Privacy Policy

Last Updated: April 30, 2026

1. Who We Are (Data Controller)

Easy Civics Test™ ("we", "us", "our") operates the website at easycivicstest.com. For privacy purposes, we are the "data controller" of the personal data we collect through the Service. For privacy questions or to exercise your rights, contact us at aiswingx.com@gmail.com.

2. Acceptance of This Policy

By using Easy Civics Test™, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy and our Terms of Service.

3. Information We Collect

• Account information: name, email address, username, and password (stored as a one-way salted hash — we never store plain-text passwords).
• Profile information: first name, last name, and other optional details you choose to provide.
• Learning data: mock-exam attempts, answers submitted, scores, progress tracking, and per-category performance (American Government / American History / Integrated Civics). Used to deliver the Service and personalize your study experience.
• Payment information: we use Stripe to process payments. We never see or store your full card number, CVV, or full card details. We retain transaction IDs, the amount paid, and the purchase date for tax, refund, and fraud-prevention purposes.
• Technical data: IP address, browser type and version, device type, operating system, access timestamps, and pages visited. Collected for security, analytics, and Service improvement.
• AI-interaction data: when you request an AI-generated explanation, the question text and your selected answer are sent to Anthropic's Claude API. We do not transmit your name, email, or any directly identifying information to AI providers.
• Cookies: we use cookies for session management, login persistence, and remembering your language preference. We do not run third-party advertising or cross-site tracking.

4. Legal Bases for Processing (GDPR/UK GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar law, we rely on the following legal bases:

• Contract: processing necessary to provide the Service you signed up for.
• Legitimate interests: security, fraud prevention, Service improvement, and responding to your inquiries.
• Legal obligations: tax, accounting, and recordkeeping obligations.
• Consent: for optional communications (e.g., marketing email) and any processing for which we expressly request your consent. You may withdraw consent at any time.

5. How We Use Your Information

• To provide, maintain, and improve the Service.
• To authenticate your account and protect against unauthorized access.
• To process payments and refunds.
• To track your study progress and deliver personalized study recommendations.
• To respond to your inquiries and provide customer support.
• To send transactional emails (account verification, purchase confirmation, password reset). We do not send marketing email unless you opt in.
• To detect, prevent, and address fraud, abuse, and security incidents.
• To comply with legal obligations and respond to lawful requests from public authorities.

6. Third-Party Service Providers (Sub-processors)

We share specific data with the following providers strictly to deliver the Service:

• Stripe, Inc. — payment processing. stripe.com/privacy.
• Anthropic, PBC. — AI explanation generation (question content and selected answer only). anthropic.com/privacy.
• Google LLC — Google OAuth sign-in (only if you choose it; we receive name and email from Google) and Google Analytics for aggregated traffic analytics. policies.google.com/privacy.
• Vultr Holdings LLC — server hosting in the United States. vultr.com/legal/privacy.

7. Information Sharing

We do not sell or rent your personal data. We may share your information only as follows:

• With the sub-processors listed above, strictly to deliver the Service.
• If required by law, court order, or to comply with legal process.
• To protect the rights, property, or safety of Easy Civics Test™, our users, or the public.
• In connection with a business transfer (merger, acquisition, sale of assets), in which case we will notify you and require the successor to honor this Policy.
• With your explicit consent for any other purpose.

8. Cookies and Tracking

We use cookies for: (a) session management, (b) keeping you logged in, (c) remembering your preferred language. These are essential cookies. We use Google Analytics for aggregated, non-identifying traffic analytics; you may opt out using Google's Analytics Opt-out or your browser's "Do Not Track" / privacy controls. We do not run third-party advertising cookies.

9. Data Security

We implement reasonable technical and organizational measures to protect your data:

• SSL/TLS encryption for all data in transit (HTTPS).
• Passwords stored using one-way salted hashing (PBKDF2-SHA512).
• Sensitive configuration values encrypted at rest (Fernet/AES).
• Access to production systems restricted by authentication and network rules.
• Regular automated database backups; backup copies are deleted within 30 days.

No method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and the Service is provided "as is" with respect to security.

