Skip to main content
CertPrep StudioStart team plan

Legal

Privacy Policy

Effective April 17, 2026

CertPrep Studio ("we", "us") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have in connection with that information.

1. Information we collect

Account data. When you create an account we collect your email address, name (if provided), organization affiliation, and authentication credentials. When you are invited to an organization by an administrator, your email is provided to us by that administrator.

Study activity. To power progress tracking and compliance exports, we collect the questions you attempt, your answers, time spent, mock-exam results, confidence ratings, and scheduled review items.

Billing data. For team and individual purchases, our payment processor (Stripe) collects payment method, billing address, and invoice information. We store only the Stripe customer identifier and the checkout session reference — we do not store raw card numbers.

Usage data. We collect standard log data including IP address, device and browser type, pages visited, and timestamps for security, diagnostics, and product improvement.

2. How we use information

  • To operate, maintain, and improve the Service;
  • To provide progress tracking, readiness scoring, and compliance records to you and your organization's administrators;
  • To process purchases and send billing-related communications (receipts, access-expiry reminders);
  • To send transactional emails such as invitations, password resets, and account notifications;
  • To detect, investigate, and prevent fraud, abuse, or security incidents;
  • To comply with legal obligations.

We do not sell personal information, and we do not use your study data to train third-party machine-learning models.

3. Organization administrators

If you use the Service through an organization, your organization's administrators can see your study activity, question-level performance, mock exam results, readiness score, and calibration data, and can include this information in exported compliance records. In this context we act as a data processor for your organization. Your organization's own privacy policy may also apply to you.

4. How we share information

We share personal information only with the service providers necessary to operate the Service:

  • Stripe — payment processor; handles checkout, payment-method capture, invoices, and sales tax calculation.
  • Supabase — authentication, database hosting, and row-level-security enforcement.
  • Resend — transactional email delivery.
  • Vercel — application hosting and edge delivery.
  • Anthropic — certification content generation (no user data is sent to Anthropic in production runtime).

We may also disclose information when required by law, to enforce our Terms, or to protect the safety or rights of CertPrep Studio, our users, or the public. In the event of a merger, acquisition, or asset sale, personal information may be transferred to the acquiring entity subject to this Policy.

5. Data retention

We retain account and study data for the duration of your access period plus a reasonable period afterwards for compliance-records continuity, unless you or your organization request deletion sooner. Billing records are retained as required by applicable tax and financial record-keeping laws.

6. Your rights

Depending on your location, you may have rights under laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, or the California Consumer Privacy Act (CCPA), including the right to access, correct, delete, port, or restrict processing of your personal information, and the right to withdraw consent. To exercise these rights, email privacy@certprepstudio.com. If you are a member of an organization, you may need to contact your administrator for certain deletion requests.

7. Security

We use industry-standard encryption in transit (TLS) and at rest, Supabase row-level security to isolate organizational data, and restricted role-based access for our infrastructure. No internet-based service is perfectly secure; you are responsible for keeping your credentials confidential.

8. International transfers

We operate primarily in the United States. If you access the Service from outside the US, your personal information will be transferred to and processed in the US, which may have different data-protection laws than your jurisdiction.

9. Children

The Service is intended for professionals preparing for industry certification exams and is not directed to individuals under 18. We do not knowingly collect personal information from children under 18.

10. Changes to this Policy

We may update this Policy periodically. Material changes will be notified by email or in-product notice before taking effect. The effective date at the top of this page reflects the most recent version.

11. Contact

For privacy questions, data-subject requests, or DPA inquiries, email privacy@certprepstudio.com.

← Terms of ServiceBack to home