Privacy Policy

VoltExam (“VoltExam,” “we,” “our,” or “us”) builds certification exam prep tools for tradespeople. This Privacy Policy explains what personal information we collect when you use voltexam.com (the “Site”) and our mobile applications (the “Apps”), how we use it, who we share it with, and the choices you have.

By using VoltExam you agree to the practices described in this policy. If you do not agree, please do not use the Site or Apps.

1. Information We Collect

1.1 Information You Provide

• Account information — email address and display name collected during sign-up via Clerk, our authentication provider.
• Payment information — billing and payment card details collected and processed exclusively by Stripe. We never see, store, or transmit your full card number, CVV, or complete billing address. We receive only a Stripe customer ID and subscription status token.
• Support communications — if you contact us by email, we retain that correspondence to resolve your issue and improve our service.

1.2 Information We Collect Automatically

• Study session data — quiz scores, trade identifiers, question responses, and session timestamps stored in our database (Supabase) to power your progress dashboard.
• Usage analytics — page views, feature interactions, and session metadata collected via Vercel Analytics and Google Analytics (GA4). IP addresses are anonymized. No directly identifying information is intentionally included in analytics events.
• Ad-performance data — if you arrived via a Facebook or Instagram ad, Meta Pixel records the page visit and any conversion event (e.g., checkout completion) to measure ad effectiveness. See Section 3 for opt-out options.
• Log data — standard server logs including IP address, browser type, referring URL, and pages visited. Retained for up to 90 days for security and debugging purposes.

1.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies on the Site. Here is what each category does and how you can control it:

Do Not Track (DNT): Some browsers transmit a “Do Not Track” signal. Because there is no industry-wide standard for how websites must respond to DNT signals, we do not currently alter our data practices in response to DNT signals. You can use the cookie controls above to limit tracking.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account and authenticate you securely.
• Process your subscription or one-time purchase and manage billing.
• Display your study progress, scores, and session history.
• Send transactional emails (welcome, receipts, billing alerts) via Resend.
• Understand usage patterns to improve the platform.
• Measure the performance of paid advertising campaigns.
• Detect and prevent fraud, abuse, and unauthorized access.
• Comply with applicable legal obligations.

We do not use your data for third-party advertising profiling, and we do not sell your data to data brokers or advertisers.

3. Third-Party Data Processors

We use the following sub-processors to operate VoltExam. Each receives only the minimum data necessary for its function:

4. We Do Not Sell Your Data

VoltExam does not sell, rent, trade, or share your personal information with any third party for their own marketing or advertising purposes. This applies to all users, including California residents under the CCPA (see Section 9).

5. When We May Share Your Information

Outside of the sub-processors listed in Section 3, we may share your information only in the following circumstances:

• Legal compliance — if required by law, regulation, court order, or government authority, we will disclose the minimum information necessary.
• Safety — to protect the rights, property, or safety of VoltExam, our users, or the public.
• Business transfer — if VoltExam is acquired by or merges with another company, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site before your data is transferred and becomes subject to a different privacy policy.
• Consent — with your explicit prior consent for any other purpose.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

• Account & study data — retained while your account is active. Deleted from our database within 30 days of an account deletion request.
• Billing records — Stripe retains payment transaction records as required by financial regulations (typically 7 years). We retain your subscription status record for the same period for tax and audit purposes.
• Server logs — retained for up to 90 days for security and debugging, then deleted.
• Support emails — retained for up to 2 years to provide consistent support and for legal compliance.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

• HTTPS/TLS encryption for all data in transit.
• Supabase row-level security and encrypted storage at rest.
• Clerk’s enterprise-grade authentication infrastructure.
• Stripe’s PCI-DSS Level 1 compliant payment processing.
• Access controls limiting internal access to production data on a need-to-know basis.

No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by law — typically within 72 hours of becoming aware of the breach for EEA/UK residents, and within the timeframe required by applicable state law for US residents (e.g., California, New York). Notice will be provided via email to the address associated with your account and/or a prominent notice on the Site.

8. International Data Transfers

VoltExam is based in the United States. If you access our Site from outside the United States, your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using our services, you consent to this transfer. Where required by law (e.g., for EEA or UK residents), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses. Our sub-processors (Clerk, Supabase, Stripe, Vercel, Resend) each maintain their own international transfer safeguards — see their respective privacy policies for details.

9. Children’s Privacy

VoltExam is designed exclusively for adults (18+) pursuing professional certifications. We do not knowingly collect personal information from children under 13 (or under 16 for EEA/UK residents). If you believe a minor has created an account, please contact us immediately at arun@voltexam.com and we will promptly delete the account and all associated data.

10. Your Rights — EEA and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your account and associated data (“right to be forgotten”).
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to restrict processing of your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at arun@voltexam.com with the subject “Privacy Request.” We will respond within 30 days (or 72 hours for breach notifications). You also have the right to lodge a complaint with your local data protection authority.

11. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
• Right to Delete — request deletion of your personal information, subject to certain exceptions.
• Right to Correct — request correction of inaccurate personal information we hold about you.
• Right to Opt Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising. No opt-out is needed, but you may contact us to confirm.
• Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined by the CPRA.
• Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.

Categories of personal information collected in the past 12 months: identifiers (email address, name), commercial information (subscription type, purchase history), internet or other electronic network activity information (usage analytics, page views), and inferences drawn from the above (study progress, feature engagement).

To submit a CCPA request, contact us at arun@voltexam.com with the subject “CCPA Request.” We will respond within 45 days and may extend by an additional 45 days with notice. Authorized agents may submit requests on a consumer’s behalf with proper written permission.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the effective date at the top. For material changes — such as new data collection practices, new sub-processors, or new uses of existing data — we will provide at least 30 days’ advance notice via email or a prominent banner on the Site before the change takes effect. Your continued use of VoltExam after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any questions about this Privacy Policy, to exercise your rights, or to report a privacy concern, reach us at: arun@voltexam.com. We will respond within 30 days (sooner for time-sensitive matters such as data breach inquiries).