Privacy Policy

This Privacy Policy describes how ExamRecall collects, uses, and shares information about you when you use our service. If you don't agree with this policy, don't use the service.

Account information. When you sign up, we collect your email address and any name you provide. Authentication is handled by Clerk; we don't see or store your password.

Study progress. We track which questions you've answered, your answers, your mock exam scores, your selected state, and your target exam date. This is what powers your readiness score and the spaced-repetition review queue.

Payment information. When you purchase ExamRecall, payment is processed by Stripe. We receive a customer ID and a payment intent ID from Stripe and store them on your profile so we can process refunds. We do not store your card number, expiration, or CVV — those go directly to Stripe.

AI tutor conversations. When you use the AI tutor, your messages are sent to Anthropic for processing. We store the conversation history on your account so you can refer back to it.

Usage data. We may use third-party tools to analyze site usage and monitor application errors. These tools collect anonymized technical data (pages visited, session duration, browser type) and do not include advertising trackers or sell data to third parties.

Technical data. Like most web services, we receive IP addresses, user-agent strings, and similar metadata in HTTP requests. We use this for security and operational purposes.

We use the information we collect to:

• Operate the service (authenticate you, save your progress, run quizzes, generate readiness scores);
• Process your payment and any refunds;
• Provide customer support;
• Send service-related emails (account confirmations, refund decisions, security alerts);
• Improve the product based on aggregated usage patterns;
• Detect and prevent fraud, abuse, and violations of our Terms;
• Comply with legal obligations.

We do not sell your personal information. We do not use it for advertising. We do not share it with insurance companies or recruiters.

We rely on a small set of vendors to operate the service. Each handles a narrow slice of your data and is contractually obligated to protect it.

• Clerk — authentication. Receives your email and any sign-in metadata. Privacy policy: clerk.com/privacy
• Supabase — database hosting. Stores your account, progress, and payment metadata. Privacy policy: supabase.com/privacy
• Stripe — payment processing. Receives your card details directly; sends us a customer ID and payment metadata. Privacy policy: stripe.com/privacy
• Vercel — hosting and edge delivery. Receives HTTP request metadata. Privacy policy: vercel.com/legal/privacy-policy
• Anthropic — AI tutor backend. Receives the text of your tutor conversations to generate responses. Privacy policy: anthropic.com/legal/privacy
• Analytics / error monitoring — we may use third-party tools to analyze usage and monitor errors. Any such tools receive only anonymized data and are not used for advertising.

We keep your account and study progress for as long as your account is active. If you close your account or your account is terminated, we delete or anonymize personal data within 90 days, except where we're required to retain it for legal, tax, or fraud-prevention purposes (e.g., payment records under tax law).

Anonymized aggregate data (e.g., "X% of users in Texas pass on their first attempt") may be retained indefinitely.

You can access, update, or download your account data by emailing hello@examrecall.com. We respond within 30 days.

California residents (CCPA / CPRA): You have the right to know what personal information we collect, request deletion of your information, opt out of the sale of personal information (we don't sell it), and not be discriminated against for exercising these rights. Submit requests to the email above.

EU/EEA / UK residents (GDPR): You have the right to access, correct, delete, and port your personal data, and to object to or restrict its processing. Our legal basis for processing your data is the performance of our contract with you (Article 6(1)(b) of the GDPR) and our legitimate interests in operating and improving the service.

ExamRecall is intended for adults preparing for insurance licensing exams or the CFP® Certification Exam. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a child, we delete it. Contact us at hello@examrecall.com if you believe a child has provided us with information.

We use industry-standard practices to protect your data: encrypted connections (HTTPS/TLS), encrypted database storage, limited employee access, and regular security reviews. No system is perfectly secure, but we work hard to minimize risk and notify users promptly in the unlikely event of a breach affecting their data.

We use cookies and local storage for authentication (Clerk session) and to remember your preferences (selected state or exam product). We may use cookies for anonymized usage analytics. We do not use advertising cookies or share data with ad networks.

If we make material changes to this Privacy Policy, we'll notify you by email at least 14 days before the change takes effect. Continuing to use ExamRecall after changes take effect means you accept the updated policy.

Questions about your privacy or this policy? Email hello@examrecall.com. We answer every privacy email personally.