Privacy Policy

Information you provide

• Account information: Email address and password when you create an account. If you sign in with Google, we receive your name and email address from Google.
• Billing information: Purchase history and billing status. Payment card details are collected and processed entirely by Stripe — we never receive, store, or have access to your full card number.
• Feedback: If you submit feedback through the Service, we collect the message content, category, and your email address if provided.

Information collected automatically

• Training data: Your training answers, accuracy scores, response times, weakness profiles, and readiness metrics. This data is the core of the product — we use it to personalize your training experience.
• Usage data: Pages visited, features used, exam selections, and session activity. We collect this through our own first-party analytics system (not third-party analytics services).
• Device information: Browser type, operating system, and IP address, collected automatically with each request.
• Referral information: If you arrive via a link with UTM parameters (utm_source, utm_medium, utm_campaign), we record those values.

• Deliver the Service: Personalize exam training, track your progress, target weaknesses, and calculate readiness scores.
• Process payments: Manage purchases, entitlements, and billing through Stripe.
• Send transactional emails: Account verification codes, password reset codes, purchase confirmations, onboarding emails, and other service-related notifications. We do not currently send marketing or promotional emails.
• Improve the Service: Analyze aggregate usage patterns to improve content, features, and performance.
• Protect the Service: Detect and prevent fraud, abuse, and security threats.

We do not sell your personal information. We do not share your information with third parties for advertising purposes.

CloudReflex itself does not currently use first-party browser cookies. Instead, we use browser local storage and session storage for the following purposes. Third-party services you interact with, such as Stripe or Google, may use their own cookies on their pages.

• Authentication: A refresh token stored in local storage to keep you signed in between visits. A temporary security token stored in session storage during sign-in.
• Analytics identifiers: A randomly generated visitor ID (stored in local storage, persists across sessions) and session ID (stored in session storage, resets when you close the browser). These are not linked to advertising profiles.
• Preferences: Your theme preference (light or dark mode) and mini-trainer completion status.

You can clear all browser storage at any time through your browser settings. Clearing storage will sign you out and reset your preferences.

• Amazon Web Services (AWS): Cloud infrastructure including data storage, compute, content delivery, and authentication. Data is stored in the AWS US East (N. Virginia) region. Subject to the AWS Privacy Notice.
• Stripe: Payment processing. Subject to Stripe's Privacy Policy.
• Google: Optional sign-in via Google OAuth. If you choose to sign in with Google, Google shares your name and email address with us. Subject to Google's Privacy Policy.
• Resend: Transactional email delivery for onboarding and account-related product emails. Subject to Resend's Privacy Policy.

We do not use third-party analytics services, advertising networks, or tracking pixels. All analytics are first-party, collected and stored on our own infrastructure.

• Active accounts: Your data is retained for as long as your account exists.
• Deleted accounts: When you delete your account, we delete or de-identify the personal data we control in the application, including your profile, training history, progress, and related account records, subject to any records we need to retain for legal, security, fraud-prevention, accounting, or operational purposes. Third-party providers such as Stripe, Google, AWS, or our email providers may retain data under their own policies. We may also retain de-identified or non-account-linked analytics records for product improvement.
• Inactive accounts: Your account and data remain accessible indefinitely. Your training history is preserved.

• Account information changes: If you need to update core account details such as your email address, contact us at support@cloudreflex.io.
• Delete your account: You can request permanent deletion of your account and the application data we control from your account Settings page.
• Clear browser storage: You can clear local storage and session storage through your browser settings at any time.

To make a privacy-related request that is not covered above, contact us at the email address below.