Privacy Policy

Last Updated: April 1, 2026

The AI Testing Company (“Company”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit or use our website, web application, and associated services (collectively, the “Platform”).

By accessing or using the Platform, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

Account information: Name, email address, password, and profile details you provide when registering for an account.
Payment information: Billing address and payment card details, processed securely via Stripe. We do not store your full card number on our servers.
Generated content data: Questions you ask, answers you submit, study notes, quiz responses, and study history created through your use of the Platform.
Communications: Information you provide when contacting support, submitting feedback, or responding to surveys.

1.2 Information Collected Automatically

Usage data: Pages visited, quizzes taken, features used, time spent on the Platform, click patterns, and navigation paths.
Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
Log data: Server logs that record access times, referring URLs, error logs, and other diagnostic data.
Location data: Approximate geographic location inferred from your IP address (we do not collect precise GPS location).

1.3 Information from Third Parties

Authentication providers: If you sign in using a third-party service (e.g., Google), we may receive your name, email address, and profile picture from that provider.
Analytics providers: Aggregated usage data from analytics services we use to improve the Platform.

Some information may be generated or processed by AI models to personalize your learning experience. This includes AI-generated study plans, performance assessments, and content recommendations.

2. How We Use Your Information

We use your data for the following purposes:

2.1 Service Delivery

Create, maintain, and secure your account
Deliver and personalize learning experiences, including adaptive test preparation
Generate voice lectures, diagrams, explanations, and AI tutor sessions
Provide 1:1 tutoring via AI avatars
Process payments for subscriptions or usage
Track your learning progress and generate performance analytics

2.2 Improvement and Development

Improve our AI models, algorithms, and product features
Conduct internal research and analytics using anonymized and aggregated data
Debug errors and improve Platform stability
Develop new features and services

2.3 Communication

Send transactional messages (account confirmations, password resets, payment receipts)
Notify you about updates, new features, or changes to the Platform
Respond to your inquiries and support requests
Send promotional communications (only with your consent; you may opt out at any time)

2.4 Legal and Safety

Comply with applicable laws, regulations, and legal processes
Enforce our Terms and Conditions and other agreements
Detect, prevent, and address fraud, abuse, security risks, and technical issues
Protect the rights, property, and safety of the Company, our users, and the public

3. Legal Basis for Processing

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Contract performance: Processing necessary to provide the Platform and fulfill our contractual obligations to you (e.g., account management, delivering learning content).
Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, conducting analytics, and preventing fraud, provided these interests are not overridden by your rights.
Consent: Where you have given explicit consent for specific processing activities, such as receiving marketing communications or the use of non-essential cookies.
Legal obligation: Processing necessary to comply with applicable laws and regulations.

4. Cookies and Tracking

4.1 What We Use

We use cookies, local storage, and similar tracking technologies to operate the Platform, remember your preferences, and understand how you use our services. These include:

Essential cookies: Required for the Platform to function (e.g., authentication tokens, session management). These cannot be disabled.
Functional cookies: Remember your preferences and settings (e.g., language, display preferences).
Analytics cookies: Help us understand how users interact with the Platform so we can improve it (e.g., page views, feature usage).

4.2 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may impair Platform functionality. Most browsers allow you to:

View what cookies are set and delete them individually
Block third-party cookies
Block cookies from particular sites
Block all cookies
Delete all cookies when you close your browser

4.3 Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals, but we will update this policy if a standard is established.

5. Third-Party Providers

Our product is built using AI technologies and services provided by external vendors. These third-party providers may process limited personal data on our behalf to deliver their services. We select providers that maintain appropriate data protection standards.

5.1 AI and Content Generation

Large Language Models (LLMs): OpenAI (GPT-4o), Anthropic (Claude), and other providers for generating explanations, tutoring, and study content.
Text-to-Speech: ElevenLabs for generating voice lectures.
Image Generation: OpenAI API for creating custom diagrams and visual aids.
Realtime Speech API: For speech-driven tutoring interfaces.
Video Generation: OmniHuman-1 (or similar state-of-the-art models) for avatar-based lectures.

5.2 Infrastructure and Payments

Cloud Hosting: Firebase / Google Cloud Platform for data storage and application hosting.
Payment Processing: Stripe for secure payment processing. Stripe is PCI DSS Level 1 certified.
Authentication: Firebase Authentication for secure user sign-in.

