Privacy Policy (GDPR)

Account data: name, email, password hash (if accounts are enabled).

Purchase data: payment status, amount, currency. Card details are processed by Stripe; we do not store full card numbers.

Test data: your answers, timings, and generated report. The engine records per-question response time and aggregates them into report metrics.

Open-answer grading logs: item id, backend type, JSON grader output or heuristic score, response-time in ms, timestamp. Logged to llm_open_log.jsonl.

Reports: an HTML and a JSON file are generated for each session.

Technical logs: server/hosting logs (IP address, user agent, timestamps).

Cookies/Local Storage: for session, checkout, and analytics (see Cookie Policy).

Provide the test, scoring, and report: contract performance (6(1)(b)).

Payments and receipts: contract and legal duties (6(1)(b),(c)).

Emailing receipts and account messages: contract and legitimate interests (6(1)(b),(f)).

Improve test quality and security, prevent abuse: legitimate interests (6(1)(f)).

Optional analytics/marketing: consent (6(1)(a)).

Compliance with law and requests: legal obligation (6(1)(c)).

Hosting/CDN/app platform: [Vercel/Render].

Payments: Stripe (controller for card data).

Email delivery: [Resend] if enabled.

AI grading for open answers: Azure OpenAI if you toggle the Azure backend; your open-text answers may be sent to your Azure deployment for rubric scoring.

Test reports and grading logs: kept to provide your history and audit. Default: [12 months] unless you delete earlier. llm_open_log.jsonl is for debugging and quality control.

Payments: as required by tax law (typically 7–10 years).

Support emails: [24 months].

We delete or anonymize after expiry.