Quiz Funnel AI
Privacy Policy
Last updated: July 3, 2026
This Privacy Policy describes how Morpheus Digital (“we”, “us” or “our”) collects, uses, shares and protects information in connection with the Quizio (Quiz Funnel AI) application (the “App”), which merchants install on their Shopify store to build quiz funnels, capture leads and recommend products.
By installing or using the App you agree to the practices described below. If you do not agree, please uninstall the App and stop using it.
1. Who this policy covers
- Merchants — Shopify store owners and staff who install and operate the App from the Shopify admin.
- Store customers / visitors — end users who interact with a quiz published by a merchant on their storefront. We process their data on behalf of the merchant, who acts as the data controller for that data.
2. Information we collect
2.1 From the merchant’s store (via Shopify)
When the App is installed, Shopify grants it access to specific data based on the permissions (scopes) you approve. The App requests:
read_products— to read product information (title, image, price, ID) so it can resolve and display product recommendations for quiz outcomes.write_customers— to sync captured leads to your Shopify Customers (with marketing consent and segment tags) so you can use native segmentation and flows.
We also store the following store/account information:
- Shop domain, shop ID and access tokens (to authenticate API calls).
- Staff/account details supplied by Shopify during authentication (name, email, locale, account-owner flag) for session management.
- Your subscription plan, billing tier and usage counters.
2.2 From store visitors who take a quiz
When a shopper interacts with a quiz on a merchant’s storefront, we may collect and store:
- Contact details the shopper voluntarily provides (email address and name) through a lead-capture step.
- Quiz answers, the computed outcome and recommended products.
- Funnel/analytics events (quiz view, start, per-step progress, lead, completion, result view, product click, add-to-cart) and associated values.
- Marketing attribution parameters passed through the URL (e.g.
utm_*,fbclid,ttclid) used for conversion attribution.
We do not intentionally collect payment card details, government IDs or other sensitive/special-category data through the App.
2.3 Support requests
If a merchant contacts us through the in-app support form, we store the name, email, subject, category and message provided in order to respond.
3. How we use information
- To provide, operate, maintain and secure the App.
- To build and render quizzes, compute outcomes and generate product recommendations.
- To capture leads and, where the merchant enables it, sync them to the merchant’s Shopify Customers with the appropriate marketing-consent status.
- To produce analytics and reporting for the merchant (completion rates, drop-off, captured leads, attribution).
- To handle billing, plan limits and usage metering.
- To respond to support requests and communicate service notices.
- To comply with legal obligations and enforce our terms.
4. AI processing
The App uses OpenAI’s API to help merchants generate quiz content (questions, outcomes and copy). Prompts you submit for generation are sent to OpenAI to return the requested output. We do not use store-customer personal data to train AI models, and we only send the content necessary to fulfil the generation request.
5. How we share information
We do not sell personal information. We share data only with service providers (sub-processors) that help us run the App, and only as needed:
- Shopify — the platform hosting the merchant’s store and the App’s embedded admin.
- Fly.io — application hosting infrastructure.
- Managed PostgreSQL database provider — persistent storage of App data.
- OpenAI — AI content generation (see section 4).
- Trigger.dev / background job providers — scheduled and asynchronous processing.
We may also disclose information where required by law, to protect our rights, or in connection with a merger, acquisition or asset transfer.
6. Data retention
We retain merchant and quiz data for as long as the App is installed and as needed to provide the service. When a merchant uninstalls the App, or upon a verified deletion request, associated data is deleted in line with Shopify’s mandatory compliance webhooks (see section 7), subject to short technical backup cycles and legal retention requirements.
7. Shopify mandatory compliance webhooks
In accordance with Shopify’s requirements, the App implements the mandatory GDPR/privacy webhooks:
customers/data_request— when a store customer requests their data, we compile the quiz lead records we hold for that customer and make them available to the merchant.customers/redact— we delete the quiz lead records (email, name, answers) associated with that customer.shop/redact— 48 hours after a store uninstalls the App, we delete all data we hold for that shop.
8. Your rights
Depending on your location (e.g. under the GDPR or CCPA/CPRA), you may have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability.
- Store customers should direct requests to the merchant whose quiz they used, as the merchant is the controller of that data. Merchants can fulfil these via Shopify’s privacy tools, which trigger the webhooks in section 7.
- Merchants can contact us directly using the details in section 11 to exercise their rights regarding account data.
9. Data security
We use industry-standard measures to protect data, including encryption in transit (HTTPS/TLS), access controls and restricted access to production systems. No method of transmission or storage is 100% secure, but we work to protect your information and continually improve our safeguards.
10. International transfers & children
Data may be processed in countries other than where you reside. Where required, we rely on appropriate safeguards for such transfers. The App is not directed to children under the age of 16 and we do not knowingly collect their personal data.
11. Contact us
For any question about this Privacy Policy or our data practices, contact:
Morpheus Digital
Email: maru@hey.com
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top of this page. This policy is governed by the laws of Italy / European Union.