Privacy Policy

Last updated: April 4, 2026

1. Who we are

FullPracticeTests ("we", "us", "our") operates fullpracticetests.com, a TOEFL exam preparation platform. For any privacy questions, contact us at privacy@fullpracticetests.com.

2. What data we collect

  • Account data: email address, display name, password (hashed by Supabase — we never see it).
  • Exam data: your answers to exam questions, scores, and AI-generated feedback reports.
  • Usage data: pages visited, session timestamps. Collected via Vercel Analytics (anonymous, no cross-site tracking).
  • Payment data: handled entirely by Stripe. We store only your Stripe customer ID — no card numbers ever touch our servers.

3. How we use your data

  • To provide exam scoring and feedback.
  • To maintain your score history and progress dashboard.
  • To process payments via Stripe.
  • To send transactional emails (score ready, password reset) via Resend.
  • We do not sell your data. We do not use it for advertising.

4. Third-party services

Your data passes through the following services under their respective privacy policies:

  • Supabase — database and authentication (EU/US regions).
  • OpenAI — your writing essay text is sent to OpenAI's API for grading. OpenAI does not use API data to train models by default.
  • Stripe — payment processing.
  • Vercel — hosting and analytics.
  • Resend — transactional email.

5. Data retention

We retain your account and exam data for as long as your account is active. Exam answer text (raw responses) is deleted after 12 months. Scores and feedback reports are kept indefinitely unless you delete your account.

6. Your rights (GDPR / CCPA)

You have the right to:

  • Access all data we hold about you.
  • Delete your account and all associated data — use the "Delete Account" option in Settings.
  • Export your data — contact us at privacy@fullpracticetests.com.
  • Object to processing — contact us and we will stop.

EU residents may lodge a complaint with their local supervisory authority.

7. Cookies

We use a single authentication cookie set by Supabase to keep you logged in. We do not use tracking or advertising cookies. You can clear this cookie by signing out.

8. Security

All data is transmitted over HTTPS. Passwords are hashed by Supabase (bcrypt). We apply row-level security policies so each user can only access their own data.

9. Children

FullPracticeTests is not directed at children under 13. We do not knowingly collect data from children.

10. Changes

We may update this policy. Significant changes will be notified by email. Continued use after changes constitutes acceptance.