Privacy Policy

1.1 Information You Provide Directly

• Class content and source material — text you paste or type into the Service for quiz generation, including notes, textbook passages, study guides, and any other educational material. This content is processed in real time and is not stored on our servers after processing is complete.
• Uploaded files — PDFs, images, and text files you upload to the Service. These files are temporarily stored in your browser's IndexedDB storage for the duration of your editing session and are automatically deleted when you leave the editor. File contents are sent to the Anthropic API for processing but are not stored on our servers.
• Chat messages — instructions and prompts you send to the AI assistant to generate or modify quizzes. These are held in your browser's memory during your session and stored locally on your device (see Section 3).
• Access keys — credentials used to authenticate your access to the Service. We validate keys server-side and store the key value in an HTTP-only cookie to maintain your session and provide a personalized experience (such as customized welcome messages). We do not log access key usage to a database or track usage patterns over time.

1.2 Information Collected Through Google OAuth

When you connect your Google account to export quizzes, we receive:

• OAuth access token — a temporary credential that allows us to create Google Forms and manage files in your Google Drive on your behalf.
• OAuth refresh token — used to obtain new access tokens when the current one expires, so you do not need to re-authenticate each session.
• Token expiration time — used to determine when to refresh your access token.

We do not receive or store your Google email address, name, profile picture, contact list, or any other personal information from your Google account. We only request the minimum scopes necessary:

• forms.body — to create and edit Google Forms
• drive.file — to create files and folders in your Google Drive

1.3 Information We Do Not Collect

We do not collect:

• Names, email addresses, or personal identifiers
• IP addresses or geolocation data
• Device fingerprints or browser characteristics
• Usage analytics or behavioral tracking data
• Student information of any kind

3.1 Server-Side (Our Infrastructure)

QuizFuse does not operate a database. No user content, quiz data, chat history, or personal information is stored on our servers. All content processing happens in memory and is discarded immediately after the response is sent.

3.2 Client-Side (Your Browser)

Quiz data — including quiz titles, questions, answer keys, point values, feedback, and chat history — is stored in your browser's local storage. Uploaded files (PDFs, images, text files) are temporarily stored in your browser's IndexedDB during your editing session and are automatically deleted when you leave the editor. This data:

• Remains entirely on your device
• Is not persistently stored on our servers. Content is transmitted to Anthropic for processing and to Google for export, but is not retained after the operation completes
• Is not encrypted at rest in the browser
• Quiz data in local storage persists until you manually delete it or clear your browser data. Uploaded files in IndexedDB are automatically cleaned up when you navigate away from the editor
• Is not accessible to us or any third party through the Service

3.3 Cookies

QuizFuse uses two essential cookies. We do not use any tracking, analytics, or advertising cookies.

Both cookies are HTTP-only (not accessible to JavaScript), encrypted where applicable (AES-256-GCM for Google tokens), and marked Secure in production (transmitted only over HTTPS).

4.1 Anthropic (AI Processing)

Your content and chat messages are sent to Anthropic's API for quiz generation. Specifically, each request includes:

• The text content you provide for quiz generation
• Uploaded files (PDFs, images, text files) attached to your messages
• Your chat history with the AI assistant (up to 20 recent messages)
• The current state of your quiz (titles, questions, answers)

Per Anthropic's current API terms, data submitted through their API is not used for model training. See Anthropic's Privacy Policy for current details on their data retention practices.

4.2 Google APIs (Quiz Export)

When you export a quiz, the following data is sent to Google's APIs:

• Quiz title, description, and all questions with answer keys, point values, and feedback
• Your OAuth access token (for authentication)

This data is used to create a Google Form in your Drive and, if auto-sync is active, to update it when you make changes. Google processes this data in accordance with Google's Privacy Policy.

QuizFuse's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not transfer it to third parties, and do not use it for purposes unrelated to quiz export.

4.3 Vercel (Hosting)

The Service is hosted on Vercel. All HTTP requests pass through Vercel's infrastructure. Vercel may collect standard server logs (IP addresses, request timestamps) as part of their hosting service. We do not access or use these logs. See Vercel's privacy policy for details on their data practices.

8.1 General Rights

Because QuizFuse does not maintain user accounts or store personal data on our servers, traditional data subject rights (access, correction, deletion, portability) apply in a limited way:

• Access and deletion of quiz data — your quiz data is stored in your browser. You can view it at any time and delete it by clearing your browser's local storage or using the delete function within the app.
• Revoking Google access — you can disconnect QuizFuse from your Google account at any time through your Google account permissions. This immediately revokes our ability to create or modify Google Forms on your behalf.
• Clearing cookies — you can delete your authentication cookies at any time through your browser settings, which will sign you out of the Service and remove stored Google tokens.

8.2 Rights Under PIPEDA (Canada)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access personal information an organization holds about you, to challenge its accuracy, and to request its correction or deletion. PIPEDA's ten fair information principles — including accountability, consent, limiting collection, and safeguards — guide our data practices.

Because QuizFuse does not store personal information on our servers, these rights primarily apply to data held locally in your browser (which you control) and data processed by our third-party sub-processors (Anthropic, Google, Vercel), whose own privacy policies govern their retention.

If you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario.

8.3 Rights Under FIPPA/MFIPPA (Ontario Public Sector)

If you are an employee of an Ontario public sector institution (such as a university, college, hospital, or provincial agency) governed by the Freedom of Information and Protection of Privacy Act (FIPPA), or of a municipal institution (such as a school board) governed by the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), you should be aware that:

• QuizFuse does not store personal information on its servers, which limits the applicability of access and correction rights under these acts.
• Your institution may have policies governing the use of third-party cloud services. You are responsible for ensuring your use of QuizFuse complies with those policies.
• Content you submit may be processed by servers located outside of Canada (see Section 10). Some institutional policies restrict the storage or processing of personal information outside of Canada.