The EU passed its GDPR (General Data Protection Rules) in order to protect the privacy of individuals and ensure that no one is collecting more personal data than necessary and is also treating any data collected with extreme care.

Bottom line, the rules are good for us as individuals. However, it does make it difficult for businesses, since following all the strict GDPR regulations is a lot of work and not always easy to do.
Riddle offers a fully GDPR compliant quiz maker, but we leave it up to you – the quiz creator – how to make use of our GDPR safe tools. After all, Riddle quizzes are created all over the world and there are still a lot of places, where the privacy laws are more relaxed.
Should you decide not to follow the suggestions below, keep in mind though, that as long as your content may be accessed by EU citizens, you need to comply with GDPR or face significant fines.

To further complicate matters, the EU has canceled the Privacy Shield Agreement with the U.S. This means that you essentially should not store any personal identifiable information (PII) of EU citizens on U.S. Servers.
When choosing a quiz maker, make sure that all data stays on servers owned and operated by EU companies, not simply on the EU cloud of a U.S. cloud operator.
Why choose Riddle for your GDPR quiz maker?
- Riddle operates its own dedicated server infrastructure from a banking-grade, highly secure data center in Frankfurt, Germany.
- We also use mirrored backup servers located in Luxembourg.
- Riddle also never adds any trackers or cookies other than a simple session cookie to the quiz.
That is a key requirement to allow you to create GDPR-safe content on our site.

Read on to learn how to create GDPR-safe online quizzes.
Adding videos, images, or other content
Adding multimedia, such as videos, makes your online quiz much more effective. However, there are pitfalls to avoid.
You should avoid these three services:
- YouTube
- Vimeo
Now, being transparent, we do support these tools on Riddle. However, we give you a great deal of control over how users can opt out if they do not want to be tracked.

However, be warned – Twitter and YouTube are a bit sneaky. Even if users opt out of their standard tracking, these services istill load cookies and trackers that are at least debatable.
Want to use videos in quizzes while being completely GDPR-safe? We let you easily upload your own MP4 video files as part of our Team plan – they’ll be hosted on our Riddle servers, with absolutely zero dodgy tracking.
Collecting emails and personal data (lead generation)
Most online quiz maker tools include a way to collect quiz takers’ email and other personal information.
Make sure each quiz creator manages all of this personal data safely.
Some things to watch out for:
- Do they ever store each lead and other info on their servers?
- Many will let you send data to popular marketing software like MailChimp, ActiveCampaign, and more – but also keep a copy of the data on their servers.
- If so, you will need to alert your users that their data will be also stored by your quiz maker.

Why is Riddle’s online quiz builder different?
We’ve set up our software and data architecture, so that your users’ data is never stored on our servers. Instead, they are passed directly to your favorite marketing software or CRM tool.
That’s one less thing you need to worry about with your data privacy folks.
There are a few special caveats…
By default, we (and most quiz maker companies) collect quiz responses along with the lead form.
As an extra level of GDPR flexibility, we let you turn this on or off using the “Ask for permission to collect quiz responses” feature:

If this option is activated, Riddle will only save the quiz data along with the form data, if the user has given express consent for this.
If consent is not given, you will see a “n/a” value in your lead download for the respective entry.
Sure, this will make the leads you collect less valuable, but if you come up with a good reason why the user should consent, you should be OK.
A good reason may be “Allow us to see your quiz answers, so we can provide you with a customized report about your quiz results” for example.
Also, make sure to turn on the options “Save lead data with Riddle” and use “Double-opt-in”

The ‘Save to Riddle’ option
No surprise, right?
The ‘Save to Riddle’ option obviously means your users’ data is stored on Riddle servers. This is the one time we do this – it’s designed to be an easy option for people who don’t want to send data to another email tool or marketing software.

If you choose not to save lead data on the Riddle servers, make sure to pick another save method that is GDPR-safe.
Most popular e-mail marketing tools are U.S. based companies and probably problematic. When you store your lead data on our servers, we will encrypt that data and only you will be able to access it on your private space on our servers from where you can download it in CSV or Excel format and then import into a tool of your choice.
When storing leads with us, we also give you the ability to search for leads and permanently delete them – another key GDPR requirement (the right to be forgotten).
You can also use our webhook to send leads to an endpoint of your choice (your in-house CRM system for example).
Ask us for details using the chat bubble at the bottom of this page.
Facebook Pixel
Using the Facebook Pixel is controversial, in GDPR terms. We’d advise against using it.
However, if you must use a Facebook pixel with your quiz, we provide you with a safe method to do so.
On the publish step of your riddle quiz, navigate to the ‘Extras’ section and enable the “Display a pixel warning overlay” option. This will stop the Facebook Pixel from loading until the user has given their consent.
Make sure to adapt the opt-in text according to your local legal requirements around the GDPR.

If Facebook tracking is extremely important to you, you can also enable the option to not allow the user to even start the quiz without giving consent to your Facebook Pixel.
Social share
Check if the social sharing for your online quiz maker pre-loads code from each network – to facilitate tracking by these U.S. companies, even if users don’t click on the share message.

Our social sharing buttons are GDPR-safe as they do not load any code from the respective social network until the user clicks on them.
Many share buttons pre-load code from the social networks, which makes them unsuitable.
Other Riddle defaults that make your quiz GDPR safe
- We serve all Google fonts from our own servers.
- All lead data stored on our servers is encrypted.
- We never add trackers or cookies – other than a necessary session cookie – to the quiz.
- Our servers are in a banking grade data center in Germany, operated by ourselves with backups in Luxembourg.
- We do not use Cloudflare or any other CDNs operated by U.S. companies. Our CDN is operated and managed by us and also located in Germany.
Any questions about the GDPR and creating a quiz?
Whew! Hope this overview helped you navigate how to create a quiz while staying GDPR-compliant.
If you have any questions, just ask us on support chat – we’re always happy to help out.