Privacy Policy

Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

• Personal Data: Personally identifiable information, such as your name, email address, phone number, and payment information that you voluntarily give to us when you register with the Service (e.g., via email sign-up or Google authentication).
• Payment Information: When you make payments through our platform, we securely collect and process payment information including credit/debit card details, UPI handles, bank account information, and billing addresses through our payment processor Stripe. We do not store complete payment card information on our servers.
• Usage Data: Information automatically collected when you access the Service, such as your IP address, browser type, operating system, access times, and the pages you have viewed directly before and after accessing the Service. This may also include information about your interactions with the Service, like questions answered, mock tests taken, scores, time spent, and areas of practice.
• Authentication Data: We use Supabase for authentication. If you authenticate using a third-party service like Google, we may receive information from that service (e.g., your name, email) as permitted by your privacy settings on that service.
• Performance Data: We collect and store information about your test scores, practice session results, and study patterns to provide personalized dashboard insights and track your progress.

Use of Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

• Create and manage your account and process payments securely
• Provide and improve the Service, including practice questions, mock tests, and performance tracking
• Personalize your experience on the dashboard (e.g., showing weak/strong areas, recommended topics)
• Monitor and analyze usage and trends to improve your experience with the Service
• Track your progress towards study goals and provide analytics
• Process transactions and send you related information including confirmations and receipts
• Respond to your requests and provide customer support
• Ensure the security and integrity of our Service and prevent fraud
• Send you emails about updates, new features, or educational content (with option to opt out)
• Comply with legal obligations and regulatory requirements
• Develop new products, services, features, and functionality

Payment Processing and Stripe Integration

Disclosure of Your Information

We do not sell or rent your personal information to third parties. We may share information we have collected about you in certain situations:

• With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., Supabase for database and authentication, Stripe for payment processing, analytics providers).
• For Payment Processing: Payment information is shared with Stripe and their banking partners to process transactions, prevent fraud, and comply with financial regulations.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Aggregated or Anonymized Data: We may share aggregated or anonymized information which cannot reasonably be used to identify you.

Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We utilize Supabase and Stripe for our backend services, which provide robust security features including:

• • Encryption of personal data at rest and in transit
• • Regular security audits and assessments
• • Secure authentication protocols and multi-factor authentication
• • Database backups and redundancy
• • PCI DSS compliance for payment processing
• • SOC 2 Type II compliance for data handling

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

Data Retention

We will retain your personal information and usage data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law. Specifically:

• • Account information is retained as long as your account is active
• • Payment transaction records are retained for 7 years as required by financial regulations
• • Usage data (like practice session results) may be retained to provide historical performance tracking
• • Marketing communications data is retained until you unsubscribe

If you wish to delete your account, you can do so from your account settings. Please note that some information may be retained in our backups or for legal, financial, or auditing purposes as required by law.

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

• • The right to access – You have the right to request copies of your personal data
• • The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete
• • The right to erasure – You have the right to request that we erase your personal data, under certain conditions
• • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions
• • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions
• • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions

If you wish to exercise any of these rights, please contact us using the contact information provided below. Note that account deletion may need to be handled via Supabase authentication mechanisms, and payment data deletion requests will be processed according to Stripe's data retention policies and legal requirements.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

We use the following types of cookies:

• • Essential Cookies: Necessary for the functioning of the website (e.g., authentication, payment processing)
• • Preference Cookies: Remember your settings and preferences
• • Analytics Cookies: Help us understand how visitors interact with our website and improve performance
• • Payment Cookies: Required for secure payment processing through Stripe

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service, particularly payment processing features.

International Data Transfers

Third-Party Websites

The Service may contain links to third-party websites and applications of interest that are not affiliated with us. We are not responsible for the privacy practices or the content of such third-party sites. This includes links to Stripe's payment pages and other integrated services.

Children's Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under age 16 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Significant changes will be communicated to you in a more direct way, such as by email or a notification on our website, when possible.

Compliance and Legal

Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: