Last updated: 2026-06-23
Privacy, in plain language.
Google Sign-In and Google user data
QuizMe.ai (the QuizMe Chrome extension and the quizme.ai website) uses Google Sign-In to authenticate you. This section describes how we access, use, store, and share data obtained from Google, in compliance with the Google API Services User Data Policy and the Google APIs Terms of Service.
Who is requesting your Google data
QuizMe.ai, operated at quizme.ai, requests access to your Google account information when you choose to sign in through the Chrome extension.
What Google data we access
When you sign in, we request the minimum OAuth scopes needed for authentication:openid, email, profile, and https://www.googleapis.com/auth/userinfo.profile. From Google we receive:
- Your Google account ID (
sub) - Your email address
- Whether your email is verified
- Your display name
- Your profile picture URL
We do not request access to Gmail, Google Drive, Google Calendar, contacts, or any other Google services. We do not read your browsing history from Google.
How we access Google data
Sign-in uses OAuth 2.0 with PKCE. The Chrome extension opens Google's authorization page in your browser via chrome.identity.launchWebAuthFlow. After you approve, Google returns an authorization code. Our server exchanges that code for a short-lived access token, calls Google's tokeninfo and userinfo endpoints to verify your identity, and then discards the Google access token. We never see or store your Google password.
How we use and process Google data
We use Google user data only to:
- Verify your identity and create or link your QuizMe account
- Display your name and profile picture in the extension
- Keep your account email and profile up to date when you sign in again
- Issue a QuizMe session token (JWT) so you can use the service while signed in
We do not use Google user data for advertising, retargeting, interest profiling, credit decisions, or any purpose unrelated to providing QuizMe's flashcard features. We do not allow humans to read your Google user data except when you contact support and ask us to look up your account, or when required for security or legal compliance.
How we store Google data
- On our servers (Postgres on Railway, United States): your Google account ID, email, name, and profile picture URL are stored in your user record for as long as your account exists.
- In the Chrome extension (
chrome.storage.sync): your QuizMe session token and a copy of your name, email, and picture URL so the extension can show your profile and call our API without signing in on every page load.
Google OAuth access tokens are used only during sign-in and are not stored on our servers.
How we share Google data
We do not sell, rent, license, or transfer Google user data to third parties for advertising, data brokerage, or any purpose outside of operating QuizMe. We do not share Google user data with ad platforms or analytics vendors. If you subscribe to a paid plan, we may pass your email address (originally obtained from Google) to Stripe for billing; Stripe receives only what is needed to process payment, not your Google account ID or profile picture.
Revoking access and deleting Google data
You can sign out of the extension at any time, which clears your local session. To revoke QuizMe's access to your Google account, visit your Google Account permissions page and remove QuizMe. To delete the Google-derived data we store on our servers, email [email protected] from your account address; we will delete your account and associated data within seven days.
What we store
- Your Google account ID, email, name, and profile picture URL from sign-in (see Google section above).
- The flashcards you save, including the question, answer, the source text you highlighted, and the URL of the page you saved it from.
- Review history: when you reviewed each card and how well you remembered it. We need this to schedule your next review.
What we don't store
- We don't store your Google password. Sign-in is OAuth - we never see it.
- We don't store Google OAuth access tokens on our servers after sign-in completes.
- We don't read web pages automatically. The extension only sends data to our backend when you explicitly press Cmd+I and click "Save" or "Generate".
- We don't track your browsing. There is no ambient telemetry from the extension.
- We don't sell, license, or share your data with advertisers, brokers, or third parties.
Where we store it
Your data lives in a Postgres database hosted on Railway in the United States. We use Vercel for hosting this website and OpenAI's API for generation when you click "Generate" - in that one case the text you selected is sent to OpenAI. OpenAI does not train on API requests by default and we don't override that.
How to delete your data
Sign out of the extension and email [email protected] from your account address. We will delete your account and every flashcard within seven days. We will not retain backups beyond thirty days.
Children
QuizMe is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has signed up, email us and we will delete their account.
Changes
If we change this policy in a way that meaningfully affects your data, we will email you and post a notice here. The "Last updated" date above always reflects the most recent change.
Contact
For privacy questions: [email protected].