passprepper.
Sign up →

Legal

Privacy policy.

Last updated: May 2026

The short version: we collect the minimum we need to run the site, we don't sell data, and we don't run third‑party trackers. If you use passprepper without an account, your progress never leaves your browser.

1. What we collect

Without an account. Nothing personal. Your quiz progress, flags and attempts are stored in localStorage in your own browser. We do run minimal, anonymised server logs (request paths, response codes, timestamps) for security and abuse prevention; these are kept for up to 30 days.

With an account. Email address, a hashed password, the name you chose to display, and the date you joined. If you buy a course we record the purchase and which course you unlocked. If you save progress to your account we record per‑course attempts (questions, answers, scores, timestamps) so we can sync across devices.

If you author a course. The draft contents you create, and any submission you make for review. If we approve a submission and pay you a revenue share, we collect what we need to pay you and to meet tax obligations (typically handled by our payments processor).

2. What we don't do

  • We don't sell your personal data. Ever.
  • We don't run advertising trackers, social pixels, or session replay.
  • We don't share data with data brokers.
  • We don't profile you for marketing purposes outside of passprepper.

3. Cookies

We use a single first‑party session cookie to keep you logged in. We don't use third‑party cookies for advertising. We may add a single privacy‑respecting analytics tool (such as Plausible) that uses no cookies and no personal data — if and when we do, we'll update this page.

4. Third parties we share data with

We rely on a small number of processors to run the service:

  • Hosting — our cloud provider stores account, course and progress data.
  • Payments — we use Stripe for checkout. We never see or store your full card details.
  • Email delivery — for receipts, password resets, and submission‑status notifications.
  • AI providers — when you use AI features in the course maker, the contents of your prompt are sent to the provider (currently OpenAI) to generate a response. Don't paste anything confidential.

Each of these processors has its own privacy policy. We pick providers that meet GDPR / UK GDPR standards.

5. Your rights

You can, at any time:

  • See, edit, or download your account data — write to us if the in‑product tools aren't enough.
  • Delete your account, which also deletes your progress data. Purchase records may be kept for tax/accounting purposes.
  • Object to specific processing or withdraw consent for optional features.
  • Complain to your local data‑protection authority if you think we've mishandled your data.

6. Children

Passprepper is not designed for under‑16s. We don't knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

7. Data retention

Account data is kept while your account is active and for 90 days after deletion (so we can restore the account if you change your mind). Payment records are kept for as long as tax law in our operating jurisdiction requires.

8. Security

Passwords are stored as salted hashes. All traffic is served over HTTPS. We follow standard practice for credential storage, backups, and access control, but no system is perfectly secure — if you spot a vulnerability, please report it via contact.

9. Changes

If we materially change this policy we'll notify registered users by email at least 14 days before the change takes effect.

10. Contact

Questions, requests, or complaints about your data? Reach us via contact.