Privacy Policy

Last updated 2026

This Privacy Policy explains how PrepWise (“PrepWise”, “we”, “us” or “our”) collects, uses, stores and protects your information when you use our website and web application (together, the “Service”). It also describes the rights you have over your information. We have written it to be clear and complete, so that it remains accurate over the long term. By using the Service you agree to the practices described here.

Our core promise: we do not sell, rent, trade, or otherwise disseminate your personal information to third parties for their own purposes — ever. We collect only what is needed to run the Service, and we use it only to provide and improve PrepWise for you.

Who we are

PrepWise is an independent, self-funded educational study tool for International Baccalaureate (IB) Diploma students, operated by a private individual based in Warsaw, Poland. For any privacy question, or to exercise any of the rights described below, you can contact us at hello.prepwise@gmail.com. For the purposes of the EU General Data Protection Regulation (GDPR), we act as the “data controller” for the personal information described in this policy.

Information we collect

We limit what we collect to what the Service actually needs. This falls into a few categories:

Account information.When you create an account we store the details you provide or that your chosen sign-in method shares with us — typically your name (or display name) and email address. If you sign in with Google, we receive basic profile information (such as your name, email address and, where available, profile image) from Google’s authentication service; we do not receive or store your Google password.

Authentication data. We use a third-party authentication provider to manage secure login. This includes a securely hashed password if you register with email and password (we never see or store your password in plain text), along with session tokens that keep you logged in.

Study data. As you use PrepWise we store the learning data you generate so we can save and sync your progress — for example the subjects and level (SL/HL) you select, your study phase, questions answered and scores, mistakes, flashcards, saved questions, notes, planner entries, spaced-repetition cards, and which study modes you have used.

Device & local storage.Some of your settings and progress are also cached in your browser’s local storage on your own device (for example your theme preference and recent activity), so the app works quickly and can function before syncing. This data lives on your device and can be cleared by you at any time through your browser.

Usage & analytics data. We use a privacy-friendly analytics service to understand aggregate, anonymous usage — such as which pages are visited and general information like approximate country, browser type and device category. This analytics data does not use tracking cookies and is not used to identify you personally.

Communications. If you email us, we keep your message and contact details so we can respond and, where relevant, follow up.

How we use your information

We use the information above only for the following purposes:

To create and secure your account; to provide the Service and its features; to save and synchronise your study progress across your devices; to remember your settings and preferences; to respond to your messages and support requests; to understand, in aggregate, how the Service is used so we can fix problems and improve it; and to protect the Service against misuse, fraud or security threats.

We do not use your personal information for advertising, we do not build advertising profiles about you, and we do not make automated decisions that produce legal or similarly significant effects about you.

Legal bases for processing (GDPR)

Where the GDPR applies, we rely on the following legal bases: performance of a contract — to provide the Service you have asked for, including account creation and saving your progress; legitimate interests — to keep the Service secure, working and improving, in a way that does not override your rights; consent — where we specifically ask for it, which you may withdraw at any time; and legal obligation — where we must process data to comply with the law.

We do not sell or share your personal data

We want to be unambiguous about this. We do not sell your personal information. We do not rent, trade, or share it with third parties for their own marketing or commercial purposes. We do not disseminate, publish or make your personal information public.

The only parties that ever handle your data are the infrastructure providers we use to run the Service (described below), and they act strictly as our processors — they may only process your data on our instructions to provide their service to us, and may not use it for their own purposes. The limited exceptions are: (a) if we are legally required to disclose information by a valid legal process; (b) to protect the rights, safety or security of PrepWise, our users or the public; or (c) as part of a business transfer (such as a merger or acquisition), in which case any successor would remain bound by this policy and we would notify you.

Third-party services (data processors)

To operate PrepWise we rely on a small number of trusted service providers, each acting as a processor on our behalf:

Supabase — provides authentication and secure database storage for your account and study data. Vercel — hosts the website and provides the privacy-friendly, cookieless analytics described above. Google— provides optional “Sign in with Google” authentication (used only if you choose it). Ko-fi— if you choose to make a voluntary donation, the payment is handled entirely on Ko-fi’s own platform; we never receive or store your card or payment details.

Each of these providers maintains its own security practices and privacy terms, and processes data only as needed to provide their service to us.

Cookies and local storage

PrepWise does not use advertising or third-party tracking cookies. We use only what is necessary for the Service to function: essential cookies or tokens set by our authentication provider to keep you securely signed in, and your browser’s local storage to remember your settings and cache your progress on your device. Our analytics is cookieless. You can clear local storage and cookies at any time through your browser settings, though doing so may sign you out or reset local preferences.

Data storage, security and location

Your data is stored with our infrastructure providers using industry-standard security measures, including encryption in transit (HTTPS) and secure, access- controlled databases. Passwords, where used, are stored only in securely hashed form. While no method of transmission or storage is ever completely secure, we take reasonable and appropriate steps to protect your information against loss, misuse and unauthorised access.

Because our providers operate globally, your information may be processed or stored on servers located outside your country, including outside the European Economic Area. Where that happens, our providers rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) to protect your data.

How long we keep your data

We keep your account and study data for as long as your account remains active, so that your progress is preserved. If you delete your account, or ask us to delete your data, we will remove your personal information from our active systems within a reasonable period, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. Anonymous, aggregated analytics that cannot identify you may be retained.

Your rights

You have meaningful control over your information. Subject to applicable law, and in particular under the GDPR, you have the right to: access the personal data we hold about you; rectify inaccurate or incomplete data; erase your data (“right to be forgotten”); restrict or object to certain processing; data portability — to receive a copy of your data in a machine-readable format; and to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at hello.prepwise@gmail.com. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority — in Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).

Children’s privacy

PrepWise is intended for students preparing for the IB Diploma, who are typically teenagers, as well as adults. We do not knowingly collect personal information from children under the age of 13 (or the minimum age required in your country). If you believe a child has provided us with personal information without appropriate consent, please contact us and we will take reasonable steps to delete it. Where required, younger users should use the Service with the involvement of a parent, guardian or school.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the Service or in the law. When we make material changes, we will update the “last updated” date at the top of this page and, where appropriate, provide a more prominent notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact us

If you have any questions, concerns or requests regarding this Privacy Policy or your personal information, please contact us at hello.prepwise@gmail.com. We read every message and aim to respond promptly.