Privacy

Privacy Policy

Last updated: July 18, 2026

PrepTOEIC ("we") is committed to protecting your personal data. This policy describes what we collect, why, how long we keep it and the rights you have, in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

The data controller is the publisher of PrepTOEIC. For any question about your data: support@preptoeic.com.

2. Data we collect

Account data: email address, first and last name, password (hashed) or third-party sign-in identifier (Google, Apple), preferred language.

Learning data: answers to exercises and exams, scores and estimated score, study path and progress, badges, goals.

Reports and support exchanges: the content of your messages and the associated technical context (page, exercise or question concerned, device).

Notifications: device push token if you enable them, preferences per type and channel.

Technical data: server logs (IP address, timestamps) required for security, and cookieless audience measurement on the website.

We collect no location data, no advertising data, and the mobile app embeds no trackers.

3. Purposes and legal bases

Providing the service (account, training, progress, web/mobile sync) — performance of the contract.

Sending emails and notifications related to your activity (reminders, milestones, streaks) — your consent, revocable at any time in the notification preferences.

Ensuring security, preventing fraud and fixing errors — legitimate interest.

Measuring website audience in an aggregated, cookieless way — legitimate interest.

Your data is never sold, never shared for advertising purposes, and never used to train third-party models.

4. Processors

We rely on technical providers acting under instruction: Supabase (authentication and database), Vercel (hosting), Resend (email delivery), Google Firebase (push notifications), Sentry (error monitoring) and PostHog (cookieless analytics).

Some of these providers may process data outside the European Union; such transfers are covered by appropriate safeguards (standard contractual clauses).

5. Retention

Your data is kept for as long as your account is active.

Account deletion: deletion is scheduled with a 30-day grace period (during which you can cancel it by signing back in), after which your data is permanently erased.

Technical logs are kept only as long as necessary for security.

6. Your rights

You have the rights of access, rectification, erasure, restriction, objection and portability.

Directly in the app: export all your data (JSON) and delete your account from Profile → Account management. You can also update your information at any time.

For any other request: support@preptoeic.com. You may also lodge a complaint with your supervisory authority (in France, the CNIL — cnil.fr).

7. Cookies

The website only uses strictly necessary cookies (login session). Audience measurement works without cookies. No advertising cookies are set.

8. Changes

This policy may evolve with the service. The update date appears at the top of the page; in case of substantial change, we will inform you.