Data privacy & GDPR compliance

Quizzes are powerful data capture tools. The great news is that

Riddles are built to be GDPR-compliant

— although there are still a few things you need to do to ensure full compliance.
Information detailed on this page should not be considered as legal advice. If GDPR does not apply to your organization or the region of your users, you should consider any other relevant data laws. You can find legal GDPR documentation here.
What data does GDPR cover?

With Riddle, you have the ability to collect personal data, particularly for lead forms. This is why it’s important to make sure you’re set up to be GDPR-compliant.

Personal data protected by GDPR includes:

  • Name
  • Email address
  • Address
  • Photos
  • Bank details
  • Social posts
  • Medical information
  • IP address
What is my company responsible for?

You have a legal responsibility to protect any personal data you collect or process as an organization.

Quizzes are powerful data capture tools. The great news is that Riddles are built to be GDPR-compliant — although there are still a few things you need to do to ensure full compliance.

How Riddle is GDPR-compliant

Riddle data is securely stored on our EU servers

All data is stored on our own servers in Germany and Luxembourg in a secure, banking-grade data center. We do not use cloud-based or shared storage services.

By default, we only store aggregate Riddle data. If you choose to collect personal data using a lead form, there are two ways you can choose to store lead data securely.

To ensure further security of data, all logins are secured by two-factor authentication (2FA).

No tracking and almost zero cookies

When someone interacts with a Riddle, we do not track their personal data. Any Riddle content you create and embed does not track:

  • IP addresses
  • Google or other US-based analytics - although you can add your own trackers and pixels if you’d like.
  • Google Fonts - we serve all Google Fonts directly from our own servers.

We add just one anonymous session cookie for your embedded content, without collecting any personal data. You can find a detailed list of how we use cookies here.

We give users full control of their data

We’re transparent with our users, and give them full control over their data.

When users fill in lead-forms, they are given the opportunity to opt-in to how their data will be stored, processed, and used.

As a Riddle creator, you can also choose to require double-opt in. This is where leads have to go through email confirmation. Only data from confirmed emails will be stored.

We do not share or sell any data

Only you and team members with accounts can view data collected from your Riddles. This includes personal, identifiable data from lead forms.

You own all the content you create with Riddle.com. We do not make your content searchable on our website, or repurpose it for our own materials. Users can also turn off the showcase link to make sure that your content is only visible to the audience of your choice.

How to store lead data

Riddle’s interactive content and quizzes give you the ability to collect high-quality leads. You can do this by adding a lead form into your Riddle content. There are 3 ways you can securely store and share lead data in a GDPR-compliant way.

Store lead data in your own personal space on our servers

All data will be encrypted and can only be viewed by being decrypted when you or your team members securely log in to Riddle. Encrypted data cannot be accessed by our staff, unless your team:

Leads have the option to opt in to how their data is stored, processed, and used. If they take the Riddle but do not complete the form, their quiz responses will be shown as ‘withheld’.

Send data directly using native integrations

Connect your data to tools such as MailChimp, Google Sheets, and AWeber. We’ll securely send this data and it will never touch our servers. Check out all of our integrations here.