Privacy Policy

1. Introduction

Engineer Exams ("we," "us," "our," or "Company") operates engineerexams.com and related international domains (collectively, the "Service"). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy applies to all information collected through our Service and applies to all users worldwide, including those in the United States, European Union, Mexico, Taiwan, South Korea, Japan, Australia, Singapore, and all other jurisdictions.

Company Information:
Engineer Exams
Contact: privacy@engineerexams.com

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password (encrypted)
• Profile Information: Optional profile details you choose to provide
• Payment Information: Payment card details processed by Stripe (we do not store full card numbers)
• Communication Data: Messages you send to us through contact forms or support channels

2.2 Information Automatically Collected

• Usage Data: Exam performance, study patterns, progress tracking, domain scores
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies (see Cookie Policy below)
• Log Data: Access times, pages viewed, clicks, errors

2.3 Information From Third Parties

• Authentication Providers: If you sign in with Google or Microsoft, we receive basic profile information
• Payment Processors: Stripe provides transaction confirmation data
• Analytics Services: Aggregated usage statistics (no personal identification)

3. How We Use Your Information

We process your personal information for the following purposes based on legitimate business interests, contractual necessity, and your consent:

• Service Delivery: Provide access to practice exams, track your progress, deliver domain-level performance insights
• Account Management: Create and manage your account, process authentication, handle subscription management
• Payment Processing: Process payments, prevent fraud, issue invoices
• Communication: Send transactional emails (password resets, receipts), respond to support requests
• Service Improvement: Analyze usage patterns, improve question quality, optimize user experience
• Marketing: Send promotional emails about new certifications or features (with your consent; you may opt out)
• Legal Compliance: Comply with legal obligations, enforce our terms, protect our rights
• Security: Detect fraud, prevent abuse, ensure platform security

4. Legal Basis for Processing (GDPR)

For users in the European Union, United Kingdom, and European Economic Area, we process your data based on:

• Contractual Necessity: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Service improvement, fraud prevention, business analytics (balanced against your rights)
• Consent: Marketing communications, non-essential cookies (you can withdraw consent anytime)
• Legal Obligations: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following limited circumstances:

5.1 Service Providers

• Clerk: Authentication and user management
• Stripe: Payment processing
• Microsoft Azure: Database hosting and cloud infrastructure
• Vercel: Application hosting

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, safety, or property.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Our infrastructure is primarily located in the United States (Microsoft Azure, Vercel). If you access our Service from outside the US, your data will be transferred to and processed in the United States.

For EU users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data. All our service providers are compliant with GDPR requirements.

For users in South Korea, Japan, Singapore, Australia, and other jurisdictions, we ensure appropriate safeguards are in place for international transfers as required by local data protection laws.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active plus 30 days after deletion
• Exam Performance Data: Retained while your account is active plus 90 days
• Payment Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion
• Log Data: Retained for 90 days unless needed for security or legal purposes

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 All Users

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and data
• Opt-Out: Unsubscribe from marketing emails

8.2 GDPR Rights (EU/UK/EEA)

• Right to Erasure: "Right to be forgotten" in certain circumstances
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 CCPA Rights (California)

• Right to Know: Request disclosure of data collection and sharing practices
• Right to Delete: Request deletion of personal information (with exceptions)
• Right to Opt-Out: Opt-out of "sale" of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

8.4 Other Jurisdictions

Users in Mexico, Taiwan, South Korea, Japan, Australia, Singapore, and other jurisdictions have similar rights under local laws (LFPDPPP, PDPA, PIPA, APPI, Privacy Act). Contact us to exercise your rights.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@engineerexams.com
• Account Settings: Manage preferences directly in your account dashboard

We will respond to your request within 30 days (or as required by local law).

9. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data transmitted via HTTPS/TLS encryption
• Database Security: Encrypted Azure SQL Database with firewall protection
• Password Security: Passwords hashed using bcrypt with strong encryption
• Access Controls: Role-based access, minimum necessary principle
• Regular Audits: Security assessments and vulnerability testing
• Third-Party Compliance: All vendors meet SOC 2, ISO 27001, or equivalent standards

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not intended for users under 16 years of age (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@engineerexams.com. We will delete such information within 30 days.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our Service:

Essential Cookies

Required for Service functionality (authentication, session management, security). These cannot be disabled.

Analytics Cookies

Help us understand how users interact with our Service (aggregated, anonymized data). You can opt-out via our cookie banner.

Preference Cookies

Remember your settings and preferences. You can opt-out via our cookie banner.

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality.

12. Do Not Track Signals

We honor Do Not Track (DNT) browser signals. When DNT is enabled, we do not track your browsing activity across websites or collect data for targeted advertising.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

15. Jurisdiction-Specific Provisions

South Korea (PIPA)

Korean users have enhanced rights under the Personal Information Protection Act, including the right to request suspension of processing and the right to supplementary personal information protection measures.

Japan (APPI)

Japanese users are protected under the Act on the Protection of Personal Information. We obtain explicit consent for cross-border data transfers and provide rights to disclosure, correction, and suspension of use.

Singapore (PDPA)

Singapore users are protected under the Personal Data Protection Act. We comply with data protection obligations including consent, purpose limitation, and notification requirements.

Australia (Privacy Act)

Australian users are protected under the Privacy Act 1988 and Australian Privacy Principles (APPs). We comply with requirements for cross-border disclosure and data breach notification.