Back to all articles

GDPR Compliance

General information

Is Quizlet GDPR compliant?

Yes. Quizlet takes its obligations for user privacy and data protection seriously. We have a dedicated privacy team and have worked diligently to ensure we are compliant with the requirements of the General Data Protection Regulation.

Where in the world is Quizlet's data stored?

Quizlet is provided using services located in the United States. Because the U.S. has different data protection standards from the European Union, Quizlet makes use of transfer mechanisms approved by the European Commission to ensure adequate levels of data protection when we transfer data from the European Economic Area to the U.S. These transfer mechanisms include our participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as well as the use of model contracts and the standard contractual clauses. 

Does Quizlet have a privacy team?

We do! Quizlet has always taken data protection seriously and we have consistently devoted resources to ensuring user privacy and security. Our team includes a Data Protection Officer who has been certified in both privacy program management and European data protection and privacy standards. The team can be reached at privacy-eu@quizlet.com.

How does Quizlet secure my data?

Quizlet takes great care to ensure the security of our services and your data. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Two examples: 1. our website and mobile apps are protected by HTTPS encryption 2. when you enter credit card information on our order forms, that information is encrypted and protected by our third-party payment providers. We also maintain a robust security program including third-party testing and a bug bounty program. If you have any questions about security on our website or mobile apps, you can contact us at security@quizlet.com

What is a lawful basis and what is Quizlet's?

The GDPR requires that any processing of personal data have a lawful basis, which is a technical term for the legal right of the data controller to process personal data. The GDPR specifies several lawful bases (see Article 6 of the GPDR).

When Quizlet processes your personal data, we may make use of a few different lawful bases. These include: 

  • Performing the contract we have with you. In some cases, we need some personal data in order to fulfill our obligation to provide Quizlet under our Terms of Service
  • Legal and regulatory compliance. In some cases, law or regulations require us to collect and use your data. For example, tax laws require us to retain certain records for users who engage in financial transactions on Quizlet. 
  • With your consent. In some cases, we ask for your consent to process your data for a specific purpose; for example, to use a specific product feature. When we ask for your consent in this context, you can always revoke that consent by disabling the feature. 
  • To pursue our legitimate interests. Sometimes we rely on what is known as our legitimate interest. This is a technical term in data protection law that means Quizlet has a good and fair reason to process your data and that we do so in ways which don't hurt your interests or rights. When we require your data to pursue our legitimate interests, we use it in ways that you would reasonably expect as part of running Quizlet and that do not materially impact your rights, freedom or interests. 

Data Subject Rights

How can I access my personal data on Quizlet?

You can access your personal information held in your Quizlet account at any time by logging in to Quizlet and going to your account Settings and profile pages. 

How can I update (rectify) my information on Quizlet?

You can update your personal information held in your Quizlet account at any time by logging in to Quizlet, going to your Settings page and making changes there. You can also update content you have added to Quizlet, e.g. your study sets. 

How can I delete (erase) my data from Quizlet?

You can delete your personal data from Quizlet at any time by logging in and deleting your account from your Settings page. 

How can I request that Quizlet stop processing my data?

If you don't want Quizlet to process your personal data any longer, you can log in to Quizlet and delete your account from your Settings page. 

How can I export my data from Quizlet?

You can download a copy of your set content by using the Export function on the set page. We store a limited amount of your Personally Identifiable Information (PII) when you sign up, e.g. your email address, which you can access via your Quizlet account Settings page. 

How do I withdraw my consent from Quizlet?

In general, Quizlet makes sure that you have the option to remove your consent for particular features directly on Quizlet. Whenever you provide consent for certain processing to use a specific feature by enabling that feature, you will also have the option to disable it. These settings will be located throughout Quizlet in places relevant and related to the features they enable. 

How can I object to how Quizlet is processing my data?

If you have a question, concern or would like to object to a specific type of processing, please email our Privacy team at privacy-eu@quizlet.com and they will review your request. We may need to verify your identity before granting access to or otherwise changing or correcting your information. 

None of these FAQs answered my question and I need more help. What can I do?

If you need further help, you can email privacy-eu@quizlet.com and a member of our Privacy team will get back to you. We may need to verify your identity before granting access to or otherwise changing or correcting your information. 

Our goal is to make sure you understand how we are processing your data and the care we take to protect your privacy so we hope you'll come to us with any questions or concerns directly so we can resolve them as quickly as possible. 

If you are not satisfied with our response, you can approach your local data protection authority.