Privacy Policy

1. Who we are

TestPrep Europe is the brand under which we provide standardised-test preparation, tutoring, question banks and practice tests to students across Europe. The data controller for the personal data described in this policy is the legal entity operating testprepeurope.com. You can reach us using the details on the contact page.

2. What data we collect

We collect only the data we need to deliver and improve our services:

• Account data — name, email address, password (stored hashed) and the locale of the site you registered on.
• Profile data — target exam, target score, study plan and any preferences you save in your dashboard.
• Learning data — practice-test attempts, question bank answers, AI tutor sessions and the results we use to give you feedback.
• Billing data — purchase history, invoice details and payment status. Card numbers are processed by Stripe; we never store full card numbers on our servers.
• Technical data — IP address, browser, device, language and basic usage events needed for security, debugging and product analytics.
• Communications — messages you send us via the contact form, email or WhatsApp, plus our replies.

3. Why we process it (legal bases)

Under Article 6 of the GDPR, we process your data on the following legal bases:

• Contract — to create your account, deliver the programmes you purchased and provide customer support.
• Legitimate interest — to keep the platform secure, prevent fraud, run aggregate analytics and improve the product.
• Consent — for non-essential cookies, marketing emails and any optional features you opt in to. You can withdraw consent at any time without affecting prior processing.
• Legal obligation — to keep accounting records and respond to lawful requests from authorities.

4. How long we keep it

Account, learning and billing data are retained while your account is active and for up to 10 years after closure to comply with tax and accounting laws. Technical logs are retained for a maximum of 12 months. You can request earlier deletion (see Section 7).

5. Who we share data with

We share data with carefully selected sub-processors, only to the extent needed to operate the service:

• Hosting & infrastructure — Vercel and Supabase (EU regions where available).
• Payments — Stripe.
• Email delivery — Resend.
• Analytics & product telemetry — Vercel Analytics and PostHog.
• AI tutor — model providers we route requests through (no payment or government-ID data is sent).

We do not sell your personal data. Where data is transferred outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or an equivalent safeguard.

6. Cookies

We use a small number of cookies for authentication, security and aggregate analytics. Details are in our Cookie Policy.

7. Your rights

Under the GDPR you have the right to access your data, correct it, have it erased, restrict or object to processing, request portability, and withdraw consent for any processing based on consent. You can exercise these rights by emailing us via the contact page. We will respond within one month.

You also have the right to lodge a complaint with your local data protection authority if you believe we are not handling your data lawfully.

8. Security

We protect personal data using industry-standard measures: HTTPS for all traffic, encryption at rest, hashed passwords, role-based access controls, audited admin actions and Row-Level Security on our database. No system can guarantee absolute security, but we treat incidents seriously and will notify you and the relevant authority where required by law.

9. Children

Our services are aimed at students aged 13 and above. If you are under 16, we ask that a parent or guardian register on your behalf and provide consent.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent revision. Material changes will be notified to you by email or via a banner on the site.