PrepEx PrepEx
Legal

Privacy Policy

Last updated: February 28, 2026

1Overview

This Privacy Policy explains how PrepEx ("we", "us", "our") collects, uses, and protects your information when you use our platform and services (the "Service").

By using the Service, you acknowledge this policy and consent to data processing as described here. If you do not agree, please do not use the Service.

2Information We Collect

We collect the following to operate and improve the Service:

  • Account information: name, email address, username, and authentication identifiers.
  • Practice data: written submissions, audio recordings, practice responses, scores, feedback, and learning analytics.
  • Usage data: device and browser info, IP address, pages visited, features used, and interaction patterns.
  • Billing data: payment method details and transaction records processed by Stripe.
  • Communications: support requests, feedback, and preferences you share with us.
3How We Use Your Information
  • Operate, maintain, and improve the Service and its features.
  • Personalize your practice experience and deliver tailored feedback.
  • Process payments, manage subscriptions, and maintain billing records.
  • Send you service updates, security alerts, and support responses.
  • Train and improve our AI scoring and feedback systems to benefit all users.
  • Conduct research using aggregated, anonymized data.
  • Detect fraud, prevent abuse, and meet legal obligations.
4AI Development and Service Improvement

We use aggregated, de-identified data from user submissions to train and improve our AI models, scoring algorithms, and feedback systems. This helps PrepEx give better, more accurate results for everyone.

We apply de-identification techniques and access controls when using submissions for model improvement. If you prefer your submissions not be used for AI training, email us at hello@prepex.ai and we will honor that request going forward.

5Legal Basis for Processing

We process personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong and other applicable laws. Our processing is based on:

  • Your use of the Service, which constitutes consent to processing as described here.
  • Our legitimate business purposes: operating the Service, developing AI, and ensuring security.
  • Compliance with applicable legal requirements.
6Security

We use industry-standard measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls: Role-based access limits data to authorized personnel only.
  • Infrastructure: Hosted on enterprise-grade, SOC 2 Type II certified providers.
  • Authentication: Secure session management via Supabase Auth with optional MFA.

No transmission method is 100% secure. We continuously improve our security practices.

7How We Share Data

We share data only with trusted service providers who help us run the Service:

  • Supabase: Database hosting, authentication, and file storage.
  • Stripe: Secure payment processing (we never see your full card number).
  • SendGrid: Email delivery for account notifications.
  • AI service providers: Speech recognition, natural language processing, and scoring.
  • Analytics providers: Aggregated usage analytics to improve the Service.

All providers are contractually required to protect your data and use it only for specified purposes.

We do not sell your personal data. We may disclose information if required by law or to protect the rights, property, or safety of PrepEx, our users, or others.
8Data Retention

We keep your data for as long as needed to provide the Service, meet legal obligations, and resolve disputes. After account deletion, some data may be retained in anonymized or aggregated form for research purposes. You can request account and data deletion at any time by contacting us.

9Your Rights

Under Hong Kong's Personal Data (Privacy) Ordinance and other applicable laws, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that inaccurate data be corrected.
  • Deletion: Request deletion of your account and associated data.
  • Opt out of AI training: Request that your submissions not be used for model improvement.

Email hello@prepex.ai to make any request. We will respond within 40 days as required by Hong Kong law and may ask you to verify your identity.

Users in other jurisdictions may have additional rights. Contact us with any questions.

10International Transfers

PrepEx is operated from Hong Kong. Data may be processed in Hong Kong, the United States, and other countries where our providers operate. By using the Service, you consent to this. We take appropriate steps to protect your data during international transfers.

11Cookies

We use essential cookies for session management and authentication. We may also use analytics cookies to understand how people use our Service. You can manage cookie preferences through your browser settings.

12Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, contact us immediately and we will delete it.

13Changes to This Policy

We may update this policy as our practices evolve or as laws change. Material updates will be communicated through the Service or by email. Continued use after changes take effect means you accept the updated policy.

Questions about your data?
Reach out and we'll respond within 40 days.
hello@prepex.ai
Terms of Service  ·  prepex.ai

© 2026 PrepEx. All rights reserved.