5.3 Third-Party Privacy Policies

Each of these services may collect limited data for operational purposes. Please refer to their respective privacy policies for details:

OpenAI: https://openai.com/privacy
Anthropic: https://www.anthropic.com/privacy
ElevenLabs: https://www.elevenlabs.io/privacy
Stripe: https://stripe.com/privacy
Google / Firebase: https://policies.google.com/privacy

Note: We actively monitor and may substitute technologies in our stack as the AI ecosystem evolves. Any change in third-party data processors will be reflected in the “Last Updated” date of this Privacy Policy.

6. Sharing Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We only share your data in the following circumstances:

Service providers: With trusted third-party vendors who assist us in operating the Platform (e.g., cloud hosting, payment processing, AI APIs). These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
Legal requirements: When required by law, regulation, legal process, or governmental request (e.g., court orders, subpoenas, regulatory inquiries).
Safety and rights protection: When we believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.
Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have regarding your data.
With your consent: When you have given explicit, informed consent for a specific disclosure.

7. Data Security

We implement technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Data encrypted in transit (TLS 1.2+) and at rest.
Authentication: Secure password hashing and support for multi-factor authentication.
Access controls: Role-based access controls limiting data access to authorized personnel on a need-to-know basis.
Monitoring: Access logging, intrusion detection, and regular security reviews.
Vendor security: Third-party providers are evaluated for their security practices and compliance certifications.

While no system is 100% secure, we are committed to maintaining industry-standard protections. If you discover a security vulnerability, please report it to us promptly via our help center.

8. Data Retention

We retain your information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention practices are as follows:

Account data: Retained for as long as your account is active. Upon account deletion, your personal data will be deleted or anonymized within 30 days, except where retention is required by law.
Usage and analytics data: Retained in identifiable form for up to 24 months, then anonymized or deleted.
Payment records: Retained as required by applicable tax and financial regulations (typically 7 years).
Support communications: Retained for up to 3 years after resolution to assist with any follow-up inquiries.
AI training data: Any data used for model improvement is anonymized and aggregated prior to use and cannot be traced back to individual users.

You may request deletion of your account and associated data at any time by contacting us.

9. International Transfers

Your information may be transferred to and processed in countries other than the country in which you reside, including the United States. These countries may have data protection laws that differ from those of your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards to protect your data, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with third-party providers that include adequate data protection obligations
Reliance on providers that maintain recognized certifications or frameworks

By using the Platform, you acknowledge that your data may be processed in the United States and other jurisdictions where our service providers operate.

10. Children's Privacy

The Platform is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction, such as 16 in parts of the EU). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child under the applicable age threshold, we will take steps to delete that information promptly.

For users between the ages of 13 and 18, we recommend that a parent or guardian review this Privacy Policy and supervise the minor's use of the Platform.

11. Your Rights

11.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data (“right to be forgotten”).
Right to restriction: Request that we limit how we process your data in certain circumstances.
Right to data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

11.2 Rights for EEA/UK Residents (GDPR)

If you are located in the EEA or UK, you have all the rights listed above under the GDPR. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. A list of EU data protection authorities is available at https://edpb.europa.eu.

11.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights:

Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share your data.
Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
Right to correct: You may request correction of inaccurate personal information.
Right to opt out of sale/sharing: We do not sell your personal information or share it for cross-context behavioral advertising. If this changes, we will provide a conspicuous opt-out mechanism.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, please contact us using the methods described in Section 15. We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

11.4 How to Exercise Your Rights

To exercise any of the above rights, contact us through the form provided on our website or via the help center. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

12. Automated Decision-Making

The Platform uses AI-powered algorithms to personalize your learning experience. This includes:

Adaptive question selection based on your performance history
Personalized study plan recommendations
Performance scoring and progress assessments

These automated processes are designed to enhance your learning outcomes and do not produce legal effects or similarly significant effects on you. If you have concerns about automated decisions affecting you, you may contact us to request human review.

13. Third-Party Links

The Platform may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policy of every site you visit. This Privacy Policy applies only to the Platform and does not cover any third-party websites or services.

14. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. When we make changes:

We will update the “Last Updated” date at the top of this page.
For material changes, we will notify you via email (if you have an account) or through a prominent notice on the Platform at least 14 days before the changes take effect.
Continued use of the Platform after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Help Center: https://aitestprep.com/help
Email: privacy@aitestprep.com

If you are located in the EEA or UK and wish to raise a concern about our processing of your personal data, you have the right to lodge a complaint with your local supervisory authority.