CCPA compliance
Disclaimer: We do not provide legal advice. We recommend that you seek legal advice from a lawyer about how Riddle’s quiz maker complies with the CCPA.
Riddle is fully CCPA compliant
California introduced its California Consumer Privacy Act (CCPA), which took effect on January 1, 2020. As California has the fifth-largest economy in the world, this law has a huge impact on many businesses. The CCPA will affect you if you are a for-profit entity doing business in California and meet any of these criteria:
- Annual revenue over $25 million
- Buy/ receive/sell/share personal identifiable information (PII) of over 50,000 consumers, devices, or households for commercial purposes
- Generate over 50% of annual revenue from selling consumer personal information
Riddle is fully CCPA compliant
Riddle is fully GDPR-compliant and therefore also fully CCPA compliant. The GDPR is the European General Data Protection Regulation – and is considered among the strictest privacy laws in the world.
There are two options for using Riddle:
- Riddle without a lead form:
- If you create a Riddle without a lead form, we do not collect any personal information. We only collect overall (anonymous) statistics such as:
- 15k people took the quiz 7k answered question one with “Yes”
- We do not track individual quiz results, and we are not able to break out the data for a specific user. Plus, we do not drop any cookies or use trackers to track your quiz takers.
- For example, if you were to use our Net Promoter Score® (NPS®) format, your audience could give their feedback about your brand or site anonymously – without any PII being passed by Riddle.
- If you create a Riddle without a lead form, we do not collect any personal information. We only collect overall (anonymous) statistics such as:
- Riddle with a lead generation form:
- Quizzes are powerful lead generation tools, and adding a lead generation form will provide opt-in rates of close to 30%. If you include a lead form in a Riddle, we will pair each of your leads’ PII with their responses.
- We designed Riddle so that this PII is passed directly to your email marketing tool – unless you choose to store the data on the Riddle servers.
- We only store the information when you select the “save to Riddle” option. If you select this option, the data will be stored encrypted on our own servers in our German banking-grade datacenter, and only you will have access to it.
Deleting a user’s personal information upon request.
As part of being CCPA compliant, you’re required to delete a PII when you’re asked to.
With Riddle, you can do all of that without getting your developers involved. Simply search for the data to be deleted in our lead management tools and securely erase the data. Alternatively, you can erase all data from all users stored with a particular Riddle.
Frequently Asked Questions (FAQ) about being CCPA compliant
Who needs to be CCPA compliant?
You need to be CCPA compliant if your business meets any of the following criteria:
– Generates over $25 million in annual revenue.
– Handles personal data from more than 50,000 consumers, devices, or households.
– Earns over 50% of revenue from selling personal information.
Why is CCPA compliance so important for businesses using a quiz maker?
If your business operates in or serves California residents, you must ensure that your tools — including quiz and lead-generation platforms — are CCPA compliant. Riddle helps you stay compliant automatically, reducing legal risk and building user trust.
How does Riddle’s GDPR compliance make it CCPA compliant?
The GDPR (General Data Protection Regulation) is one of the strictest data protection frameworks in the world. Because Riddle is fully GDPR compliant, it already meets — and in some areas exceeds — the standards required to be CCPA compliant.
How does Riddle handle data when no lead form is used?
If you create a quiz or survey without a lead form, Riddle does not collect any personal information. Only anonymous statistics (like total quiz completions or answer distributions) are stored. This setup is naturally CCPA compliant since no personal identifiable information (PII) is involved.
What happens when I add a lead generation form in Riddle?
When using a lead generation form, Riddle collects PII only to deliver it directly to your connected email marketing tool. The data is not stored by Riddle unless you choose the “save to Riddle” option — which keeps it encrypted in secure, German banking-grade datacenters.
How does Riddle ensure CCPA-compliant data storage?
Any personal data you choose to store on Riddle’s servers is encrypted and accessible only to you. The information resides in secure data centers in Germany and Luxembourg, ensuring both GDPR and CCPA compliance.
