Your data. Your control.

• Account: email and/or phone (hashed at rest), display name, country, language, exam targets.
• Learning data: attempts, answers, time-per-question, bookmarks, notes — needed for adaptive learning and your own dashboards.
• Device: OS + version, app version, device key fingerprint (for security), IP at session start (last-octet redacted after 30 days).
• Optional: profile photo, mentor verification documents, exam scorecards (only if you upload them).
• Anti-cheat (during paid mocks only, disclosed upfront): webcam frames, mic audio (kept 30 days, encrypted, accessible only on flagged review).

• We do not access your contacts, photos, calendar, or files outside the app.
• We do not track you across the web. No Facebook pixel, no Google Ads pixel.
• We do not record your screen outside of disclosed proctoring sessions.
• We do not retain payment-card numbers; payments go directly to Stripe/Razorpay.

• Operate the service: authenticate you, show progress, run adaptive learning.
• Improve the service: aggregate analytics on which features help students learn faster.
• Safety: detect cheating, account takeover, abuse — protect every honest student.
• Legal: tax records, dispute resolution, regulator requests, with strict process.

• Access + export: Settings → Privacy → Download my data. ZIP delivered within 7 days.
• Correction: edit any profile field anytime. For locked fields, contact privacy@prep.app.
• Deletion: Settings → Account → Delete. 30-day grace then permanent purge across primary, replicas, backups, and warehouse.
• Restriction + objection: contact privacy@prep.app — DPDP, GDPR, CCPA, UK GDPR rights honoured globally.
• Withdraw consent: revoke parent/tutor visibility, opt out of optional analytics, anytime.

• Mentors / teachers / parents: only what you (or your linked parent for minors) opted into.
• Sub-processors: AWS / GCP (hosting), Stripe / Razorpay (payments), MSG91 / Twilio (OTP), Sentry (errors). Full list at /privacy/subprocessors.
• Law enforcement: only on valid legal process; we challenge over-broad requests and publish counts annually.
• Business transfer: in a merger / acquisition, your data transfers with notice and the option to delete first.

For users under the age of digital consent in their jurisdiction (13 US, 16 EU, varies elsewhere), a verifiable parent/guardian must approve account creation. Parent-side controls (FAM-07) gate purchases, peer features, and communication. We do not behaviorally advertise to anyone, especially minors.

• Account profile: lifetime of account + 30 days post-deletion.
• Learning attempts: 5 years rolling.
• Anti-cheat recordings: 30 days unless flagged for review.
• Billing / tax records: 7 years (statutory).
• Server logs with IP: 30 days; aggregated counters indefinitely.

Where we transfer data across borders (e.g., support staff in a different region), we use Standard Contractual Clauses + EU adequacy decisions + India-specific transfer rules under DPDP 2023. Sub-processor regions are listed at /privacy/subprocessors.

Personal-data breach notification within 72 hours to regulators and affected users where law requires (GDPR Art. 33/34, India DPDP, US state laws). Post-incident report published at /trust within 30 days.

Email dpo@prep.app · EU representative: Prep EU Rep, Brussels · India DPB grievance officer: details on request.