PrepXam

Legal

Privacy policy

How PrepXam collects, uses, and protects your personal information.

Effective 30 March 2026 · Last updated 30 March 2026

This Privacy Policy describes how PrepXam (“we”, “us”, “our”) handles personal information when you use our Android application (com.prepxam.prep_xam) and the services we operate to power your account, tests, and analytics.

Contact (privacy): privacy@prepxam.app — replace this address with your production support email before publishing.

1. Who we are

PrepXam provides MCQ-based exam preparation features (including timed tests, topic practice, score history, analytics, streaks, and optional subscription features via Google Play). The legal entity responsible for processing personal data (“controller”) should be identified in your Google Play listing and company records; update this section with your registered business name and address where required.

2. Information we collect

  • Account & authentication: email address; one-time passwords (OTP) for sign-in; session tokens after verification; optional profile fields you choose to provide (for example name, phone, city, region, country).
  • Usage & learning data: exam preferences; test sessions; answers submitted for scoring; results, accuracy, and timing metadata; analytics used to show weak/strong topics and recommendations; gamification data such as streaks and leaderboard entries tied to your account.
  • Subscriptions & purchases: subscription status and purchase tokens or identifiers as required to validate entitlements through Google Play Billing (processed in line with Google’s policies).
  • Technical & security data: server logs (for example IP address, timestamps, error diagnostics) and data needed to secure accounts, prevent abuse, and operate the service.

We do not knowingly collect sensitive categories of data beyond what you submit in your profile or as needed to run the app. Do not submit information you are not comfortable storing on our systems.

3. How we use information

We use personal information to:

  • create and secure your account, send OTPs, and maintain sessions;
  • deliver tests, scoring, analytics, streaks, leaderboards, and related features;
  • process subscriptions and verify purchases through Google Play where applicable;
  • maintain security, detect fraud or misuse, troubleshoot, and improve reliability;
  • comply with law and respond to lawful requests.

We do not sell your personal information. We do not use your data for automated decision-making that produces legal or similarly significant effects beyond normal app scoring and recommendations.

4. Legal bases (where GDPR / UK GDPR applies)

Depending on context we rely on: performance of a contract (providing the service you request); legitimate interests (security, fraud prevention, service improvement); consent where required; or legal obligation. You may withdraw consent where processing is consent-based, subject to limitations needed to provide the service.

5. Sharing and processors

We may share data with:

  • Infrastructure providers who host our servers, databases, and caches (for example cloud and email delivery), under contractual obligations to protect data.
  • Google for Google Play distribution, billing, and device-related services you use through the app, subject to Google’s policies.

We may disclose information if required by law or to protect rights, safety, and security.

6. International transfers

If servers or processors are located outside your country, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required by applicable law.

7. Retention

We retain data only as long as needed for the purposes above. See our Data retention policy for category-specific periods and deletion practices.

8. Security

We implement administrative, technical, and organisational measures to protect personal data. Details are in our Data security policy.

9. Your rights

Subject to applicable law, you may have rights to access, rectify, delete, restrict or object to processing, data portability, and to lodge a complaint with a supervisory authority. To exercise rights, contact us at the email above from your registered account email where possible.

10. Children

PrepXam is not directed at children under 13 (or the age required by your region). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it promptly.

11. Changes

We may update this policy from time to time. We will post the new version on this page and update the “Last updated” date. Material changes may require additional notice as required by law or Google Play policies.