Privacy Policy
Last updated: February 2026
PassPulse ("we," "us," or "our") operates the website at passpulse.org and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, and password (hashed). You may also provide optional profile details such as your nursing program, exam date, and study preferences.
1.2 Usage & Performance Data
We collect data about how you interact with the Service, including:
- Quiz responses, accuracy, and confidence ratings
- Readiness scores and domain proficiency metrics
- Study session duration, frequency, and completion rates
- Flashcard review history and spaced-repetition intervals
- Feature usage patterns and navigation paths
1.3 Device & Technical Data
We automatically collect device type, browser type, operating system, IP address, and general location (country/region) for analytics and security purposes.
1.4 Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full payment details. We receive only a transaction identifier, last four digits, and billing status from Stripe.
2. How We Use Your Information
- Provide, personalize, and improve the Service (adaptive study plans, readiness scoring)
- Process subscriptions and billing
- Send transactional emails (account verification, password resets, study reminders)
- Generate aggregate, anonymized analytics to improve our question bank and algorithms
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
3. Third-Party Services
We use the following third-party services to operate PassPulse:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database hosting | Email, hashed password, profile data, study data |
| Stripe | Payment processing | Email, billing info (handled by Stripe) |
| OpenAI / Anthropic | AI-powered tutoring & question generation | Quiz context, responses (no PII sent) |
| Resend | Transactional email delivery | Email address, message content |
| Vercel | Hosting & CDN | IP address, request metadata |
Each provider operates under its own privacy policy. We recommend reviewing their policies for details on their data practices.
4. Cookies & Local Storage
We use cookies and browser local storage for:
- Authentication: Session tokens to keep you logged in
- Preferences: Theme, study settings, and UI state
- Analytics: Anonymous usage metrics to improve the Service
We do not use third-party advertising cookies. You can disable cookies in your browser settings, though this may affect Service functionality.
5. Data Retention
We retain your account and study data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it. Anonymized, aggregate data may be retained indefinitely for research and product improvement.
6. Data Security
We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, secure password hashing, and role-based access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Your Rights
7.1 All Users
You have the right to:
- Access and download your personal data
- Correct inaccurate information
- Delete your account and associated data
- Opt out of non-essential communications
7.2 GDPR Rights (EEA/UK Residents)
If you are located in the European Economic Area or United Kingdom, you additionally have the right to:
- Request restriction of processing
- Object to processing based on legitimate interests
- Data portability (receive your data in a structured, machine-readable format)
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your local data protection authority
Our legal bases for processing include: performance of a contract (providing the Service), legitimate interests (improving the Service, security), and consent (marketing communications).
7.3 CCPA Rights (California Residents)
Under the California Consumer Privacy Act, California residents have the right to:
- Know what personal information is collected, used, and disclosed
- Request deletion of personal information
- Opt out of the sale of personal information — we do not sell your personal information
- Non-discrimination for exercising your privacy rights
8. Children's Privacy
PassPulse is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions, data requests, or concerns:
- Email: privacy@passpulse.org
- Phone: (601) 207-4515
- Mail: PassPulse, 1110 N Virgil Ave PMB 92258, Los Angeles, CA 90029
We will respond to all privacy requests within 30 days (or sooner as required by applicable law).