Back to Home

Privacy Policy

Last updated: April 25, 2026

MyCitizenPrep ("we", "our", "the Service") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

We collect the following information when you use MyCitizenPrep:

  • Account information: Your name, email address, and password (stored as a one-way cryptographic hash — we cannot see your password).
  • Google OAuth data: If you sign in with Google, we receive your name, email address, Google account identifier, and profile photo URL from Google. We do not receive or store your Google password. Google's privacy policy applies to their handling of your data: policies.google.com/privacy.
  • Study progress: Your answers, quiz scores, mastery status, and streak data for each question.
  • Payment information: Payment details are collected and processed directly by Stripe. We never see, receive, or store your credit card number, CVV, or full payment details on our servers. We only receive a payment confirmation and a Stripe customer identifier.
  • Usage data: Basic technical information such as browser type, IP address, access times, and pages viewed. This data is used for analytics and security purposes and is automatically purged after 90 days.
2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service, including tracking your study progress
  • Process your $19.95 one payment through Stripe
  • Send essential account-related emails (payment confirmation, password reset, account expiration reminders)
  • Improve the Service and fix technical issues
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not send marketing emails. We do not share your data with advertisers. We do not use third-party tracking or analytics cookies.

3. Payment Processing

Payments are processed by Stripe, Inc. When you make a purchase, your payment information is sent directly from your browser to Stripe's servers. We never see or handle your card details. Stripe is PCI DSS Level 1 certified — the highest level of security certification in the payments industry. Stripe's privacy policy is available at stripe.com/privacy.

4. Account Expiration Emails

If you have a paid account and do not log in for an extended period, we will send reminder emails to the address on your account at 30, 15, 7, 3, 2, and 1 day(s) before your account is scheduled for deletion (180 days of inactivity). These are transactional emails necessary for the operation of the Service, not marketing communications. You cannot opt out of these emails while you have an active paid account, as they are essential to preventing data loss.

5. Cookies

MyCitizenPrep uses only essential cookies required for the Service to function:

  • Session cookie: Keeps you logged in during your visit
  • CSRF token: Protects against cross-site request forgery attacks

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking services.

6. Data Retention and Deletion

Your account and study progress data are retained for as long as your account is active. If your account is deleted due to 180 days of inactivity, all associated data is permanently deleted, including your name, email, study progress, and payment records. This deletion is irreversible.

You may also request manual deletion of your account and all associated data at any time by contacting us at [email protected]. We will process deletion requests within 30 days.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Passwords stored as cryptographic hashes (bcrypt) — never in plain text
  • Payment processing handled entirely by Stripe (PCI DSS Level 1)
  • CSRF protection on all forms
  • Admin access restricted by email whitelist

However, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you via email within 72 hours.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • California residents (CCPA): You have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your data.
  • EEA/UK residents (GDPR): You have the right to access, correct, or delete your personal data, restrict processing, and data portability. Our legal basis for processing is contract performance (providing the Service you paid for) and legitimate interest (improving the Service and preventing fraud).
  • All users: You may request a copy of your data or request deletion at any time.

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

MyCitizenPrep is not directed to children under 18. You must be at least 18 years old to create an account. We do not knowingly collect information from anyone under 18. If we learn that we have collected such information, we will delete it promptly.

10. Third-Party Services

The Service integrates with the following third-party services:

  • Stripe — payment processing (privacy policy)
  • Google — optional sign-in via OAuth (privacy policy)
  • Google Fonts — web font delivery (no personal data collected)
  • Cloudflare — CDN, security, and performance (privacy policy)

Each third-party service has its own privacy policy governing their handling of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For material changes, we will notify registered users via email. We encourage you to review this page periodically.

12. Contact

If you have questions about this Privacy Policy, please contact us at [email protected].