Quisivo

Privacy Policy

Our privacy policy and how we use your data

The German version of this document is legally binding. The English translation is for informational purposes only.

Last updated: January 2026

1. Data Controller

The data controller is:
Markus Nissl Consulting GmbH
Siegesplatz 17/1/15
1220 Wien, Österreich
E-Mail: info@quisivo.com

2. Collected Data

When using Quisivo, the following personal data is processed:

2.1 User Account Data

  • Email address
  • Name (optional)
  • Profile picture (optional)
  • Password (encrypted storage)

2.2 Participant Data (for competitions)

  • Name and email address of participants
  • Additional form fields defined by competition creator
  • Participation timestamp
  • Answers to competition questions

2.3 Technical Data

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Access timestamp

3. Purpose of Data Processing

Data is processed for:

  • Provision and operation of the platform
  • Authentication and account management
  • Conducting competitions
  • Communication with users and participants
  • Improvement and development of the platform

4. Legal Basis

Processing is based on:

  • Art. 6 para. 1 lit. b GDPR (contract performance)
  • Art. 6 para. 1 lit. a GDPR (consent)
  • Art. 6 para. 1 lit. f GDPR (legitimate interest)

5. Data Transfer and Hosting

Quisivo uses the following service providers for platform operation:

5.1 Railway (Application Hosting)

Railway Corporation
San Francisco, CA, USA
Railway Privacy Policy

Railway provides secure cloud infrastructure and meets GDPR-compliant data processing requirements.

5.2 Supabase (Database & Authentication)

Supabase Inc.
970 Toa Payoh North #07-04
Singapore 318992
Supabase Privacy Policy

Supabase stores data in EU data centers and provides GDPR-compliant data processing.

5.3 Stripe (Payment Processing)

Stripe, Inc.
354 Oyster Point Blvd
South San Francisco, CA 94080, USA
Stripe Privacy Policy

Stripe processes payment data in PCI DSS compliance and provides GDPR-compliant data processing for European customers.

6. Storage Duration

Personal data is only stored as long as necessary for the respective purposes or as required by legal retention obligations. After account termination, all data will be deleted within 30 days, unless legal retention obligations apply.

7. Your Rights

You have the right to:

  • Access your stored data
  • Rectification of incorrect data
  • Deletion of your data
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw given consents

8. Cookies

Quisivo only uses technically necessary cookies for authentication and session management. No tracking cookies or advertising cookies are used.

9. Data Security

We implement technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. These include:

  • SSL/TLS encryption for all data transfers
  • Encrypted storage of passwords
  • Regular security updates
  • Access restrictions to personal data

10. Right to Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Wien
www.dsb.gv.at

11. Changes

We reserve the right to update this privacy policy as needed. The current version is always available on this page.