Privacy policy
Last updated: 14 June 2026
This Privacy Policy explains how Hatchgrid Private Limited ("Hatchgrid", "we", "us", "our") collects, uses, shares, and protects information when you use Quizzie (the "App") — our quiz-based mobile and web application.
By creating an account or using Quizzie, you agree to the practices described here. If you don't agree, please don't use the App.
1. Who we are
Hatchgrid Private Limited is a company incorporated in India, with its registered office in Gurugram, Haryana. We are the data fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") for personal data processed through Quizzie.
Contact: quizziehelp@hatchgrid.in
2. What information we collect
We collect only what we need to run Quizzie:
From you, directly
- Account identifier — your email address, your Google account (via Google OAuth), or your Apple ID (via Sign in with Apple), used only to sign you in and recover access. If you use Sign in with Apple and choose Hide My Email, Apple gives us a private relay email address instead of your real one; we use that relay address the same way we'd use any email. If phone OTP is enabled in the future, your phone number will also be collected for sign-in.
- Profile — your chosen username (public on leaderboards and to friends/tribes) and your avatar (an emoji, also public).
- Age — your age (the number), collected during onboarding to determine eligibility (Quizzie is 13+) and to age-appropriate features. Stored privately on a separate access-restricted table; we never display it to other users.
- Your vibes — during onboarding, you select 3–5 topics or themes that interest you (e.g., Bollywood, cricket, sci-fi). We use these to personalize the quizzes and content we suggest to you.
- Tribe waitlist entries — if you join a waitlist for a tribe feature, we keep your user record on that list so we can notify you when access opens.
From your use of the App
- Gameplay data — your quiz scores, the answers you select, how long you take per question, total XP, and which categories you've played.
- Social connections — the friends you add, the tribes you join, the challenges you send and receive.
- Question reactions — if you tap dislike, love, or bookmark on a quiz question, we store which reaction you applied to which question. Used to learn what content lands well; not displayed to other users.
- Blocks — the users you've blocked. Visible only to you and used by our backend to filter them out of your search results, leaderboards, and challenges. Other users cannot see who has blocked them.
- Content reports — if you flag a question (e.g., wrong answer, inappropriate), we store the question, the reason you selected, and any free-text you add.
- User reports — if you report another user for harassment, abuse, or another safety reason, we store who you reported, the reason, and any context.
- Safety records — internal logs of safety-relevant events (specifically: user blocks, user reports, and friend-request patterns). These are stored in access-restricted tables separate from your primary account data, are pseudonymized, and are processed strictly to maintain platform integrity, investigate policy violations, and detect patterns of misuse across Quizzie. See §5 for retention details.
- Moderation state — if your account is suspended for violating our Terms of Service, we record when and why on your profile so we and you can see your account's standing.
From your device, automatically
- Push notification token — if you enable notifications, a token from Apple/Google that lets us send you alerts (stored on a separate access-restricted table; only our backend reads it).
- Technical metadata — IP address, device model, OS version, app version, and basic logs needed to operate the service. This is captured by our infrastructure provider (Supabase) when you connect to our servers.
What we don't collect
- We do not collect your full name, postal address (other than what you provide if you contact us by post), date of birth (we ask for age, not DOB), or any government-issued ID.
- We do not access your contacts, photos, location, or microphone.
- We do not collect payment information today. If we launch paid features, we'll update this policy and process payments through a regulated Indian payment partner (e.g., Razorpay, Cashfree) — not us directly.
3. How we use your information
We use the information above to:
- Run the App — sign you in, calculate your scores, render leaderboards, and let you challenge friends or join tribes.
- Communicate with you — send notifications about challenges, friend requests, and results. You can disable push notifications in your device settings at any time.
- Send you product updates and offers — we may occasionally send you emails or push notifications about new features, content, or premium offers. You can opt out at any time via the unsubscribe link in any marketing email, by disabling push notifications in your device settings, or by emailing us at quizziehelp@hatchgrid.in. (v1.x note: a dedicated in-app marketing-preferences toggle is on our roadmap; until it ships, the opt-out channels above are the supported ways to stop marketing communications.)
- Improve the App — analyze aggregated usage patterns to fix bugs, improve content, and design new features. We use Sentry (an error-tracking service) to collect crash reports and basic device info when something goes wrong; this helps us fix the bug. For debugging context, Sentry also captures recent app activity (navigation, console output, network calls), with personal identifiers (UUIDs, emails, phone numbers, tokens) automatically stripped before upload. We use Mixpanel (a product analytics service) to understand how features are used — for example, which quiz modes are most popular or where users drop off during onboarding. Mixpanel receives only named events we explicitly send (e.g., "quiz_started", "quiz_completed") with properties like mode and score; we have disabled IP-based geolocation in our Mixpanel configuration. Both services process data in accordance with their own privacy commitments.
- Keep the App safe — detect cheating, abuse, spam, or violations of our Terms of Service. Audit logs and moderation state described in §2 are used for this purpose.
- Meet our legal obligations — comply with applicable Indian law, respond to lawful government requests, and enforce our Terms.
Local storage and cookies
The mobile App stores some data locally on your device — your sign-in session, your theme preference, and recent app state — using your operating system's secure local storage. This is essential to keep you signed in and to make the App work offline. This local data does not leave your device unless and until you sign in (in which case the sign-in session is sent to our servers for authentication).
If you use the web version of Quizzie, our authentication provider (Supabase) sets a session cookie on your browser to keep you signed in across page reloads. This is a strictly necessary cookie — it has no advertising, tracking, or analytics purpose. We do not use third-party tracking or advertising cookies.
4. Who we share information with
We don't sell your data. We share it only with:
Service providers ("Data Processors" under DPDP Act)
These providers process data on our behalf under contracts that require them to protect it:
| Provider |
What they handle |
Where they're based |
| Supabase Inc. |
Authentication, database hosting, backend functions |
US (AWS Mumbai region for data at rest where possible) |
| Expo (Modulus Inc.) |
Mobile app build, OTA updates, push notification delivery |
US |
| Apple / Google |
Push notification routing (APNs / FCM) |
US |
| Sentry (Functional Software, Inc.) |
Crash and error reporting |
US |
| Mixpanel (Mixpanel Inc.) |
Product analytics (named events only — quiz starts/completions, auth, social interactions). IP-based geolocation disabled in our SDK configuration. |
US |
| Google (Google LLC) |
OAuth identity verification when you sign in with Google. We receive only your email and a unique Google identifier; we do not access your contacts, calendar, or other Google services data. |
US |
| Apple (Apple Inc.) |
Sign in with Apple identity verification on iOS. We receive your email (or an Apple-generated private relay address if you choose Hide My Email) and a unique Apple identifier; we do not access any other Apple account data. |
US |
| Razorpay or similar (when payments launch) |
Payment processing for premium subscriptions |
India |
| Textlocal / Twilio or similar (when phone OTP wires up) |
OTP delivery |
India / US |
We periodically review these vendors and require them to maintain appropriate security and privacy standards.
Other Quizzie users
Some of your information is, by design, visible to other users:
- Your username and avatar appear on leaderboards, friend search results, and inside tribes you join.
- Your scores and streaks appear on leaderboards and to friends/tribe members.
- Your friend requests and challenges are visible to the recipient.
Your phone/email, IP address, push token, and content reports are never visible to other users.
Legal disclosures
We may disclose information when required by Indian law, a court order, or a government request that we have a legal obligation to comply with. We will tell you about such requests where we are legally permitted to do so.
Business transfers
If Hatchgrid is acquired, merged, or sells assets, your data may transfer with the business. Before any such transfer takes effect, we'll give you reasonable advance notice (typically at least 30 days, where practical) and the option to delete your account so that your data doesn't transfer. Any successor entity will be bound by this Policy (or one at least as protective). If they want to change material terms, they must give you fresh notice and the chance to opt out under the new terms.
5. How long we keep your information
- Active accounts: for as long as you keep your account.
- Gameplay data: retained while your account exists. Aggregated anonymous statistics (e.g., "average score on quiz X") may be kept indefinitely after personal identifiers are removed.
- After you delete your account: your personal data is removed from our active systems immediately. Our database provider (Supabase) keeps rolling daily backups for up to 7 days; after this window passes, no personal data of yours remains in backup either. (The backup window depends on our database infrastructure tier; if we move to a tier with different retention, we'll update this Policy.) When you delete your account, we automatically submit a deletion request to Mixpanel for your event history. Sentry crash data is stored against a pseudonymous identifier (not your account ID), so post-deletion correlation is not possible without your account record. Mixpanel processes deletion requests within their published SLA (~30 days). Residual or backup data at these processors is governed by their respective privacy policies and is typically purged within 30–90 days.
- Safety records: as noted in §2, we retain pseudonymized safety records (user blocks, user reports, friend-request patterns) for a period of up to two years under the lawful basis permitted by Section 17(1)(c) of the DPDP Act, 2023, to prevent and investigate violations of our community safety policies and applicable Indian law. After two years, records are reviewed for continued necessity and deleted unless an active investigation requires them. Where required by a lawful order from a competent authority, we may also disclose these records under §17(2) and other applicable provisions of Indian law. These records are isolated from our primary app interface and are never used to make product decisions about active users.
- Legal hold: in rare cases where we're legally required to retain specific data (e.g., for a regulatory request), we'll keep only what's required and only for as long as required.
You can delete your account at any time from Profile → Delete Account in the App.
6. Your rights under the DPDP Act, 2023
As a Data Principal under the DPDP Act, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix data that's wrong or out of date.
- Erasure — delete your account (the in-app Delete Account flow is the fastest path) or ask us to delete specific data we hold.
- Grievance redressal — contact our Grievance Officer if you believe we've mishandled your data.
- Withdraw consent — opt out of marketing communications, push notifications, or any non-essential processing at any time.
- Nominate — appoint someone to exercise these rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, email quizziehelp@hatchgrid.in with your username and the request. We'll respond within 30 days as required by law.
Grievance Officer
Name: Rituraj
Email: ritu@hatchgrid.in
Response time: within 30 days of receiving a grievance
7. Children's privacy
Quizzie is intended for users aged 13 and above. Indian law (DPDP Act, 2023) treats anyone under 18 as a child, requiring verifiable parental consent for processing their personal data.
Our current position:
- By creating an account, you confirm that you are at least 13 years old.
- If you are under 18, you confirm that your parent or legal guardian has reviewed this Policy and given consent for you to use Quizzie.
- We do not knowingly collect data from anyone under 13. If you believe we've inadvertently collected data from a child under 13, contact quizziehelp@hatchgrid.in and we will delete it.
- We do not show personalized advertising to any user, and we do not target advertising to users we know to be under 18.
We are actively working on a verifiable parental consent flow for users under 18, in line with the DPDP Act. Until that ships, the responsibility for ensuring parental consent rests with the user/parent.
8. Security
We protect your data with measures appropriate to the sensitivity of the information:
- Row-level security (RLS) on every database table, enforced at the Postgres level — users can only read/write rows they're authorized to.
- Column-level access controls on sensitive fields (e.g., correct answers, push tokens) — kept readable only to our backend.
- HMAC-signed session tokens to prevent timing-based cheating on scoring.
- Service-role keys (the most powerful database credentials) live only on our backend Edge Functions — never in the mobile app.
- HTTPS for all client-server traffic.
- Encrypted backups with rolling purges.
No system is 100% secure. If a security breach affects your data, we will notify you and the relevant authorities as required by Indian law.
9. Marketing and opt-out
We may send you marketing communications about Quizzie — product updates, new feature announcements, or special offers (e.g., when premium launches) — by email or push notification.
You can opt out of marketing at any time. In v1.x of the App, opt-out is supported through these channels:
- Email: click the unsubscribe link in any marketing email.
- Push: turn off notifications in your device's system settings.
- Direct: email quizziehelp@hatchgrid.in with the subject "Stop marketing" and your username; we will action the request within 3 working days.
A dedicated in-app marketing-preferences toggle is on our roadmap and will be added in a later release. When it ships, we'll update this Policy.
Opting out of marketing does not affect transactional messages essential to using Quizzie (e.g., OTP codes, friend-request alerts, your challenge results).
10. Cross-border transfers
Some of our service providers (Supabase, Expo, Sentry, Mixpanel, Google) are based outside India and may process your data on servers located outside India. By using Quizzie, you acknowledge that your data may be transferred to and processed in countries other than India for the purposes described in this Policy. We require all such providers to apply protections at least equivalent to those required by Indian law.
11. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, the App, or applicable law. When we make material changes, we'll notify you in the App or by email at least 30 days before the changes take effect, where reasonable.
The "Last updated" date at the top of this page shows when this Policy was last revised. Your continued use of Quizzie after the effective date constitutes acceptance of the updated Policy.
12. Contact us
Questions, requests, or grievances about your data:
- Email: quizziehelp@hatchgrid.in
- Postal address: Hatchgrid Private Limited, C-042C, 4th Floor, Desk 05, Supermart-1, Galleria DLF-IV, Gurugram – 122009, Haryana, India
If we don't respond to your grievance within 30 days, or you're not satisfied with our response, you may complain to the Data Protection Board of India under the DPDP Act, 2023.