Privacy Policy

Information we collect

• Account information. Your name and email address when you sign up. If you sign in with Google, we also receive a Google account ID and profile image.
• Authentication data. Hashed passwords (we never store your password in plain text), session tokens, and email verification tokens.
• Study progress. Which chapters you have read, flashcards marked as known or needs-review, quiz and practice-test scores, and timestamps of your activity.
• Payment information. We do not receive or store your credit card details. Payments are processed by Stripe; we store only a Stripe customer/session reference, the type of pass you purchased, and the purchase and expiry dates.
• Usage data. Basic analytics events (page views, feature usage) collected via Google Analytics 4 to help us understand how the Service is used.

How we use your information

• To create and manage your account and keep you signed in.
• To track and display your study progress across devices.
• To process payments and grant access to the features included in your pass.
• To send transactional emails: email verification, password resets, welcome messages, purchase confirmations, and pass expiry reminders.
• To improve the Service by analyzing aggregate usage patterns.
• To detect, investigate, and prevent abuse, fraud, and security issues.

We do not sell your personal information, and we do not use it for advertising.

Third-party services

We use a small number of trusted third parties to operate the Service. Each has its own privacy policy governing how they handle data.

• Neon — PostgreSQL database hosting. Stores your account, study progress, and pass records.
• Stripe — payment processing. Receives your email and payment details directly; we never see your card number.
• Resend — transactional email delivery.
• Google — optional sign-in via Google OAuth, plus Google Analytics 4 for usage data.
• Vercel — web hosting and serverless function execution.

Cookies and tracking

We use strictly necessary cookies set by NextAuth to keep you signed in, and analytics cookies set by Google Analytics 4 to measure aggregate usage. You can disable cookies in your browser settings, but you will not be able to sign in without them.

Data retention

We retain your account and study progress for as long as your account is active. Pass purchase records are retained for billing and tax history even after a pass expires. If you request account deletion, we will remove your personal information within 30 days, except where we are required to keep records (for example, payment history) by law.

Your rights

You can request access to, correction of, or deletion of your personal information by emailing us at [email protected]. Depending on where you live you may also have the right to object to certain processing or to file a complaint with your local data protection authority. We handle your personal information in accordance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

Security

We take reasonable technical and organizational measures to protect your data, including bcrypt password hashing, rate limiting on authentication endpoints, and encrypted connections to all third parties. No online service can be 100% secure, so we encourage you to use a strong unique password.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Effective” date at the top of this page and, for material changes, notify you by email.

Contact

Questions about this policy? Email [email protected].

See also our Terms of Service.