Legal

Privacy Policy

Last updated: 2026-06-11

Privacy Policy

Last updated: June 11, 2026

This Privacy Policy describes how Nitta Quiz ("we", "us", "our") collects, uses, and shares information when you use the Nitta Quiz mobile application (the "App"), our website (the "Site"), and related services (collectively, the "Service").

By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

1. Who we are and how to contact us

The Service is operated by us. If you have questions about this policy, want to exercise your privacy rights, or wish to file a complaint, contact us at:

2. Information we collect

We collect the minimum data needed to operate the Service. The categories below describe what we collect, why, and how it is generated.

2.1 Information you provide

  • Account information. When you create an account we collect your email address (used for passwordless sign-in via a 6-digit one-time code).
  • Profile information. During onboarding and through the in-app settings you may provide your first name, last name, profile photo, short bio, country, gender, and preferred language (English / Spanish). All profile fields except first name are optional.
  • Preferences. Your selected interest categories (up to 5), sound and vibration preferences, and dark-mode preference.
  • Support communications. Messages you send us via support email or contact forms.

2.2 Information generated by your use of the Service

  • Gameplay data. Quizzes started, completed, and abandoned; questions answered; scores; difficulty level; time spent; boosters used (50/50, Eliminate, Reveal); lives consumed; daily check-ins; and streak counts.
  • Wallet data. Your in-game currency balances (crowns and gems), in-game item inventory, and transaction history within the App's economy.
  • Achievements and ranking. Badges earned, leaderboard position, and other ranking data.
  • Friends and social data. If you use the friends features: the friend connections you make, the friend requests you send and receive, your personal friend-invite code (created only when you choose to invite someone), and the list of users you have blocked. Your block list is private — the users you block are never told.
  • Device and technical data. Device model, operating system and version, app version, language and locale, time zone, IP address (used at the moment of request and not stored long-term beyond what is needed for security), crash reports, and diagnostic logs.
  • Identifiers. A user account identifier (UUID), device identifiers, and — only after your explicit App Tracking Transparency permission on iOS — the advertising identifier (IDFA) or its Android equivalent (AAID).
  • Approximate location. Derived from your selected country and IP address. We do not collect precise (GPS) location.

2.3 Purchase information

When you make an in-app purchase (for example, Nitta Unlimited subscription or the Starter Pack), the transaction is processed by Apple App Store or Google Play. We receive a confirmation that the purchase succeeded and a transaction identifier, but we do not receive your full payment card details.

2.4 Information from third parties

  • Identity providers and stores. Apple and Google provide receipts and entitlements for in-app purchases and subscriptions.
  • Advertising partners. Our ad partners (e.g., Google AdMob) may share aggregated metrics about ad delivery and rewarded ad completions.
  • Analytics and crash reporting. Sentry provides us with crash reports and error traces; Vercel Analytics provides aggregated visit metrics for the Site.

3. How we use your information

We use the information we collect to:

  1. Provide the Service — authenticate you (passwordless email code), maintain your profile, save progress, run quizzes, deliver lives and rewards, and manage your in-game wallet.
  2. Personalize your experience — recommend categories, surface relevant quizzes, and rank you on regional and global leaderboards.
  3. Process purchases — verify in-app purchases and grant the corresponding entitlements (subscriptions, items).
  4. Communicate with you — send transactional emails (sign-in codes, account notices).
  5. Show advertising — display interstitial and rewarded video ads. With your explicit ATT consent on iOS we may also show personalized ads; otherwise ads are non-personalized.
  6. Keep the Service safe — detect fraud, abuse, cheating, and policy violations; protect accounts; and enforce our Terms of Service.
  7. Improve the Service — debug crashes (via Sentry), measure feature usage in aggregate, and research new features.
  8. Comply with the law — respond to legal requests and enforce our agreements.

We do not sell your personal information.

4. Legal bases (EEA / UK users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

  • Contract (Art. 6(1)(b) GDPR) — to deliver the Service you've signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to keep the Service secure, prevent fraud, debug crashes, and offer non-personalized advertising.
  • Consent (Art. 6(1)(a) GDPR) — for personalized advertising, optional analytics, and tracking via the IDFA/AAID. You can withdraw consent at any time in the App or your device settings.
  • Legal obligation (Art. 6(1)(c) GDPR) — when we must process data to comply with the law.

5. How we share information

We share personal data only with the following categories of recipients and only as necessary for the purposes above:

  • Service providers (data processors) acting on our behalf, including:
    • Supabase — authentication, database, file storage.
    • Sentry — crash and error reporting.
    • Apple App Store / Google Play — distribution, in-app purchases, subscription management.
    • Google AdMob — ad serving and consent management (Google's User Messaging Platform / UMP). Where personalized advertising is enabled, AdMob may further share limited data (such as the IAB TCF consent string, advertising identifier, and IP address) with the third-party advertising vendors that participate in the IAB Transparency & Consent Framework v2 and that you have allowed via the consent form. The current list of vendors is available at https://vendor-list.consensu.org/v2/vendor-list.json, and Google's processing is described at https://support.google.com/admob/answer/9012903.
    • Vercel — hosting and aggregated site analytics.
    • Email delivery providers — transactional email.
  • Other users. Your first name, avatar, country, and score / ranking may be visible on leaderboards and rankings to other users of the Service. If you use the friends features, your username and avatar are also visible to your friends, to users who find you via username search, and to anyone who opens a friend-invite link you have shared. We never show your email address to other users.
  • Legal and safety. We may disclose information if required by law, court order, or to protect rights, safety, and property.
  • Corporate transactions. If we are involved in a merger, acquisition, or asset sale, your data may be transferred subject to equivalent privacy protections.

We do not sell or rent personal information, and we do not share it with third parties for their independent marketing.

6. Advertising and tracking

The App shows ads delivered by Google AdMob, including rewarded video ads that grant in-game rewards (for example, an extra life or daily-check-in bonus).

6.1 Consent for users in the EEA, the United Kingdom and Switzerland

If you access the Service from the European Economic Area, the United Kingdom or Switzerland, on first launch the App displays a consent form rendered by Google's User Messaging Platform (UMP) acting as our IAB-registered Consent Management Platform. The form lets you accept or reject:

  • the storage of, and access to, information on your device (advertising identifier and similar identifiers);
  • the use of that information to select, deliver, and measure personalized or non-personalized ads;
  • the participation of third-party advertising vendors registered under the IAB Transparency & Consent Framework v2 (TCF v2).

Your choices are recorded in an industry-standard TCF consent string that is shared with the vendors you have allowed. You can change your choices or withdraw consent at any time in Settings → Ad preferences inside the App. Withdrawing consent does not remove the ads themselves — ads will continue to appear in non-personalized form where they are permitted.

6.2 App Tracking Transparency (iOS)

On iOS we additionally present Apple's App Tracking Transparency prompt. If you allow tracking, we and our ad partners may use the IDFA to deliver personalized ads and measure their performance. If you do not allow tracking, you will still see ads, but they will be non-personalized. ATT is independent of the GDPR consent above; depending on where you are located you may see one or both prompts.

6.3 Android and other platforms

On Android, you can reset or limit ad personalization in your Google account or device settings. If you are located outside the regions covered by Section 6.1, the GDPR consent form is not displayed and ads default to the personalization level allowed by the operating system.

You can learn more and adjust ad-related choices in:

  • iOS: Settings → Privacy & Security → Tracking, and Settings → Privacy & Security → Apple Advertising.
  • Android: Settings → Privacy → Ads.
  • In-App (EEA / UK / CH): Settings → Ad preferences.

7. Children's privacy

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction, e.g., 16 in parts of the EU). Before creating an account, you are required to confirm that you meet this minimum age; we record the timestamp of that confirmation on your profile. We do not knowingly collect personal information from children below that age. If you believe a child has provided us with personal data, contact privacy@nittaquiz.com and we will delete the account.

8. Data retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements:

  • Account and profile data — kept while your account is active. When you request deletion, your account enters a 15-day recovery window during which you can cancel and restore it; after 15 days it is permanently erased (except records we are legally required to keep, such as tax records of purchases).
  • Gameplay history, wallet, and ranking data — retained while your account is active; deleted with your account.
  • Friends and social data — retained while your account is active. Deleting your account permanently removes your friendships, friend requests, invite code, and block list. Removing a friend or regenerating your invite code takes effect immediately.
  • Crash logs — retained up to 90 days.
  • Purchase / transaction records — retained for the period required by tax and consumer-protection law (typically up to 7 years).

9. Security

We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for our databases, role-based access controls, and continuous monitoring. No system is perfectly secure; please use a strong, unique email account and keep your device updated.

10. International transfers

Our service providers may process data in countries outside your own, including the United States. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to protect your data.

11. Your privacy rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Port your data to another service.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

You can exercise most of these rights directly in the App:

  • Edit profile data: Settings → Account settings.
  • Delete your account: in the app via Settings → Account settings → Danger zone → Delete account, or from our account deletion page on the web. Requesting deletion starts a 15-day recovery window; after it ends, your progress, history, achievements, and other account data are permanently erased. You can cancel anytime during those 15 days by signing back into the app.
  • Manage ad consent (EEA / UK / CH): Settings → Ad preferences.
  • Manage tracking: your device's privacy settings.

For any other request, email privacy@nittaquiz.com. We will respond within the timeframe required by applicable law (typically within 30 days).

12. California residents

If you reside in California, the CCPA/CPRA gives you the rights described in Section 11 plus the right to know the categories of personal information we collect, the right to opt out of "sharing" for cross-context behavioral advertising, and the right to non-discrimination for exercising your rights. We do not sell personal information. To opt out of personalized advertising, decline App Tracking Transparency on iOS or limit ad personalization on Android.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you in the App or by email. Continued use of the Service after the update constitutes acceptance of the revised policy.

14. Contact us

Questions or requests: