Privacy Policy

Last updated on May 19, 2026

1. Introduction

Welcome to Triviolt. We’re committed to keeping your data safe and being transparent about how we use it. This policy explains what we collect, why, and the choices you have. It should be read alongside our Terms of Service.

2. Information We Collect

We collect only what’s needed to make Triviolt work for you:

  • Account info — your email, display name, and sign-in method (Google or email/password).
  • Quiz & progress data — scores, streaks, and learning milestones so you can track your journey.
  • Payment info — handled securely by Stripe, Apple, Google Play, and RevenueCat, depending on where you subscribe. We never store credit card numbers on our servers.
  • Kid profiles — just a display name, emoji avatar, and optional PIN (securely hashed). No email, phone, or location data is collected from children. See Section 4.
  • Family codes — randomly generated codes used for cross-device child login. They have no connection to your name, email, or personal data.

3. How We Use Your Information

We use your information to run your account, track your quiz progress, process payments, enable features like multiplayer and leaderboards, respond to support requests, and improve the platform.

We never sell your personal data to third parties and we don’t use your data for targeted advertising.

4. Children’s Privacy

Triviolt requires all account holders to be at least 13 years old. Children under 13 may use Triviolt only through an adult-managed profile under a parent’s Family Plan account or a teacher’s Classroom Plan account. We do not knowingly collect personal information directly from children under 13.

Parent-managed child profiles (Family Plan)

Children under 13 can use Triviolt only through a parent or legal guardian’s Family Plan account. Child profiles consist of a display name, an emoji avatar, and an optional PIN (stored as a one-way hash). We do not collect email, location, contact information, or other personal information directly from children. All quiz activity and progress stay under the parent’s account. Parents can view, update, or delete their child’s profile from account settings or by emailing [email protected].

Teacher-managed student profiles (Classroom Plan)

In the Classroom Plan, teachers create student profiles under their educator account. The school or educator is responsible for obtaining any required consent under applicable law, including the “school authorization” framework under COPPA for educational use. Student profiles use a display name and join code — no email or contact information is collected from students directly.

Mobile app — restricted guest mode

The Triviolt mobile app offers a restricted guest mode for users who self-identify as under 13 on first launch. In this mode no account is created, no email or push token is collected, and product analytics and crash reporting are not initialized. Local device settings and local gameplay progress may stay on the device. See the mobile app sections below for the full description.

Third-party services and children’s data

For users under 13 on Family or Classroom plans, the third-party services listed in Section 6 receive only the child’s profile display name and progress data — no email, location, or contact information. PostHog (product analytics) and Sentry (crash reporting) do not receive identifiers tied to a child profile.

Parent and educator data requests

Parents or educators can request access, correction, or deletion of a child’s data by emailing [email protected]. We respond to verified requests within 30 days.

5. Your Data Rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. You can delete your account from our account deletion page. To exercise other rights, or if you cannot access your account, contact us at [email protected] and we’ll respond within 30 days.

We keep your data for as long as your account is active. When you delete your account, deletion starts immediately. We may retain provider billing records, app-store records, operational security logs, and minimal HMAC-hashed deletion audit records where needed for legal, billing, fraud-prevention, support, or compliance reasons.

Shared family, party, leaderboard, and challenge records are anonymized on a best-effort basis. Perfect erasure of display text already shared in collaborative contexts is not guaranteed.

6. Third-Party Services

We use a few trusted services to run Triviolt:

  • Google — sign-in (privacy)
  • Supabase — database & authentication (privacy)
  • Stripe — payments (privacy)
  • RevenueCat — mobile subscription entitlement and purchase records (privacy)
  • Apple — App Store subscriptions (privacy)
  • Google Play — Android subscriptions (privacy)
  • PostHog — product analytics for non-restricted users; tracking is not initialized for self-attested under-13 mobile users (privacy)
  • Sentry — error reporting; self-attested under-13 mobile users are not tagged with a user or email identifier (privacy)
  • Vercel — hosting (privacy)

7. Cookies

We use essential cookies to keep you signed in and remember your preferences (like sound settings), and a privacy-friendly product analytics cookie from PostHog (set as ph_..._posthog) to understand how features are used and to improve the app. The PostHog cookie stores an anonymous identifier and does not contain personal information. We do not use advertising cookies or sell your data. Blocking cookies in your browser may prevent you from signing in.

8. Data Storage & Security

Your data is stored securely in cloud infrastructure with encryption at rest and in transit. All connections are encrypted, and we follow industry best practices to keep your information safe.

  • Your account data is protected so that only you can access it.
  • Child profile PINs are securely hashed before storage — we never store or see the original PIN.
  • Payment data is handled by Stripe, Apple, Google Play, and RevenueCat depending on where you subscribe. We never store or process payment card details on our servers.
  • We conduct regular security reviews and keep our systems up to date.

If you believe your account has been compromised, please reach out to us right away at [email protected].

9. Data Deletion

You can delete your account and associated account data at any time from the account deletion page. In the mobile app, open Profile and choose Delete account. Once deleted, your data cannot be recovered. Stripe subscriptions are canceled immediately, Google Play subscriptions are canceled server-side when possible, and active Apple subscriptions must be canceled in the App Store before account deletion can proceed.

If you cannot sign in, email [email protected] from the address tied to your account. Support may request additional verification before deleting the account.

10. International Data Transfers

Triviolt is operated from the United States. If you’re accessing from outside the US, your data may be transferred to and stored in the US or other countries where our service providers operate. We ensure all transfers comply with applicable data protection laws.

11. Changes to This Policy

We may update this policy from time to time. For material changes, we’ll update the date at the top and notify you at least 14 days in advance. Continued use of Triviolt after changes take effect means you accept the updated policy.

12. Contact Us

Questions about your privacy? Reach out at [email protected]. We typically respond within 48 hours.

This Privacy Policy is also governed by our Terms of Service.