Privacy Policy

Passclix ("we", "our", or "us") operates the Passclix Quiz platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. Please read it carefully. By creating an account or using the Service you agree to the practices described below.

1. Information We Collect

1.1 Information you provide directly

• Account registration — full name, email address, and password (stored as a secure hash; we never store your plain-text password).
• Profile settings — theme preference and any optional profile information you choose to provide.
• Quiz activity — answers submitted during quiz attempts and the results generated from those answers.

1.2 Information collected automatically

• Usage data — pages visited, features used, and actions taken within the Service (e.g. quiz started, quiz completed).
• Log data — IP address, browser type, operating system, referring URLs, and timestamps of requests made to our servers.
• Session data — a signed, httpOnly session cookie used solely to authenticate you. It contains no personally identifiable information beyond a user identifier.

1.3 Information we do not collect

We do not collect payment card details, government-issued identifiers, or sensitive health information. We do not use third-party advertising trackers or sell your data to any third party.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account and authenticate your sessions.
• Deliver the core Service — present quizzes, record attempts, and show you your results and progress.
• Maintain audit logs for security, abuse prevention, and accountability (e.g. recording which administrator created or modified a quiz).
• Communicate with you about your account, security notices, or material changes to this policy.
• Improve the Service through aggregated, anonymised analysis of usage patterns.
• Comply with applicable legal obligations.

3. Legal Basis for Processing (EEA / UK Users)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

• Contract — processing necessary to provide the Service you signed up for.
• Legitimate interests — operating and improving the Service, and ensuring security, where these interests are not overridden by your rights.
• Legal obligation — where processing is required by applicable law.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 30 days, unless we are required to retain it for legal or audit purposes. Aggregated, non-identifiable data may be retained indefinitely.

5. Sharing of Information

We do not sell, trade, or rent your personal information. We may share data only in the following limited circumstances:

• Service providers — trusted third parties who assist us in operating the Service (e.g. cloud hosting, infrastructure monitoring) under data processing agreements that restrict their use of your data.
• Your institution — if your account was created under an institutional licence, authorised administrators of that institution may have access to your quiz results and activity as part of the assessment workflow.
• Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Passclix, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with equivalent privacy protections applied.

6. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, httpOnly and Secure session cookies, and access controls. No method of transmission over the internet is 100% secure; while we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Request deletion of your personal data ("right to erasure"), subject to legal retention requirements.
• Object to or restrict certain processing activities.
• Receive a portable copy of your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@passclix.com. We will respond within 30 days.

8. Cookies

We use one first-party, httpOnly session cookie strictly necessary for authentication. We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. You may disable cookies in your browser settings, but doing so will prevent you from signing in.

9. Children's Privacy

The Service may be used by students under the age of 18 under the supervision of their educational institution. Where students under 13 (or the applicable age in their jurisdiction) use the Service, this must be done under an institutional licence with appropriate parental or guardian consent obtained by the institution. We do not knowingly collect personal data from children outside of an institutional context without verifiable consent.

10. International Transfers

If your data is transferred to or stored in a country outside your own, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date and, where appropriate, by email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: privacy@passclix.com
• Website: https://passclix.com