CertAI

Privacy Policy

Last Updated: December 2, 2024

Introduction

Welcome to CertAI Exam Prep Apps, developed and operated by GRP LLC ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your information.

This Privacy Policy applies to all CertAI certification exam preparation applications developed by GRP LLC, including but not limited to: CompTIA Security+, CompTIA Network+, CompTIA A+, PMP, CCNA, CDL, ISTQB, ASVAB, ATI TEAS, Real Estate, PTCB, and any other exam prep apps published under the CertAI brand.

This Privacy Policy explains:

  • What data we collect from you
  • How we use that data
  • Who we share it with
  • Your rights regarding your data
  • How to contact us

By using our apps, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve our services.

1.1 Identifiers

What We Collect:

  • User ID: A unique identifier assigned to your account (e.g., install_id, RevenueCat user ID)
  • Device ID: A unique identifier for your device generated upon first app launch

Why We Collect It:

  • To track your study progress across sessions
  • To manage your premium subscription
  • To provide personalized study recommendations
  • To analyze app usage and improve our services

How It's Collected:

  • Automatically generated when you first open the app
  • Stored securely on your device and our servers

Third-Party Access:

  • RevenueCat (for subscription management)
  • Supabase (for analytics and data storage)

Important Note About Tracking:

  • We do NOT use these identifiers for tracking purposes as defined by Apple's App Tracking Transparency framework
  • We do NOT combine data from our app with data from other apps, websites, or third-party sources for advertising
  • We do NOT share these identifiers with data brokers
  • We do NOT use these identifiers for cross-app tracking or targeted advertising

1.2 Purchase History

What We Collect:

  • Subscription purchase records (which package you purchased, when, and at what price)
  • Transaction IDs (from Apple App Store)
  • Subscription status (active, expired, cancelled)
  • Payment failures and success records

Why We Collect It:

  • To unlock premium features you've purchased
  • To manage your subscription and billing
  • To prevent fraud and unauthorized access
  • To analyze conversion rates and improve our pricing (internal analytics only)
  • To provide customer support

Important Note:

  • We do NOT collect or store your credit card information, CVV, or billing address
  • All payment processing is handled securely by Apple App Store
  • We only receive confirmation of successful purchases

Third-Party Access:

  • RevenueCat (full purchase history for subscription management)
  • Supabase (aggregated purchase analytics, no payment card data)

Not Used For:

  • We do NOT use purchase history for targeted advertising
  • We do NOT share purchase data with advertising networks or data brokers

1.3 Usage Data

1.3.1 Product Interaction

What We Collect:

  • Screen views (which screens you visit in the app)
  • Button clicks and navigation patterns
  • Quiz interactions (questions answered, scores, time spent)
  • Flashcard interactions (cards viewed, ratings, completion)
  • Test submissions (results, duration, performance)
  • Feature usage (which features you use most often)

Why We Collect It:

  • To track your study progress and calculate your success meter
  • To personalize your study plan based on your performance
  • To understand which features are most useful
  • To identify and fix bugs
  • To improve app performance and user experience

Third-Party Access:

  • Supabase (stores all usage analytics)

Not Used For:

  • We do NOT use product interaction data for advertising purposes
  • We do NOT share this data with advertising networks

1.3.2 Other Usage Data

What We Collect:

  • Study time (how long you use the app each session)
  • Onboarding selections (your selected level, target exam date, study hours per week)
  • Domain progress (which topics you've completed, scores per domain)
  • Quiz performance data (correct/incorrect answers, difficulty ratings)
  • App lifecycle events (app opens, backgrounds, crashes)

Why We Collect It:

  • To calculate your overall study progress
  • To customize your study plan based on your goals
  • To recommend content based on your performance
  • To identify weak areas that need more practice
  • To measure app engagement and retention

Third-Party Access:

  • Supabase (stores all progress and performance data)

2. How We Use Your Information

We use your information for the following purposes:

2.1 App Functionality (Essential)

  • User Authentication: Identify your device and maintain your account
  • Premium Access: Unlock features you've purchased
  • Progress Tracking: Save your study progress and quiz scores
  • Session Management: Maintain active sessions and prevent unauthorized access
  • Fraud Prevention: Detect and prevent subscription abuse
  • Customer Support: Help resolve issues you report

2.2 Analytics (Internal Only)

  • User Behavior Analysis: Understand how you use the app
  • Feature Effectiveness: Measure which features help users succeed
  • Performance Monitoring: Identify slow screens and technical issues
  • Conversion Analysis: Understand what drives users to subscribe
  • Retention Metrics: Measure daily and monthly active users

Important: All analytics are performed internally and are NOT shared with advertising networks or used for cross-app tracking.

