Privacy Policy

1. Introduction

CertAI ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use the CertAI mobile application ("App").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account.
• Study Data: Your quiz answers, practice exam results, study progress, and AI tutor conversation history.
• Subscription Information: Purchase records managed through Apple's App Store.

2.2 Automatically Collected Information

• Device Information: Device model, operating system version, and unique device identifiers.
• Usage Data: App usage patterns, study session duration, and feature interaction logs.
• Crash Reports: Technical diagnostics to improve app stability.

2.3 Information We Do NOT Collect

• Location data
• Contacts or address book
• Photos, camera, or microphone data
• Financial or payment card information (handled exclusively by Apple)

3. How We Use Your Information

• Personalized Learning: To provide spaced repetition scheduling, pass rate predictions, and AI tutor responses tailored to your study progress.
• Service Operation: To maintain your account, sync study data across devices, and process subscription status.
• Improvement: To analyze aggregated, anonymized usage patterns to improve the App's features and content.
• Communication: To send study reminders (if enabled) and important service notifications.

4. AI Tutor and Data Processing

The AI tutor feature sends your conversation messages to Azure OpenAI Service (Microsoft) for processing. This includes:

• Your questions and messages within the tutor chat
• The certification context you are studying for

We do not send your personal account information (name, email) to the AI service. Microsoft processes this data under their data processing agreement and does not use your data to train their models.

5. Data Storage and Security

• Study data is stored locally on your device and optionally synced to Supabase (cloud database with PostgreSQL) with row-level security.
• All network communications use TLS/SSL encryption.
• API keys and credentials are stored securely and never exposed in client-side code.
• We implement industry-standard security measures to protect against unauthorized access.

6. Data Sharing

We do not sell, trade, or rent your personal information. We share data only with:

• Azure OpenAI (Microsoft): For AI tutor functionality (conversation data only).
• Supabase: For cloud data storage and authentication (if you create an account).
• Apple: For subscription management through the App Store.

We may disclose information if required by law, regulation, or legal process.

7. Data Retention

• Active Account: Data is retained as long as your account is active.
• Guest Mode: Data is stored only on your device and deleted when you uninstall the App.
• Account Deletion: Upon request, we will delete your personal data within 30 days. Anonymized, aggregated data may be retained for analytics.

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your study data
• Opt out of study reminder notifications
• Use the App in guest mode without creating an account

9. Children's Privacy

CertAI is designed for adult professionals preparing for IT certifications. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: