CISA Prep
Privacy Policy
Last updated: April 13, 2026
This Privacy Policy explains how CISA Prep ("we," "our," or "the App") collects, uses, and protects your information. By using the App, you agree to the practices described below.
1. Data We Collect
We collect only the data necessary to provide a functional study experience:
| Data | Purpose | Required? |
|---|---|---|
| Email address | Account creation and authentication | Yes (for accounts) |
| Study progress | Questions answered, scores, time spent per question | Automatic |
| Display name | Personalization | Optional |
| Target exam date | Countdown reminders and study pacing | Optional |
| Subscription status | Feature access control | Automatic |
| Notification preferences | Study reminder scheduling | Optional |
We do not collect: location data, contacts, photos, device identifiers (IDFA/AAID), health data, or browsing history.
2. How We Use Your Data
- Calculate your readiness score and track study progress across domains
- Sync progress across your devices
- Schedule study reminders and exam countdown notifications
- Process subscription purchases (via Apple App Store / Google Play)
- Improve the App based on aggregated, anonymized usage patterns
We do not use your data for advertising. We do not sell, rent, or share your personal data with third parties.
3. Service Providers
We use the following third-party services to operate the App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and database | Email, profile data, study progress |
| RevenueCat | Subscription management | User ID, purchase receipts |
| Expo | Push notifications | Device push token (anonymized) |
Each provider processes data under their own privacy policy, linked above.
4. Data Storage and Security
- Server storage: Supabase (hosted on AWS, US East region). All data transmitted over HTTPS. Row-level security enforced — you can only access your own data.
- Local storage: Questions and progress stored in an on-device SQLite database, sandboxed by the operating system. Authentication tokens stored in the device Keychain (iOS) or Keystore (Android).
- Sync: Local progress syncs to the server when the device is online. Conflict resolution uses last-write-wins by timestamp.
5. Your Rights
Under GDPR, CCPA, and similar regulations, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and all associated data
- Export your data
- Opt out of analytics collection
To exercise any of these rights, contact us at [email protected].
6. Account Deletion
You can delete your account at any time from Profile → Settings → Delete My Account. This permanently removes from our servers:
- Your profile information
- All study progress and quiz history
- Session records
- Subscription association (active subscriptions must be cancelled separately through your device's account settings)
This action cannot be undone.
7. Children's Privacy
This App is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data is removed from our servers within 30 days. Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for product improvement.
9. Changes to This Policy
We may update this Privacy Policy when our practices change. We will notify you of material changes through the App. Continued use after changes constitutes acceptance of the revised policy.
10. Contact
For privacy-related questions or data requests, contact us at [email protected].