Privacy Policy | Mastery Exam Prep

1) Scope & Who We Are

MasteryExamPrep.com and the Mastery™ exam-prep apps are operated by Tokenizer Inc. (“we”, “us”, “our”). This Policy explains what we collect, how we use it, and the choices you have. It applies globally and includes jurisdiction-specific notes below.

Covered properties

Website: https://masteryexamprep.com
Mobile apps: Mastery™ on Apple App Store and Google Play

2) Data We Collect

Account & Profile

Name or alias, email, exam selections, study preferences. Sign-in via email/password or Apple/Google (Firebase Authentication).

Purchases & Subscriptions

Receipts and product metadata from the App Store / Google Play. We do not receive your card number.

Learning & Usage

Practice activity (answers, scores, time, bookmarks), progress sync, device/OS, app version, crash/diagnostic logs, and connectivity status.

Content You Submit

Notes, flags, feedback, and support messages.

Website Logs & Cookies

IP, user-agent, pages viewed, referrer, timestamps for reliability and security. We avoid tracking cookies; essential, short-lived cookies may store theme/consent.

Children’s Privacy

Not intended for children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from those age groups.

3) How We Use Data

Provide and improve features (practice, analytics, syncing, error recovery).
Operate subscriptions (receipt validation, restore purchases).
Personalize study plans and recommendations.
Security, fraud/abuse prevention, and performance.
Aggregate, privacy-friendly metrics to improve content and UX.
Legal, accounting, and tax compliance.

Legal bases (where applicable): consent, performance of a contract, legitimate interests (security, product improvement), and legal obligations.

4) Sharing & Processors

Service providers: Firebase/Google Cloud (auth, database, functions), hosting/CDN, email, privacy-preserving analytics (if enabled). They process data under our instructions.
App stores: Apple App Store / Google Play for billing and distribution.
Enterprise customers (if applicable): for managed deployments, we may share usage/progress with your organization’s admins per agreement.
Legal & safety: to comply with law, enforce terms, or protect rights, property, or safety.
Business transfers: in a merger, acquisition, or asset sale, data may transfer as permitted by law.

No selling of personal data: We do not sell or “share” personal information for cross-context advertising and we do not use third-party ad networks.

5) Retention

Account & learning data: kept while your account is active; deleted upon verified request or in-app deletion (subject to brief backup cycles).
Purchase records: retained as required for fraud prevention and tax/audit obligations.
Website logs: ~30 days (longer if investigating incidents).
Support emails: typically retained while the conversation is active or as required by law; deleted on request where feasible.

6) Security

We use administrative, technical, and physical safeguards appropriate to the data and risks (e.g., encrypted transport, access controls, environment segmentation, monitoring). No system is perfectly secure; please notify us promptly if you suspect unauthorized activity.

7) Cookies & Tracking

We use a small number of first-party cookies/technologies to operate our sites and understand usage. We do not run third-party ad networks or cross-site advertising.

Essential

Security, load balancing, basic preferences (e.g., theme, consent), session management. These cannot be disabled.

Analytics (GA4, minimal)

Optional, privacy-respecting analytics to improve features (page performance, aggregated usage).

Google Signals: disabled
Ads/remarketing: disabled
IP anonymization: enabled

Consent: In the EU/UK we request consent before setting analytics cookies. In Canada and other regions we may rely on legitimate interests for basic analytics; you can opt out at any time.

GA Opt-out Add-on

Our mobile apps do not use third-party advertising SDKs. App diagnostics/analytics are used to improve stability and features.

8) Your Privacy Rights

Access, Correction, Deletion

Request a copy of your data, corrections, or deletion. We verify identity before fulfilling requests. You can also delete your account in-app (Menu → Settings → Delete Account).

Opt-Outs & Preferences

Opt out of non-essential emails and limit analytics/cookies where offered. We do not sell personal data. For CPRA/CCPA requests, email us (see below).

Jurisdictional notes

Canada (PIPEDA): rights to access and correct personal information; contact us to exercise these rights.
EU/EEA & UK (GDPR/UK GDPR): rights include access, rectification, erasure, restriction, portability, and objection; you may lodge a complaint with your authority.
California (CCPA/CPRA): rights to know, delete, correct, and opt out of certain sharing. We do not “sell” personal information as defined by CCPA.

Submit a Privacy Request Request Account Deletion

9) International Data Transfers

We may process and store data in Canada, the United States, and other countries where our providers operate. When transferring personal data from the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses, as applicable.

10) Enterprise (B2B) Disclosures

For enterprise deployments, we typically act as a processor for end-user learning/assessment data and as a controller for account, billing, and platform operations data. A Data Processing Addendum (DPA) is available upon request.

11) Changes & Contact

We may update this Policy to reflect product, legal, or operational changes. We will revise the “Last updated” date and, where required, provide additional notice.

Contact Us

Questions, concerns, or rights requests:

support@masteryexamprep.com privacy@masteryexamprep.com

Mailing Address

Tokenizer Inc. — Privacy
137 Ellins Ave, York, ON, M6N 2B2
Canada

If you have an unresolved privacy concern, you may have the right to contact your local data protection authority.