In this guide, we summarize what you need to pay attention to if you want to create GDPR-compliant interactive content with Riddle. To ensure GDPR compliant content, keep the guidelines in this guide in mind.
Adding videos, images, or other content
Adding multimedia, such as videos, makes your online content much more effective. However, there are pitfalls to avoid. You should avoid these three services: YouTube, Vimeo, X (Twitter). If you are using these services, make sure to ask the user for permission to load the content as these tools will load a cookie. Riddle allows you to create a permission screen to show before content from these networks is loaded. Please read this help article to learn how to activate this permission screen.
If you want to use videos in your Riddle, we recommend uploading MP4 video files. They will be hosted on our Riddle servers. Riddle will not set any cookies or trackers because we value your and your quiz takers’ privacy, ensuring GDPR compliance in your multimedia content.
Collecting email and personal data
You have to pay special attention when dealing with personal data:
- Please make sure to ask for permission – check out our templates for some sample legal language to remain GDPR compliant.
- Use double-opt-in (DOI) either via email or via a one-time code to stay compliant with GDPR.
- Save lead data to Riddle or to an integration like Brevo.com which is also GDPR compliant.
- The “Save to Riddle” option is easy for people who don’t want to send data to another email tool or marketing software.
- Save lead data to your tool.
If you save your lead data using another method, ensure it is GDPR compliant. (Most popular U.S.-based companies are probably problematic). (List of GDPR-compliant tools) - Facebook Pixel
Using FB Pixel is controversial in GDPR terms. We recommend against using it.
Riddle defaults that make your interactive content GDPR compliant
- We serve all Google fonts from our servers, ensuring GDPR compliance by avoiding third-party trackers.
- All lead data stored on our servers is encrypted.
- We never add trackers or cookies – other than a necessary session cookie which is GDPR compliant.
- Our servers are in a banking-grade data center in Germany, operated by ourselves with backups in Luxemburg, and adhere to GDPR regulations.
- We do not use Cloudflare or any other CDNs operated by U.S. companies; we manage our Germany-based CDN ourselves, keeping your content GDPR compliant.
