Privacy Policy

Account data

Authentication currently uses local credentials with secure password hashing and session cookies. WhiteTests stores your email address and the account data needed to run your profile and progress tracking.

Usage data

We log question attempts, result status (correct/incorrect), time spent, and domain-level progress. This powers your readiness analytics.

Device & technical data

Standard server logs include IP address, browser user-agent, and timestamps. We use this only for security monitoring and abuse prevention, not ad targeting.

To deliver the service

Your progress data is used to calculate readiness scores, surface weak areas, award XP, and personalise adaptive question selection.

To communicate with you

We send transactional emails such as sign-in links, account notices, and billing receipts when applicable. You can unsubscribe from non-essential updates at any time.

To improve WhiteTests

Aggregated analytics help us understand which explanations are most helpful, where users get stuck, and how to improve the product.

Strictly necessary cookies

Session tokens and CSRF protection cookies are required for the service to function. These cannot be disabled.

Analytics

We use a privacy-focused analytics setup under our control. We do not send analytics data to ad networks. Optional analytics cookies can be declined at any time via the cookie banner.

No advertising cookies

We do not use advertising networks, retargeting pixels, or any third-party tracking cookies.

Core platform provider

WhiteTests is currently configured for local development with a local database and application runtime. If hosted infrastructure or third-party backend providers are added later, this policy will be updated before those services are used in production.

Billing provider (if subscribed)

If you purchase a paid plan, payment processing is handled by Stripe. Card details are processed directly by Stripe and are not stored by WhiteTests.

Email delivery

Transactional email delivery may involve trusted delivery infrastructure, limited to the data needed to send account-related messages.

Active accounts

We keep your data for as long as your account is active. You can request deletion of your account and associated data at any time.

After deletion

When deletion is requested, we remove account data from active systems and clear retained copies according to operational backup windows.

Access & portability

You can request a full export of your data (questions answered, XP history, progress) at any time by emailing privacy@whitetests.io.

Correction

You can update your display name and email directly in Settings. For other corrections, contact us.

Erasure

You can request deletion of your personal data at any time by contacting us at privacy@whitetests.io.

Objection & restriction

You can object to processing of your data or request that processing be restricted. Contact privacy@whitetests.io to exercise these rights.

Encryption

All data is encrypted in transit (TLS) and at rest through our infrastructure providers. WhiteTests does not store account passwords.

Access controls

Production database access requires multi-factor authentication and is restricted to a small number of engineers on a least-privilege basis.

Vulnerability disclosure

If you discover a security vulnerability, please report it to security@whitetests.io. We aim to respond within 24 hours.