Privacy Policy

When you create an account, we collect:

• Email address — used for authentication and account recovery
• Name (optional) — used to personalise your dashboard
• Password — stored as a salted hash (bcrypt), never in plain text

When you use the platform, we collect:

• Test results — scores, categories, pass/fail status for your progress tracking
• Payment information — processed by Stripe; we never see or store your card details

We use your information to:

• Provide and maintain your account
• Track your test history and progress
• Process payments through Stripe
• Improve the platform based on aggregate usage patterns

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Your data is stored securely in a PostgreSQL database. Passwords are hashed using bcrypt with a salt factor of 12. Sessions are managed using signed JWT tokens stored in HTTP-only cookies.

Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. We only store your Stripe customer ID for reference — never your card number.

We use a single essential cookie (ctp_session) to maintain your login session. This is an HTTP-only, secure cookie that expires after 30 days. We do not use tracking cookies or third-party analytics cookies.

Under the Australian Privacy Act 1988, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Complain to the Office of the Australian Information Commissioner (OAIC)