Privacy policy — Prepster

We take privacy seriously. This page explains what data we collect, why, and how you can control it.

This is a placeholder document. Prepster's final privacy policy will be published before any paid features go live.

1. What we collect

Account data — name, email, and authentication details, managed via our identity provider (Clerk).
Study materials — the PDFs you upload, stored in private object storage and processed to generate your mock tests.
Attempt data — your answers, timing, and analytics, stored in our Postgres database (Supabase).
Usage telemetry — anonymised events to diagnose issues and improve the service.

2. Third-party processors

We use trusted vendors to run Prepster: Clerk (authentication), Supabase (database and storage), Cloudflare R2 (object storage), Google Gemini (PDF extraction), and Trigger.dev (background jobs). Each of these processors handles only the data necessary to perform its function.

3. How we use your data

Convert your PDFs into mock tests.
Compute performance analytics and evaluation reports.
Send essential account and service notifications.
Diagnose bugs and improve the product.

We do not sell your data. We do not use your uploaded content to train third-party AI models without your explicit, documented consent.

4. Your rights

Request a copy of the data we hold about you.
Delete your account and associated content.
Correct inaccurate information.

To exercise any of these rights, email help@prepster.net.

5. Data retention

We retain your account and attempt data until you delete your account. Once deleted, content is purged from active systems within 30 days and from backups within 90 days.

6. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorised personnel with MFA.

7. Contact

Privacy questions or requests? help@prepster.net.