Privacy Policy
Effective June 30, 2026. How we manage and secure your study data.
1. Information We Collect
PrepPilot collects only the necessary details to provide practice metrics:
- Authentication Data: We use Google OAuth to identify users. We store your email address and profile identifiers provided by Google to secure your account.
- Study Activity: We log your test submissions, choice selections, accuracy ratings, streaks, and response durations to construct performance charts.
- Spaced Flashcards: We save spacing parameters (repetitions, intervals) to schedule your card deck reviews.
2. Security & Hosting
Your data is stored securely using Supabase PostgreSQL database nodes, encrypted at rest. Authenticated sessions are managed via signed JSON Web Tokens (JWT) to verify that only you can access your statistics, test sessions, and AI summaries.
3. AI Evaluation Data
When requesting AI Focus summaries, PrepPilot sends only the text of the questions you answered incorrectly or skipped to the Gemini AI API. No personal identifiers (like emails or names) are transmitted to the AI provider.
4. Cookies & Local Storage
We utilize browser cookies and session storage solely to maintain your authentication state and cache UI preferences (such as dark mode and Focus Mode toggles). We do not run third-party tracking scripts or advertising cookies.