2.3 Product Personalization

  • Custom Study Plans: Generate personalized study schedules based on your goals
  • Content Recommendations: Suggest domains and topics based on your progress
  • Difficulty Adaptation: Recommend questions at your skill level
  • Success Predictions: Calculate your exam readiness
  • Progress-Based UI: Show relevant content based on your achievements

Note: Personalization is based solely on your activity within our app, not combined with data from external sources.

2.4 NOT Used For

  • Third-party advertising or ad targeting
  • Selling your data to data brokers
  • Email marketing campaigns (we don't collect your email)
  • Cross-app tracking or behavioral advertising
  • Combining your data with third-party data from other apps or websites
  • Sharing data with advertising networks
  • Any purpose not explicitly listed in this policy

3. Tracking and Advertising

3.1 We Do NOT Track Users

Per Apple's App Tracking Transparency framework, "tracking" means:

  1. Linking data collected from our app with third-party data for targeted advertising or advertising measurement purposes, OR
  2. Sharing data collected from our app with a data broker

Our Practice:

  • We do NOT engage in tracking as defined above
  • We do NOT use any advertising SDKs (no Google AdMob, Facebook Ads, etc.)
  • We do NOT combine your app data with data from other companies' apps or websites
  • We do NOT share your data with data brokers
  • We do NOT use the Advertising Identifier (IDFA)
  • We do NOT participate in ad networks or attribution platforms for advertising purposes

What This Means:

  • You will NOT see targeted ads based on your activity in our app
  • Your data will NOT be used to show you ads in other apps
  • We do NOT request "Allow Tracking" permission because we do not track

3.2 No Advertising

Our apps do NOT display advertisements of any kind:

  • No banner ads
  • No interstitial ads
  • No video ads
  • No third-party advertising

Our only revenue comes from premium subscriptions purchased directly through the App Store.

4. Third-Party Services

We use the following third-party services that may collect data from our apps:

4.1 RevenueCat (Subscription Management)

Purpose: Manage in-app purchases and subscriptions

Data Shared:

  • User ID (RevenueCat customer ID)
  • Device ID
  • Purchase history (packages purchased, dates, prices)
  • Subscription status

Why We Use It: RevenueCat handles all subscription logic, receipt validation, and cross-platform syncing

Not Used For: RevenueCat does NOT use your data for advertising or tracking purposes

Privacy Policy: https://www.revenuecat.com/privacy

Your Control: You can manage your subscription through your Apple ID settings

4.2 Supabase (Analytics & Data Storage)

Purpose: Store analytics data and user progress

Data Shared:

  • User ID and Device ID
  • Usage data (screen views, quiz performance, study time)
  • Purchase history (for internal analytics only, no payment card data)
  • Onboarding selections and preferences

Why We Use It: Supabase provides secure cloud storage for your progress and our analytics

Not Used For: Supabase is our backend database and does NOT use your data for advertising or share it with third parties

Privacy Policy: https://supabase.com/privacy

Data Location: Hosted on AWS servers in the United States

4.3 Apple App Store

Purpose: Process payments and deliver the app

Data Shared:

  • Apple ID
  • Payment information (handled entirely by Apple)
  • Purchase receipts

Why We Use It: Required for all iOS app distribution and payments

Privacy Policy: https://www.apple.com/legal/privacy/

Your Control: Manage in App Store settings on your device

5. Data Retention

How Long We Keep Your Data:

  • Account Data (User ID, Device ID): Retained indefinitely while you use the app
  • Purchase History: Retained for 7 years (required by financial regulations)
  • Usage Analytics: Retained indefinitely for product improvement
  • Study Progress: Retained until you delete the app
  • Session Data: Retained for 90 days

When You Delete the App:

  • Locally stored data (progress, preferences) is immediately deleted
  • Server-side data (analytics, purchase history) remains for record-keeping
  • You can request complete data deletion (see "Your Rights" below)

6. Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
  • Secure Storage: Sensitive data on your device is stored in iOS Secure Enclave (SecureStore)
  • Access Control: Our servers use authentication and authorization to prevent unauthorized access
  • Regular Audits: We regularly review our security practices and update them as needed
  • Third-Party Security: RevenueCat and Supabase are SOC 2 certified and GDPR compliant

However: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Rights Under GDPR (European Union)

If you are in the EU/EEA, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to our processing of your data
  • Withdraw Consent: Withdraw consent at any time (though this may limit app functionality)
  • Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing:

  • Contractual necessity (to provide app services)
  • Legitimate interests (analytics and improvement)
  • Consent (where explicitly requested)

7.2 Rights Under CCPA/CPRA (California)

If you are a California resident, you have the right to:

  • Know: Request disclosure of what personal information we collect and how we use it
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of the "sale" of your personal information (Note: We do NOT sell your data)
  • Non-Discrimination: Exercise your rights without discriminatory treatment

CCPA Notice:

  • We do NOT sell your personal information
  • We do NOT share your data for cross-context behavioral advertising
  • You can exercise your rights by contacting us (see below)

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: cangarip98@gmail.com

Response Time: We will respond within 30 days

Verification: We may ask you to verify your identity to prevent unauthorized access

No Fee: We do not charge for data requests unless they are excessive or repetitive

8. Children's Privacy (COPPA Compliance)

Our apps are NOT intended for children under 13 years old.

  • We do not knowingly collect personal information from children under 13
  • If you are a parent and believe your child has provided us with personal information, contact us immediately
  • We will delete such information promptly

Age Requirement: You must be at least 13 years old to use our apps (or the age of digital consent in your country, whichever is higher)

9. International Data Transfers

Data Location: Our servers (Supabase) are located in the United States

If You Are Outside the US:

  • Your data may be transferred to and processed in the United States
  • The US may have different data protection laws than your country
  • We use standard contractual clauses (SCCs) to protect data transferred outside the EU
  • By using our apps, you consent to this transfer

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When We Update:

  • We will update the "Last Updated" date at the top
  • Significant changes will be announced in the app
  • Your continued use after changes constitutes acceptance

How to Stay Informed:

  • Check this page periodically for updates
  • Enable app notifications (if available) for policy change alerts

11. Do Not Track

Our apps do not respond to "Do Not Track" (DNT) signals because:

  • DNT is not a universally accepted standard
  • Our data collection is essential for app functionality (progress tracking)
  • We do not engage in cross-site tracking or behavioral advertising

12. California Shine the Light Law

California residents can request information about data shared with third parties for direct marketing purposes.

Our Practice: We do NOT share your data for direct marketing purposes

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

Email: cangarip98@gmail.com

Response Time: We respond to all inquiries within 48 business hours

Company: GRP LLC

Brand: CertAI (Certification Exam Prep Apps)

14. Additional Information for Specific Regions

14.1 European Union / EEA

Data Controller: GRP LLC

Legal Basis: See Section 7.1

14.2 United Kingdom

This Privacy Policy complies with the UK GDPR and Data Protection Act 2018. All rights under GDPR (Section 7.1) apply to UK residents.

14.3 Australia

This Privacy Policy complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988.

Australian Residents: You have the right to access and correct your personal information. Contact us using the details above.

Summary (TL;DR)

What We Collect:

  • User ID, Device ID (to track your progress)
  • Purchase history (to unlock premium features)
  • Usage data (quiz scores, study time, screen views)

Why We Collect It:

  • Make the app work (track progress, unlock features)
  • Improve the app (internal analytics, bug fixes)
  • Personalize your experience (custom study plans)

We Do NOT Track You:

  • NO advertising SDKs or ad networks
  • NO data brokers
  • NO cross-app tracking
  • NO combining data with third-party sources
  • NO targeted advertising

Who We Share With:

  • RevenueCat (for subscriptions only)
  • Supabase (for analytics and storage - our own backend)
  • NO advertisers, NO data brokers, NO marketing companies

Your Rights:

  • Access your data
  • Delete your data
  • Opt-out of data collection (though the app may not work fully)

Contact Us: cangarip98@gmail.com

This policy is effective as of December 2, 2024.