Back to Home

Privacy Policy

Last updated: March 6, 2026

1. Information We Collect

We collect information you provide directly: name, email address, and password when you create an account. We also collect usage data including quiz answers, progress, and interaction with the AI Tutor to personalize your learning experience.

2. How We Use Your Information

We use your information to: (a) provide and maintain the Service; (b) personalize your learning experience through adaptive quizzes and spaced repetition; (c) process payments via Stripe; (d) send transactional emails (account confirmation, purchase receipts); (e) improve the Service based on usage patterns.

3. Data Storage

Your data is stored in Supabase (PostgreSQL) hosted infrastructure. Passwords are hashed using bcrypt and never stored in plain text. Payment information is processed by Stripe and is never stored on our servers.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — Database and authentication
  • Stripe — Payment processing
  • Anthropic (Claude) — AI Tutor conversations
  • Vercel — Hosting and deployment
  • Resend — Transactional emails

Each service has its own privacy policy. We encourage you to review them.

5. AI Tutor Conversations

Conversations with the AI Tutor are sent to Anthropic for processing. We store conversation history to provide continuity. AI conversations are not used to train AI models. You can delete your conversation history by contacting support.

6. Cookies and Local Storage

We use session cookies for authentication. We use IndexedDB (browser local storage) to cache question data for offline access. No third-party tracking cookies are used.

7. Data Retention

We retain your account data for as long as your account is active. After your access period expires, your progress data is retained for 12 months in case you renew. You may request deletion of your data at any time by contacting support.

8. Data Security

We implement appropriate security measures including encrypted connections (HTTPS), hashed passwords, and role-based access controls. However, no method of transmission over the Internet is 100% secure.

9. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your data; (d) export your data; (e) withdraw consent for data processing. To exercise these rights, contact us at support@istqb.app.

10. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

12. Contact

For privacy-related questions or requests, contact us at support@istqb.app.