Privacy Policy

Last Updated: May 14, 2026

1. Introduction

Trivia Gorilla ("we," "us") is operated by Mishigo OU, an Estonian private limited company. This Privacy Policy explains what data we collect when you use the Trivia Gorilla mobile app and related services (the "Service"), how we use it, who we share it with, and the rights you have over your data.

By using the Service, you agree to the terms of this Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information you provide

  • Account information: when you sign up, we collect your email address and, if you choose to set one, a display name and username. If you sign in with Google or Apple, we receive your email address and, where you allow it, your name.
  • Authentication credentials: if you create an email/password account, we store your password as a salted hash. We never store passwords in plain text.
  • Profile data: any optional profile photo or other content you upload.

Information collected automatically

  • Gameplay data: the quizzes you play, the questions you answer, your answer choices, scores, and completion times. This is how leaderboards, daily-challenge results, and personal bests work.
  • Product analytics: anonymous and authenticated events (for example: app opens, quiz starts, quiz completions, sign-ups, sign-ins, account deletions) used to understand how the app is used and improve it. We use PostHog for this.
  • Crash and error reports: if the app or our backend crashes, we collect technical information such as the error stack trace, your device model, OS version, and app version. We use Sentry for this. We strip cookies and authentication headers before sending.
  • Network metadata: when your device contacts our backend, we receive IP address, approximate location (country/region), and request timestamps for security, rate-limiting, and abuse-prevention purposes.

What we do not collect

  • We do not collect your contacts, photo library (except for any image you actively upload), microphone, or precise GPS location.
  • We do not sell your personal data.

3. How We Use Your Information

  • Operate the Service: create and authenticate your account, sync your progress across devices, run daily challenges and leaderboards.
  • Communicate with you: send transactional emails such as email verification, password reset, and security notices. We do not send marketing email without your separate consent.
  • Improve the product: analyze aggregate usage patterns and gameplay quality.
  • Keep the Service safe: detect and prevent fraud, abuse, leaderboard manipulation, and security threats.
  • Comply with the law: respond to lawful requests and enforce our Terms.

4. Third-Party Services (Sub-Processors)

We use a small number of carefully chosen vendors to operate the Service. They process your data on our behalf under contractual obligations:

  • Cloudflare — hosting (Workers, D1 database, R2 object storage, KV).
  • Resend — transactional email delivery (verification, password reset).
  • Google — Google Sign-In, if you choose to use it.
  • Apple — Sign in with Apple, if you choose to use it.
  • PostHog — product analytics.
  • Sentry — crash and error reporting.
  • OpenAI — used internally to generate trivia content. Your personal data is not sent to OpenAI.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account (see Section 7), we remove your personally identifying data from our systems. Your historical quiz attempts are retained in anonymized form so that leaderboard rankings remain stable, but they are no longer linked to your identity.

Crash and analytics data is retained for up to 12 months and then deleted or aggregated.

6. Children

Trivia Gorilla is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (you can update your display name, username, and email in-app).
  • Delete your account and personal data. You can do this from the Account screen inside the app, which calls our account-deletion endpoint and removes your user record, linked sign-in providers, sessions, and profile data.
  • Object to certain processing, or withdraw consent where processing is based on consent.
  • Portability — request a copy of your data.

If you are in the EU/EEA, UK, or another jurisdiction with similar rights (such as California under the CCPA), you can exercise these rights by contacting us.

8. Security

We use industry-standard measures to protect your data: TLS for transit, hashed passwords, signed session tokens, scoped API tokens, and limited admin access. No system is perfectly secure, and we cannot guarantee absolute security.

9. International Transfers

Our infrastructure is operated by Cloudflare on its global edge network. Your data may be processed in countries other than your own, including outside the EU/EEA. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.

10. Changes to This Policy

We may update this Policy from time to time. We will update the "Last Updated" date above and, where the change is material, notify you in-app or by email.

11. Contact Us

Data controller: Mishigo OU (Estonia).

For privacy questions, account deletion, or to exercise any of the rights above, contact us at info@triviagorilla.com.