Legal

Privacy Policy

Last updated: January 1, 2025

LegitExam (“we”, “us”, or “our”) operates legitexam.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed password. If you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

Payment Information

Payments are processed exclusively through Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe provides us with a customer ID and subscription status. For Stripe’s privacy practices, see stripe.com/privacy.

Usage Data

We automatically collect information about how you interact with the Service, including: pages visited, questions answered, time spent per question, exam domains practiced, answer accuracy, and device/browser information (IP address, user agent, screen resolution).

Cookies

We use session cookies for authentication (to keep you signed in) and local storage to persist your practice progress between sessions. We do not use advertising or tracking cookies from third parties.

2. How We Use Your Information

  • To provide the Service: authenticate your account, track practice progress, and deliver exam content.
  • To process payments: manage your subscription through Stripe, handle billing, and enforce access controls.
  • To improve the Service: analyze usage patterns to identify popular exams, fix bugs, and improve question quality.
  • To communicate with you: send transactional emails (purchase confirmations, password resets). We do not send marketing emails without your explicit consent.
  • To enforce our Terms: detect and prevent abuse, fraud, or violations of our acceptable use policy.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • Service providers: Stripe (payment processing), Supabase/PostgreSQL (database hosting), Vercel (hosting and edge functions). These providers are contractually bound to protect your data.
  • Legal requirements: if required by law, court order, or government authority.
  • Business transfer: if LegitExam is acquired or merged, your data may be transferred as part of that transaction. You will be notified via email before your data is transferred.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required for legal or financial compliance (e.g., payment records are retained for 7 years per tax law requirements).

Anonymized, aggregated usage data (e.g., overall exam completion rates) may be retained indefinitely and is not linked to any individual user.

5. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that inaccurate data be corrected.
  • Deletion: request deletion of your personal data (“right to be forgotten”).
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing of your personal data in certain circumstances.
  • CCPA (California residents): you have the right to know what personal information is collected and to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@legitexam.com. We will respond within 30 days.

6. Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, bcrypt password hashing, and database access controls. No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information, we will notify you within 72 hours.

7. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

9. Contact

For privacy questions or requests, contact us at:
privacy@legitexam.com
LegitExam · legitexam.com