testbudy

Privacy Policy

Last updated: March 16, 2025

This Privacy Policy explains how Testbudy ("we", "our", or "us") collects, uses, and protects information when you use our website at testbudy.com and our desktop application (collectively, the "Service"). We take your privacy seriously and are committed to being transparent about our data practices.

1. Information We Collect

Information you provide directly:

  • Account information: When you create an account, we collect your name and email address.
  • Payment information: Purchases are processed by Polar (our payment provider). We do not store your credit card details. Polar provides us with basic transaction metadata such as plan type, subscription status, and order ID.
  • Support communications: If you contact us by email, we retain that correspondence to help resolve your issue.

Information collected automatically:

  • Log data: Our servers may log your IP address, browser type, operating system, pages visited, and timestamps for security and debugging purposes.
  • Session data: We use cookies and server-side session tokens to keep you authenticated across visits.

What we do NOT collect:

  • We do not record your screen, microphone, or camera.
  • We do not collect or store the content of your study sessions, questions, or AI responses.
  • We do not sell your personal data.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Verify your email address and authenticate you
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, password reset, subscription receipts)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with our legal obligations

We do not use your data for targeted advertising. We do not use your personal data to train AI models.

3. Data Sharing and Third Parties

We share limited data with the following service providers solely to operate the Service:

Supabase

Authentication and database provider. Stores your account email, name, and profile data. Data is encrypted at rest and in transit. Supabase Privacy Policy →

Polar

Payment and subscription processing. Handles all billing data. We receive only subscription status and transaction identifiers. Polar Privacy Policy →

Resend

Transactional email delivery. Receives your email address to send account-related emails. Resend Privacy Policy →

We do not share your data with any other third parties. We will never sell your data. We may disclose information if required by law or to protect the rights, safety, or property of Testbudy or others.

4. Data Storage and Security

Your data is stored on servers provided by Supabase, located in the United States. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage at rest
  • HTTP-only session cookies to prevent client-side script access
  • Short-lived access tokens with automatic refresh
  • Principle of least privilege for internal data access

No system is completely secure. If you believe your account has been compromised, contact us immediately at [email protected].

5. Cookies and Session Data

We use cookies strictly for authentication and session management — not for advertising or tracking. Specifically:

  • Session cookie: An HTTP-only, secure cookie that keeps you logged in across page loads. It expires when your session ends or after a period of inactivity.
  • Refresh token cookie: Allows us to issue new session tokens without requiring you to log in again. This is rotated regularly for security.

We do not use any third-party analytics cookies, advertising pixels, or tracking scripts. You can clear cookies at any time in your browser settings, which will sign you out.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request that we correct inaccurate data.
  • Deletion: Request that we delete your account and associated data.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your data.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You can delete your account at any time from Dashboard → Account Settings. Account deletion permanently removes your profile and authentication data.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account:

  • Your profile and email address are deleted within 30 days.
  • Billing records may be retained for up to 7 years as required by tax and financial regulations.
  • Anonymised, aggregated analytics data (if any) may be retained indefinitely as it cannot identify you.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or by displaying a notice on the website. Your continued use of the Service after any change constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us:

Testbudy

[email protected]

Terms of Service·Support