Contact Email: admin@exam-prep.es
1. Introduction
This privacy policy explains how exam-prep.es ("we", "us", "our") collects, uses, and protects your personal data when you use our InterSystems Certification Prep platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Identity Data
- Email address: Required for account creation and authentication
- Name: Collected during registration or from social login providers
- Social login identifiers: If you sign in via Google, Apple, or Microsoft
2.2 Activity Data
- Quiz scores and answers: Your performance on practice quizzes
- Page views: Knowledge pages you've visited
- Progress tracking: Your completion status across certification modules
2.3 Technical Data
- IP addresses: Stored in CloudWatch logs for 30 days for security and troubleshooting
- Browser information: User agent strings for compatibility
- Session tokens: For authentication purposes
2.4 Support Data
- Problem reports: Issues you report about quiz questions or content, including your description
3. Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract: Processing is necessary to provide the quiz platform service you signed up for
- Legitimate Interest: We have a legitimate interest in improving our service, preventing abuse, and maintaining system security
- Consent: For cookies and tracking that are not strictly necessary (see Cookie Policy below)
4. How We Use Your Data
We use your personal data for the following purposes:
- Service Delivery: To provide access to quizzes, track your progress, and sync data across devices
- Authentication: To verify your identity and maintain secure access to your account
- Improvement: To analyze usage patterns and improve content quality (aggregated, anonymized data)
- Communication: To respond to your support requests and GDPR inquiries
- Security: To detect and prevent fraud, abuse, and technical issues
5. Data Storage and Retention
Your data is stored securely using AWS services in the EU region (eu-west-1):
- User accounts: AWS Cognito (retained until you delete your account)
- Quiz data and progress: Amazon DynamoDB (retained until you delete your account)
- API logs: Amazon CloudWatch (automatically deleted after 30 days)
- Static content: Amazon S3 and CloudFront (no personal data)
6. Third-Party Processors
We use the following third-party services that may process your personal data:
- Amazon Web Services (AWS): Cloud infrastructure for hosting and data storage (EU region)
- Social Login Providers: Google, Apple, Microsoft (only if you choose social login)
- Cloudflare Turnstile: CAPTCHA protection for contact forms (privacy-first, no tracking)
All third-party processors are GDPR-compliant and process data according to Data Processing Agreements.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
7.1 Right to Access
You can request a copy of all personal data we hold about you.
7.2 Right to Rectification
You can request that we correct inaccurate or incomplete personal data.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data. We will delete your account, quiz scores, page views, and all associated data. Problem reports will be anonymized (your name and email replaced with "Deleted User").
7.4 Right to Data Portability
You can request your data in a machine-readable format (JSON) to transfer to another service.
7.5 Right to Restriction of Processing
You can request that we limit how we use your data.
7.6 Right to Object
You can object to processing based on legitimate interests.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please submit a GDPR request via our GDPR Request Form or email us at admin@exam-prep.es. We will respond within 30 days.
8. Cookie Policy
We use cookies and similar technologies (localStorage) to provide essential functionality:
8.1 Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled:
- Authentication tokens: To keep you logged in (stored in localStorage)
- User preferences: To remember your language choice and cookie consent preference
- Session data: To maintain your quiz state during a session
8.2 Performance and Analytics
We currently do not use third-party analytics or tracking cookies. All usage data is stored server-side and aggregated for improvement purposes only.
8.3 Third-Party Cookies
If you use social login (Google, Apple, Microsoft), those providers may set their own cookies according to their privacy policies.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AWS encryption)
- Access Control: Strict access controls limit who can view personal data
- Authentication: Multi-factor authentication available for your account
- Monitoring: Continuous security monitoring and logging
- Rate Limiting: Protection against abuse and automated attacks
10. Data Transfers
Your data is stored in AWS data centers located in the European Union (eu-west-1 region). We do not transfer your data outside the EU/EEA except:
- If you use social login with a non-EU provider (subject to their privacy policy)
- For Cloudflare Turnstile CAPTCHA verification (GDPR-compliant, minimal data shared)
11. Children's Privacy
Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
12. Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page. Your continued use of the service after changes indicates acceptance of the updated policy.
13. Contact Us
If you have any questions about this privacy policy or how we handle your personal data, please contact us:
- Email: admin@exam-prep.es
- GDPR Request Form: Submit a request
14. Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en