Privacy Policy

Last updated: January 7, 2026

1. Overview

This Privacy Policy explains how PrepEx ("we", "us", "our") collects, uses, and protects information when you use our website and services (the "Service"). We are committed to safeguarding your personal information and being transparent about how we use it.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your information as described herein. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information to provide and improve our Service:

  • Account information: name, email address, username, and authentication identifiers.
  • Assessment data: written submissions, audio recordings, practice responses, feedback, scores, and learning analytics.
  • Usage data: device and browser information, IP address, pages viewed, features used, and interaction patterns.
  • Billing data: payment method details and transaction information processed securely by Stripe.
  • Communications: support requests, feedback, and preferences you provide.

3. How We Use Information

We use the information we collect for the following purposes:

  • Provide, operate, maintain, and improve the Service and its features.
  • Personalize your practice experience, provide feedback, and deliver tailored recommendations.
  • Process payments, manage subscriptions, and maintain billing records.
  • Communicate with you about the Service, including updates, security alerts, and support.
  • Develop, train, and enhance our AI-powered scoring and feedback systems to improve accuracy and educational outcomes for all users.
  • Conduct research and analysis to understand usage patterns and improve our educational methodologies.
  • Ensure security, detect fraud, prevent abuse, and comply with legal obligations.

4. Service Improvement and AI Development

To continually enhance our Service, we may use aggregated, de-identified, or anonymized data derived from user submissions and interactions to train, develop, and improve our AI models, scoring algorithms, and feedback systems. This helps us provide more accurate assessments and better learning experiences for our entire user community.

We implement appropriate technical measures to protect the confidentiality of your submissions during this process. Where submissions are used for model improvement, we apply de-identification techniques and access controls.

If you prefer that your submissions not be used to improve our AI systems, you may submit a written request to hello@prepex.ai. We will honor such requests within a reasonable timeframe, though this will not affect any processing that occurred prior to our receipt of your request.

5. Legal Basis for Processing

We process personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong and other applicable laws. Our processing is based on:

  • Your use of the Service, which constitutes consent to processing as described in this Policy.
  • Our legitimate business purposes, including providing and improving the Service, developing AI systems, ensuring security, and conducting research.
  • Compliance with applicable legal requirements.

6. Data Protection and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
  • Access controls: Strict role-based access controls limit data access to authorized personnel only.
  • Infrastructure security: Our systems are hosted on enterprise-grade infrastructure with SOC 2 Type II certified providers.
  • Regular audits: We conduct periodic security assessments and vulnerability testing.
  • Secure authentication: We use Supabase Auth with secure session management and optional multi-factor authentication.

While we strive to protect your information, no method of transmission or storage is completely secure. We continuously work to improve our security practices.

7. Sharing of Information

We share data only with trusted service providers who help us operate the Service:

  • Supabase: Database hosting, authentication, and file storage.
  • Stripe: Secure payment processing (we never see your full card number).
  • SendGrid: Email delivery for account notifications and communications.
  • AI service providers: For speech recognition, natural language processing, and scoring.
  • Analytics providers: To understand usage and improve the Service.

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

We do not sell your personal data. We may disclose information if required by law, legal process, or to protect the rights, property, or safety of PrepEx, our users, or others.

8. Data Retention

We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained while your account is active. After account deletion, we may retain certain data in anonymized or aggregated form for research and service improvement purposes.

You may request deletion of your account and associated data at any time by contacting us.

9. Your Rights

Under Hong Kong's Personal Data (Privacy) Ordinance and other applicable laws, you may have certain rights regarding your personal data:

  • Access: Request access to personal data we hold about you.
  • Correction: Request correction of inaccurate data.

To make a request, contact hello@prepex.ai. We may charge a reasonable fee for access requests and will respond within 40 days as required by Hong Kong law. We may require verification of your identity before processing requests.

Users in certain jurisdictions may have additional rights under local law. Please contact us if you have questions about rights applicable to your location.

10. International Data Transfers

PrepEx is operated from Hong Kong and may process data in Hong Kong, the United States, and other countries where our service providers operate. By using the Service, you consent to the transfer and processing of your data in these locations. We implement appropriate measures to protect data during international transfers in accordance with applicable law.

11. Cookies and Tracking

We use essential cookies to operate the Service, including session management and authentication. We may also use analytics cookies to understand how users interact with our Service. You can manage cookie preferences through your browser settings.

12. Children's Privacy

The Service is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised "Last updated" date. For material changes, we will provide notice through the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@prepex.ai