Privacy Policy

Last updated: April 2026

1. What We Collect

When you create an account, we collect:
  • Display name and email address
  • Hashed password (we never see your plaintext password)
  • Study activity: questions answered, time spent, mastery scores
  • Payment metadata if you subscribe (handled by Stripe / Gumroad — we never store card numbers)
  • Device and browser info via standard server logs

2. How We Use Your Data

We use your data to:
  • Personalize your study sessions (adaptive question selection)
  • Track your progress and readiness scores
  • Send essential service emails (verification, password reset, exam reminders)
  • Improve the platform via aggregate analytics
We do not sell or rent your personal data to third parties.

3. Cookies & Local Storage

We use:
  • A session cookie (sparkupcloud_session) to recognize you across pages
  • localStorage for your auth token and study state
  • No third-party advertising or tracking cookies

4. Third-Party Services

We rely on a small number of trusted providers:
  • Vercel — frontend hosting
  • AWS — backend hosting (EC2, RDS)
  • Stripe / Gumroad — payment processing
  • Anthropic Claude — AI-generated explanations (only the question content is sent, not your identity)
  • Credly & Microsoft Learn — official badge images embedded by URL

5. Your Rights (GDPR / CCPA)

You can:
  • Access all data we hold about you (email admin@sparkupcloud.com)
  • Request deletion of your account and all associated data
  • Export your study history in JSON format
  • Correct or update your profile from your account page
We respond to all requests within 30 days.

6. Data Retention

Account data is kept while your account is active. After deletion, we keep anonymized aggregates only (e.g., "X users took Y mock exams this month") for product improvement. Payment records are kept for 7 years for tax compliance.

7. Children's Privacy

SparkUpCloud is not intended for users under 16. We do not knowingly collect data from children. If you believe a minor has registered, contact us at admin@sparkupcloud.com and we'll delete the account.

8. Security

We use HTTPS everywhere, hash passwords with bcrypt, and store sensitive backend secrets in encrypted environment variables. No system is 100% secure — please use a strong, unique password and notify us of any suspected breach.

9. Changes to This Policy

Material changes will be announced via email at least 14 days before taking effect. Minor clarifications will be reflected in the "Last updated" date.

10. Contact

Questions about your privacy? Reach us at admin@sparkupcloud.com.