Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Display name (if provided)
• Password (encrypted and stored securely via Supabase)
• Authentication provider (Google, if using social login)
• Account creation date and access level

1.2 Usage Data and Progress Tracking

To provide our flashcard service and track your learning progress, we collect:

• Case study progress, ratings (3-star performance system), and quality ratings (thumbs up/down)
• Last viewed case and session statistics
• Time spent on the platform and features used
• Search queries and filter preferences
• Theme preferences (dark/light mode)
• Device and browser information for compatibility
• IP address and general location (country/region)

1.3 Payment Information

For premium tier purchases:

• Payment processing is handled entirely by Stripe - we never store your credit card information
• We receive transaction confirmations, purchase amounts, and subscription status from Stripe
• Purchase records including tier level, amount paid, and transaction dates
• Stripe session IDs for transaction tracking and customer support

2. How We Use Your Information

We use your information to:

• Provide and maintain the Case Interview Flashcards service
• Track your learning progress and personalize your study experience
• Control access to premium content based on your tier (Free: 5 cases, Tier 1: 15 cases, Tier 2: 60 cases, Tier 3: 150 cases)
• Process payments through Stripe and manage tier upgrades
• Send important updates about your account or the service
• Improve our platform, develop new features, and analyze usage patterns
• Ensure security, prevent fraud, and maintain service performance
• Comply with legal obligations

3. Information Sharing and Third-Party Services

We do not sell your personal information. We work with the following trusted service providers:

3.1 Essential Service Providers

• Supabase: Database hosting, user authentication, and real-time data synchronization (PostgreSQL with Row Level Security)
• Stripe: Secure payment processing and subscription management
• Railway: Web application hosting and infrastructure
• Google Analytics 4: Website analytics with cross-domain tracking (anonymized data)
• GoDaddy: Domain registration and DNS services

3.2 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or the safety of our users.

3.3 Business Transfers

If Case Prep is acquired, merged, or undergoes a business transfer, your information may be transferred as part of that transaction.

4. Data Security and Protection

We implement multiple layers of security:

• Encryption: All data is encrypted in transit (HTTPS/SSL) and at rest
• Database Security: Supabase PostgreSQL with Row Level Security ensuring user data isolation
• Authentication Security: Secure password hashing and session management
• Payment Security: PCI DSS compliant payment processing through Stripe
• Infrastructure Security: Railway hosting with automatic security updates
• Access Controls: Limited access to personal data on a need-to-know basis

5. Your Rights and Choices

5.1 Account Access and Control

You can access and update your account information, progress data, and preferences at any time through your account dashboard.

5.2 Data Deletion

You can request deletion of your account and associated data by contacting us. Note that some information may be retained for legal, security, or operational purposes (e.g., payment records for tax compliance).

5.3 Data Portability

You can request a copy of your personal data and progress information. We can provide this in a structured, machine-readable format.

5.4 Marketing Communications

We currently send only essential account-related communications. Any future marketing emails will include clear opt-out mechanisms.

5.5 Analytics Opt-Out

You can opt out of Google Analytics tracking through your browser settings, Google's opt-out tools, or browser extensions.

6. Cookies and Similar Technologies

We use cookies and similar technologies to:

• Keep you logged in and maintain your session
• Remember your preferences (theme, progress, settings)
• Analyze usage patterns and improve user experience
• Track performance and identify technical issues

Essential cookies are required for the service to function. You can control non-essential cookies through your browser settings, but some features may not work properly if disabled.

7. Data Retention

We retain your information as follows:

• Account Data: Until you delete your account or request deletion
• Progress Data: Retained to provide continuous service across sessions
• Payment Records: Retained for tax and legal compliance (typically 7 years)
• Analytics Data: Aggregated and anonymized, retained for service improvement

8. International Data Transfers

Your information may be processed in countries other than your own, including the United States (where our service providers operate). We ensure appropriate safeguards are in place for international transfers, including:

• Service providers with adequate data protection standards
• Contractual commitments for data protection
• Compliance with applicable data transfer regulations

9. Children's Privacy

Our service is designed for users preparing for professional careers and is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately for removal.

10. Third-Party Links and Integrations

Our service may contain links to third-party websites or integrate with external services. We are not responsible for the privacy practices of these external sites or services. Please review their privacy policies separately.

11. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, or legal requirements. We will:

• Notify you of material changes via email or through the service
• Post the updated policy with a new "Last updated" date
• Obtain consent for material changes where required by law

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us About Privacy

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

13. Legal Basis for Processing (GDPR Compliance)

If you are in the European Union, our legal basis for processing your information includes:

• Contract Performance: To provide the flashcard service you requested
• Legitimate Interest: To improve our service, ensure security, and analyze usage
• Consent: For analytics and any future marketing communications
• Legal Obligation: To comply with applicable laws (e.g., tax record keeping)

This privacy policy is specific to Case Interview Flashcards and reflects our commitment to protecting your personal information while providing an effective learning platform for case interview preparation.