10. Data Retention

We keep your personal data while your account is active and for as long as needed to deliver the Service. On account deletion:

• Profile data and learning history are deleted within 30 days.
• Payment-transaction records are retained for up to 7 years to comply with U.S. tax and financial recordkeeping rules.
• Backup copies are overwritten within 30 days of the deletion request.
• Aggregated, anonymized analytics that cannot be linked back to you may be retained indefinitely.

11. Children Under 13 (COPPA)

The Service is intended for adults preparing for the USCIS naturalization civics test. We do not target the Service at children under 13 and we do not knowingly collect personal information from children under 13. To enforce this, the registration form requires every new account to affirm that the user is at least 13 years of age; submissions without this affirmation are rejected server-side. If you become aware that a child under 13 has provided us personal information without parental consent, please contact us at aiswingx.com@gmail.com and we will delete the information promptly. This complies with the U.S. Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §6501 et seq.).

12. Your Privacy Rights — Everyone

Wherever you live, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and personal data.
• Receive your data in a portable, machine-readable format.
• Opt out of optional marketing communications at any time.

To exercise these rights, email aiswingx.com@gmail.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

13. EU/EEA/UK Residents (GDPR / UK GDPR)

In addition to the rights above, you have the right to:

• Object to processing based on our legitimate interests.
• Restrict processing in certain circumstances.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data-protection supervisory authority, for example the EDPB member list or the UK ICO.

Our servers and operations are located in the United States. We do not actively target, advertise to, or solicit EEA/UK residents and our processing of EEA/UK personal data, when it occurs, is incidental to providing the Service to a U.S.-resident user base. Where personal data of EEA/UK residents is transferred to or processed in the United States by our sub-processors, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK international data transfer mechanisms. If at any point we begin offering the Service in a way that triggers Article 27 of the GDPR or Article 27 of the UK GDPR, we will appoint a representative and update this Policy accordingly.

14. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights:

• Right to know the categories and specific pieces of personal information we collect, the sources, the purposes, and any third parties with whom we share it.
• Right to delete personal information we collected from you, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information beyond what is needed to operate the Service.
• Right to non-discrimination for exercising any of these rights.

To exercise these rights, email aiswingx.com@gmail.com with the subject "California Privacy Request".

15. California "Shine the Light" Disclosure (Civil Code §1798.83)

California Civil Code §1798.83, separate from the CCPA/CPRA, allows California residents to request, once per calendar year and free of charge, a list of the categories of personal information disclosed to third parties for their direct-marketing purposes during the preceding calendar year, along with the names and addresses of those third parties.

Our position: We do not disclose your personal information to third parties for their own direct-marketing purposes. The third parties listed in Section 6 (Stripe, Anthropic, Google, Vultr) act only as our service providers to deliver the Service, not as independent marketers. To submit a Shine-the-Light request, email aiswingx.com@gmail.com with the subject "Shine the Light Request"; we will respond within 30 days.

16. Communications — Email and SMS

We send transactional emails (account verification, purchase confirmation, password reset, security notices) as needed to operate the Service. We do not send marketing email unless you expressly opt in; you may unsubscribe from marketing email at any time. We do not send SMS / text-message marketing without your prior express written consent (TCPA, 47 U.S.C. §227). Any marketing email we send will include our valid physical mailing address as required by the CAN-SPAM Act (15 U.S.C. §7704).

17. Accessibility

We strive to make this Privacy Policy and the Service generally accessible to users with disabilities, including conformance with WCAG 2.1 Level AA where reasonably practicable. If you need this Policy in an alternative format or have any other accessibility request, contact aiswingx.com@gmail.com.

18. International Data Transfers

Our servers are located in the United States. By using the Service, you understand that your data will be transferred to and processed in the United States, where data-protection laws may differ from those in your country.

19. Limitation of Liability

To the fullest extent permitted by law, Easy Civics Test™ shall not be liable for any damages arising from data breaches, unauthorized access, or third-party security failures, except where caused by our gross negligence or willful misconduct. Our total liability is further limited as described in our Terms of Service.

20. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a prominent notice on the Service at least 14 days before they take effect. The "Last Updated" date at the top reflects the most recent revision. Continued use after the effective date constitutes acceptance of the revised Policy.

21. Contact Us

For privacy questions, data-rights requests, or to exercise any of the rights above, contact us:

• Email: aiswingx.com@gmail.com
• Website: https://easycivicstest.com