. Data Retention
- Account data: Retained while your account is active. You can request deletion at any time.
- Quiz content: Retained while associated with an active account. Deleted when you delete a quiz or your account.
- Quiz responses and scores: Retained while the associated quiz exists. Deleted when the quiz is deleted.
- Server logs: Retained for up to 90 days for security and debugging purposes.
7. Your Rights
Regardless of where you are located, you have the right to:
- Access your personal data -- view your account information and quiz history within the app
- Correct inaccurate data -- update your display name and account details
- Delete your data -- delete individual quizzes (including all associated data) or request full account deletion
- Export your data -- your quiz content is in standard Markdown format and can be downloaded
- Withdraw consent -- where processing is based on consent, you may withdraw it at any time
Additional rights under GDPR (EEA/UK): You have the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.
Additional rights under US state privacy laws (CCPA, CPA, etc.): You have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.
8. Children's Privacy
The service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. International Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international data transfers, including standard contractual clauses where applicable.
10. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated through the service. The "Last updated" date at the top reflects the most recent revision.
11. Contact
If you have questions about this privacy policy, wish to exercise your rights, or want to request account deletion, please contact us at:
Email: support@whoiswilson.com