PMP® exam moves to PMBOK® 8th Edition in
Get 8th-Edition ready
The PMP exam moves to PMBOK 8th Edition on July 9, 2026.
PrepPilot
PrepPilot™

Privacy Policy

Last Updated: March 10, 2026

1. Introduction

PrepPilot™ ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our AI-powered PMP® exam preparation platform ("the Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Target exam date (optional)
  • Selected exam edition preference

2.2 Usage Data

As you use the Service, we automatically collect:

  • Quiz and exam responses, scores, and performance metrics
  • AI conversation logs (messages exchanged with Max, our AI copilot)
  • Study session activity (domains studied, time spent)
  • Readiness scores and streak data
  • Feature usage patterns and page views
  • Security audit logs (account actions such as login, payment, and administrative events)

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other payment credentials. We receive from Stripe your payment status, access period, and Stripe customer ID.

2.4 Technical Data

We may collect standard technical data including browser type, device type, IP address, and referring URL for analytics and security purposes.

3. How We Use Your Information

We use your information to:

  • Provide the Service: Deliver AI-guided study, quizzes, mock exams, and study tools personalized to your progress
  • Calculate scores: Generate readiness scores, domain breakdowns, and performance trends based on your activity
  • Improve the Service: Analyze aggregate usage patterns to improve question quality, AI response accuracy, and platform features
  • Process payments: Manage your purchases and access through Stripe
  • Communicate: Send account-related notifications, including purchase confirmations and service updates
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access
  • Testimonials and marketing: We may use feedback you submit (such as thumbs-up/thumbs-down ratings and comments) along with your first name and last initial (e.g., "Shaun H.") in marketing materials, testimonials, or promotional content for the Service. We will never publish your full name, email address, or other identifying information without your explicit written consent.

4. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing their handling of your data:

  • Supabase - Authentication and database hosting. Stores your account data, quiz responses, and study activity.
  • Stripe - Payment processing. Handles one-time payment processing and payment method storage. We never see or store your full payment details.
  • Anthropic- AI model provider. Your messages to Max (the AI copilot) are sent to Anthropic's API for processing. Anthropic does not use API inputs to train models per their data usage policy.
  • Vercel - Application hosting. Serves the platform and processes web requests, including IP addresses and request metadata.
  • Resend - Email delivery. Sends transactional emails (welcome messages, account notifications) using your email address.
  • Upstash - Rate limiting. Processes user identifiers to enforce daily usage limits. No message content is sent to Upstash.
  • PostHog - Product analytics. We use PostHog for two categories of analytics: (1) Essential product analytics that record core product events (account creation, login, exam and quiz usage, subscription events) to operate and secure the Service. These fire automatically as part of service delivery. (2) Extended analytics (page views, session recordings, behavioral patterns) that only activate after you provide explicit consent via our cookie banner.

5. Cookies and Tracking

The Service uses the following cookies and tracking technologies:

  • Authentication cookies: Required for keeping you signed in (managed by Supabase)
  • Essential product analytics: We collect core product events (account creation, login, exam starts, quiz starts, subscription and trial events) to operate, secure, and improve the Service. These are necessary for service delivery and are processed under our legitimate interest in maintaining a functional platform. Essential analytics use in-memory storage only and do not place tracking cookies.
  • Extended analytics (consent required): Page views, session recordings, and behavioral patterns are only collected after you provide explicit consent via our cookie banner. You can manage your preference below or from the cookie banner shown on your first visit.
  • Fraud prevention and abuse detection

We do not use third-party advertising cookies or sell your data to advertisers.

6. Data Retention

We retain your account data and study activity for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or necessary to resolve disputes.

Anonymized, aggregated data (such as question difficulty statistics) may be retained indefinitely as it cannot be linked back to you.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and account
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise any of these rights, contact us at support@mypreppilot.com. We will respond within 30 days.

9. International Users (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you signed up for
  • Legitimate interests: Essential product analytics (core event tracking for service operation, security, and improvement), fraud prevention, and abuse detection. We limit essential analytics to the minimum data needed and use in-memory storage to minimize privacy impact.
  • Consent: Extended analytics (page views, session recordings, behavioral patterns) are only activated after you provide explicit consent via our cookie banner

Your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers.

10. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date and, where appropriate, by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@mypreppilot.com.