lab45beta

Privacy Policy

Last Updated:

Lab45 ("we", "us", or "our") operates the exam preparation platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Name and email address
  • Password (encrypted, managed by Clerk)
  • Age verification (if under 18)

Payment Information:

  • Payment details are collected and processed by DodoPayments (our payment processor)
  • We do NOT store your credit card information
  • We receive payment confirmation and transaction IDs

1.2 Information Automatically Collected

Usage Data:

  • Exam attempts and scores
  • Questions answered and saved
  • Time spent on exams
  • Study progress and performance metrics

Technical Data:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used

2. How We Use Your Information

2.1 To Provide the Service

  • Create and manage your account
  • Process payments and grant access
  • Deliver exam content and track progress
  • Save your performance history
  • Provide customer support

2.2 To Improve the Service

  • Analyze usage patterns and performance
  • Identify popular content and difficult questions
  • Improve exam quality and difficulty calibration
  • Develop new features and content

2.3 To Communicate With You

  • Send service-related notifications
  • Respond to your inquiries
  • Send important updates about your account
  • Notify you of new features or products (if you opt in)

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

Contractual Necessity

Processing required to provide the Service you requested (account management, content delivery, payment processing).

Legitimate Interests

Improving our Service, analytics and research, fraud prevention, security measures.

Consent

Marketing communications (you can opt out anytime), non-essential cookies (you can manage preferences).

Legal Obligations

Tax reporting, responding to legal requests, compliance with regulations.

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third parties who help us operate:

Clerk (Authentication)

Account creation, login, email verification, user management

Privacy Policy: clerk.com/legal/privacy

Supabase (Database)

Data storage, exam content delivery, performance tracking

Privacy Policy: supabase.com/privacy

DodoPayments (Payment Processing)

Payment processing, checkout, transaction management, refunds

4.2 What We DON'T Do

  • We do NOT sell your personal information to third parties
  • We do NOT share your data for advertising purposes
  • We do NOT use your exam performance for marketing to third parties

5. Your Rights and Choices

5.1 GDPR Rights (EU/UK Users)

You have the right to:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data ("right to be forgotten")

Portability

Receive your data in a machine-readable format

Object

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent for optional processing

5.2 CCPA Rights (California Users)

You have the right to:

  • Know: What personal information we collect and how we use it
  • Access: Request your personal data (free, twice per year)
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of selling or sharing (we don't sell data)
  • Non-Discrimination: Not be discriminated against for exercising rights

5.3 How to Exercise Your Rights

Email us at privacy@lab45.education with:

  • Your name and email address
  • Specific request (access, deletion, etc.)
  • Verification of identity (for security)

We will respond within 30 days (GDPR) or 45 days (CCPA).

6. Data Retention

6.1 How Long We Keep Data

  • Account Data: Until you delete your account, plus 30 days backup
  • Exam Attempts: Indefinitely for your personal progress tracking
  • Payment Records: 7 years (legal requirement for financial records)
  • Support Communications: 3 years

6.2 Deletion Upon Request

You may request account deletion at any time. We will delete personal identifiable information, anonymize usage statistics (for analytics), and retain financial records as legally required.

7. Data Security

7.1 Security Measures

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security audits
  • Secure cloud infrastructure (Supabase, Clerk)

7.2 Your Responsibility

  • Use strong, unique passwords
  • Do not share your account
  • Log out of shared devices
  • Report suspicious activity immediately

Note: No internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. International Data Transfers

Your data may be stored and processed in the United States, European Union, or other countries where our service providers operate. We ensure adequate protection through:

  • Standard Contractual Clauses (EU-approved)
  • Privacy Shield frameworks (where applicable)
  • Vendor compliance with data protection laws

9. Children's Privacy

Age Restrictions

  • • Our Service is NOT directed to children under 13.
  • • We do not knowingly collect information from children under 13.
  • • Users aged 13-17 must have parental consent.

COPPA Compliance (US)

If we discover we've collected information from a child under 13, we will delete it immediately and terminate the account.

Parental Rights

Parents may review their child's information, request deletion, refuse further collection, or contact us at privacy@lab45.education.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Strictly Necessary (No Consent Required)

Authentication, session management, security features

Analytics (Requires Consent)

Usage statistics, performance metrics, feature usage tracking

10.2 Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling cookies may limit Service functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be notified via email to your registered address. Your continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Inquiries

Email: privacy@lab45.education

General Support

Email: support@lab45.education

Response Time: We aim to respond within 30 days (GDPR) or 45 days (CCPA).

This Privacy Policy was last updated on February 17, 2026. We encourage you to review it periodically.