Legal

Privacy Policy

Last updated: May 2026

AidePass ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect when you use the AidePass platform (the "Service"), how we use it, with whom we share it, and the rights you have regarding your information.

By creating an account or using the Service, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use the Service.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Cookies and Tracking Technologies
  5. Data Retention
  6. Data Security
  7. Your Rights and Choices
  8. Children's Privacy
  9. International Data Transfers
  10. California Privacy Rights (CCPA)
  11. European Privacy Rights (GDPR)
  12. Changes to This Policy
  13. Contact Us

1. Information We Collect

We collect information in three ways: information you give us directly, information collected automatically when you use the Service, and information from third-party services you connect.

Information you provide directly:

  • Account information: When you register, we collect your name, email address, and a hashed password. You may optionally provide a profile photo.
  • Payment information: When you purchase a plan, our payment processor Stripe collects your card number, expiration date, and billing address. AidePass never stores full credit card details on our servers. We receive only a tokenized reference and the last four digits of your card.
  • Communications: If you contact our support team by email or through the contact form, we retain those messages and your contact details to respond to you and improve our service.

Information collected automatically:

  • Practice and performance data: We record your answers to practice questions, the time you spend on each question, your score history, and the coaching feedback delivered to you. This data powers your personal dashboard and our AI reasoning analysis.
  • Usage data: We log pages visited, features used, session start/end times, and button interactions to understand how the Service is used and where we can improve it.
  • Device and browser data: We collect your IP address, browser type and version, operating system, and device type. This is used for security, fraud prevention, and displaying the Service correctly.
  • Log data: Our servers automatically record requests you make, including the URL, referral source, and response times. Logs are retained for up to 90 days for security and debugging purposes.

Information from third parties:

  • If you choose to sign in with Google, we receive your name, email address, and Google profile photo from Google's authentication service. We do not receive your Google password.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Create your account, authenticate you, deliver practice questions, generate AI coaching feedback, and display your performance dashboard.
  • Process payments: Complete your purchase and maintain records of your access entitlement.
  • Personalize your experience: Adapt question difficulty, surface your weakest categories, and tailor coaching responses based on your specific mistake patterns.
  • Send transactional communications: Deliver order confirmations, receipts, password reset emails, and important account notices. You cannot opt out of strictly transactional messages while your account is active.
  • Send product updates (optional): With your consent, we may email you about new features, study tips, or promotions. You can unsubscribe at any time via the link in any email.
  • Improve the Service: Analyze aggregate usage patterns to fix bugs, improve question quality, and develop new features. We use anonymized or aggregated data for this purpose wherever possible.
  • Ensure security: Detect fraudulent activity, enforce our Terms of Service, and protect the integrity of our platform.
  • Comply with legal obligations: Retain records as required by law, respond to lawful requests from authorities, and exercise or defend legal claims.

We do not use your personal data to train third-party AI models, nor do we sell your data for advertising purposes.

3. How We Share Your Information

We do not sell or rent your personal information. We share data only in the following limited circumstances:

  • Service providers: We share data with trusted vendors who help us operate the Service, including:
    • Stripe — payment processing. Stripe Privacy Policy
    • Cloud infrastructure providers (e.g., hosting, database, CDN) who process data on our behalf under data processing agreements.
    • AI model providers used to generate coaching feedback. Query data sent to these providers does not include your name or contact details — only your answer choice and question context.
    • Email delivery providers used to send you transactional and marketing emails.
  • Analytics: We may use anonymized, aggregated data (never linked to your identity) for internal analytics and reporting.
  • Legal requirements: We may disclose your information if required by law, subpoena, court order, or other governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of AidePass, our users, or the public.
  • Business transfers: If AidePass is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you by email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
  • With your consent: We may share your information for other purposes with your explicit consent.

