Penguizz
Parent LoginOpen App

Privacy

Privacy Overview

Penguizz is built with data minimization and role-based access controls. This page explains the public-site contact workflow as well as the broader privacy principles we follow.

1. Controller and Contact

The data controller for the public Penguizz site is Sylvanity B.V.. For privacy questions or data requests, contact support@penguizz.com.

2. Contact Form Data

When you use the contact form, we collect the information needed to respond to your inquiry and protect the form against abuse.

  • Name, email address, topic, subject, and message content.
  • Technical anti-abuse metadata such as hashed IP and hashed email-rate-limit keys.
  • Limited request metadata such as user-agent details and message processing status.

3. Why We Use This Data

  • To respond to support, onboarding, school, or general product inquiries.
  • To send a confirmation that your message has been received.
  • To detect abuse, duplicate submissions, or spam against the contact workflow.
  • To keep a support trace with a reference ID for follow-up and troubleshooting.

4. Lawful Basis

For contact requests, Penguizz generally relies on legitimate interest and, where relevant, steps taken before entering into a contract. We do not require a separate consent checkbox just to reply to a message you sent to us.

If we ever introduce separate marketing or product-update emails from this form, that would use a separate optional opt-in instead of being bundled into support communication.

5. Processors and Infrastructure

We use selected processors to host the site, store inquiry records, and send emails.

  • Google Cloud / Firebase App Hosting and Firestore for site hosting and inquiry storage.
  • Brevo for transactional email delivery related to support notifications and confirmation receipts.

6. Retention

  • Contact submissions are retained for up to 12 months after the last support action, then deleted or anonymized.
  • Rate-limit records are retained for a short operational window and not kept as long-term support history.
  • Operational logs for the contact workflow are retained for limited troubleshooting periods and do not include message bodies.

7. Access and Rights

Access to contact-submission data is restricted to authorized support or administrative users who need it to respond to the request.

Depending on your location and applicable law, you may have rights to request access, correction, deletion, restriction, or objection. Contact support@penguizz.com if you want to exercise those rights.

8. Broader Product Privacy Principles

  • PINs are stored as hashes, never plaintext.
  • Quiz scoring and cooldowns are backend-authoritative.
  • Kids cannot write sensitive progression data directly.
  • Reward videos are restricted to approved allowlists.

For general service terms, see our Terms of Service.