Logo

Privacy Policy

Last updated: 9/18/2025

1. Introduction

HRExamPrepPro ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform for SHRM exam preparation.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

  • Create an Account: Email address, full name, password (encrypted)
  • Use Our Services: Study preferences, exam goals, target certification
  • Make Payments: Billing information processed through Stripe
  • Contact Support: Communications through Discord or email
  • Participate in Community: Discord username and interactions

2.2 Information Automatically Collected

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent studying
  • Performance Data: Quiz scores, practice exam results, progress metrics
  • Device Information: IP address, browser type, operating system
  • Technical Data: Session information, error logs, feature usage

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide personalized content and recommendations

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Provide access to practice exams and study materials
  • Track your study progress and performance
  • Generate personalized study recommendations
  • Maintain your account and preferences

3.2 Communication

  • Send service-related notifications and updates
  • Provide customer support and respond to inquiries
  • Send educational content and study tips (with consent)
  • Notify you of important service changes

3.3 Business Operations

  • Process payments and manage subscriptions
  • Analyze platform usage to improve our services
  • Detect and prevent fraud or security threats
  • Comply with legal obligations and enforce our Terms

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Third-Party Service Providers

We share information with trusted service providers who assist us in operating our platform:

  • Stripe: Payment processing and subscription management
  • Supabase: Database hosting and authentication services
  • Vercel: Website hosting and content delivery
  • Discord: Community platform for peer support
  • Analytics Providers: Platform usage analysis and performance monitoring

These providers are contractually bound to protect your information and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal process or government requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Protect users from harm or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Retention and Deletion

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Study Progress: Retained to provide continuous learning experience
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Support Communications: Retained for 3 years for quality assurance

When you delete your account, we will remove your personal information within 30 days, except for data we are legally required to retain.

6. Your Privacy Rights

6.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal information
  • Portability: Export your data in a machine-readable format
  • Objection: Object to certain processing of your information

6.2 GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to restriction of processing
  • Right to data portability
  • Right to object to automated decision-making
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

6.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to access your personal information
  • Right to equal service and price, even if you exercise your privacy rights

7. Cookie Policy

7.1 Types of Cookies We Use

  • Essential Cookies: Required for basic platform functionality
  • Authentication Cookies: Maintain your login session
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand platform usage patterns

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit platform functionality. You can:

  • Block all cookies in your browser settings
  • Delete existing cookies from your device
  • Set preferences for specific types of cookies

8. Data Security

We implement comprehensive security measures to protect your information:

8.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure authentication and authorization systems
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for administrative access

8.2 Organizational Safeguards

  • Limited access to personal information on a need-to-know basis
  • Regular security training for team members
  • Incident response procedures for security breaches
  • Regular review and update of security policies

8.3 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours and take immediate steps to mitigate the impact.

9. International Data Transfers

Your information may be processed and stored in countries other than your country of residence. We ensure that any international transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent protection levels
  • Other lawful transfer mechanisms as required

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately so we can remove such information.

11. Third-Party Links and Services

Our platform may contain links to third-party websites and services. This Privacy Policy does not apply to information collected by third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website
  • Update the "Last updated" date at the top of this policy
  • Notify you by email of material changes
  • Provide 30 days' notice before material changes take effect

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For General Privacy Questions:

  • Email: privacy@examprepro.com
  • Through our Discord community support channels
  • Via the contact form on our website

For Data Subject Requests:

To exercise your privacy rights or submit data subject requests:

  • Email: privacy@examprepro.com with "Data Subject Request" in the subject line
  • Include your full name and email address associated with your account
  • Specify the nature of your request (access, correction, deletion, etc.)

For GDPR-Specific Concerns (EU Residents):

  • Email: gdpr@examprepro.com
  • Data Protection Officer contact (if applicable)

We will respond to all privacy-related inquiries within 30 days, or sooner as required by applicable law.