4. Cookies and Tracking Technologies

We use browser-based storage (cookies and localStorage) to operate the Service. Here is what we use and why:

  • Session cookies: Required to keep you logged in during a browsing session. These expire when you close your browser.
  • Authentication tokens: Stored in localStorage to keep you logged in across sessions (if you choose "Remember me"). You can clear these at any time by logging out.
  • Preference storage: We store lightweight preferences (e.g., last selected question category) in localStorage so they persist between visits.
  • Analytics cookies: We may use first-party or third-party analytics cookies (such as those set by a self-hosted analytics tool) to understand aggregate usage. These do not track you across other websites.

We do not use advertising cookies, tracking pixels, or cross-site behavioral advertising. You can control cookies through your browser settings; however, disabling certain cookies may prevent some features from working correctly.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account and profile data: Retained until you delete your account, after which it is permanently deleted within 30 days.
  • Practice and performance data: Retained for the life of your account. If you delete your account, this data is deleted with it.
  • Payment records: Retained for 7 years to comply with financial record-keeping laws, even after account deletion. Only aggregated transaction records are kept — not full payment card details.
  • Support communications: Retained for 3 years after the conversation closes to help us handle any follow-up requests.
  • Server logs: Retained for 90 days and then automatically deleted.

You may request deletion of your account and associated data at any time by emailing support@aidepass.com. We will process deletion requests within 30 days, subject to legal retention obligations described above.

6. Data Security

We take security seriously. Our measures include:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Passwords are hashed using a modern, slow hashing algorithm (bcrypt or equivalent). We never store plaintext passwords.
  • Payment data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor. We never receive or store raw card details.
  • Access to production databases is restricted to authorized personnel only, using role-based access controls and multi-factor authentication.
  • We conduct periodic security reviews of our infrastructure and dependencies.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable protections, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@aidepass.com.

In the event of a data breach that affects your personal information, we will notify you as required by applicable law, typically within 72 hours of becoming aware of the breach.

7. Your Rights and Choices

Depending on where you live, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information. You can update most account information directly in your account settings.
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions (e.g., payment records we are required to retain).
  • Portability: Request your data in a structured, machine-readable format (e.g., a JSON or CSV export of your practice history).
  • Objection / Restriction: Object to or request that we restrict certain processing activities.
  • Withdraw consent: Where we rely on consent as our legal basis, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
  • Marketing opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us directly.

To exercise any of these rights, email us at support@aidepass.com with the subject line "Privacy Request." We will respond within 30 days. We may need to verify your identity before processing your request.

8. Children's Privacy

AidePass is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@aidepass.com and we will promptly delete the information.

9. International Data Transfers

AidePass is operated in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the European Economic Area (EEA) or United Kingdom, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data to the United States. By using the Service, you consent to this transfer, storage, and processing.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. You do not need to opt out because we do not engage in this practice.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Shine the Light: California residents may also request information about disclosures of personal information to third parties for their direct marketing purposes under California Civil Code § 1798.83. We do not make such disclosures.

To submit a California privacy request, email support@aidepass.com with the subject line "California Privacy Request." We will respond within 45 days.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent local law applies to our processing of your personal data.

Legal bases for processing:

  • Contract performance: Processing your account data, practice data, and payment data is necessary to fulfill our agreement with you (providing the Service you purchased).
  • Legitimate interests: We process usage data and logs based on our legitimate interest in operating a secure, functional service and improving it over time — provided this does not override your rights.
  • Legal obligation: We retain payment records to comply with financial laws.
  • Consent: We rely on consent for marketing emails. You can withdraw consent at any time.

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with applicable law.

For GDPR-related inquiries or to designate a representative, contact us at support@aidepass.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Send a notice to the email address on file for your account at least 14 days before the changes take effect.
  • Display a prominent banner on the Service when you next log in.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you may delete your account before the changes take effect.

13. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

AidePass — Privacy Inquiries

Email: support@aidepass.com

Subject line: Privacy Request or Privacy Question

Contact form: aidepass.com/contact

We respond to all privacy inquiries within 30 days.

← Terms of Service Questions? Contact us