Skip to main content
Back to Home

Privacy Policy

Last Updated: May 28, 2026

1. Introduction

This Privacy Policy explains how Free AP Practice ("Service", "we", "us", or "our") collects, uses, stores, and shares information when you use the website and related features. Free AP Practice is a personal project maintained by Ajay Saravanan.

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: name, email address, and password hash
  • Practice data: answers submitted, question attempts, FRQ responses, progress, and bookmarks
  • Bug reports and account requests: text and metadata you submit
  • Transactional requests: password reset, verification, and account deletion requests
  • User-provided responses: AI tutor prompts and FRQ responses may be sent to OpenAI for processing so the Service can generate responses. Please do not submit sensitive personal information.

2.2 Automatically Collected Data

  • Server logs such as IP address, request path, timestamps, and status codes
  • Browser and device information sent through standard HTTP headers
  • Usage information such as page visits, feature interactions, and authentication state

2.3 Information Stored Locally in Your Browser

  • Authentication token and basic user profile data
  • Theme and accessibility preferences
  • Draft or in-progress state needed to keep the app responsive between refreshes

3. How We Use Your Information

  • To create and serve practice questions, explanations, and tutor responses
  • To authenticate accounts, maintain sessions, and protect the Service
  • To track progress, bookmarks, attempts, and saved preferences
  • To send transactional emails such as verification and password reset emails
  • To respond to bug reports, account requests, and support inquiries
  • To analyze usage trends and improve reliability, quality, and performance when optional analytics are enabled

4. Data Storage and Security

We store account and progress data in MongoDB, and generated question content may also be stored in MongoDB and AWS S3 depending on the feature being used. Passwords are stored as hashes, not plain text. We use bearer tokens for authentication, and those tokens expire after a limited period. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

5. Cookies and Local Storage

We use local browser storage to keep you signed in and to save theme and accessibility preferences. We also use local storage to remember your optional analytics choice. In addition, we use a first-party cookie to remember sidebar state. We do not use third-party advertising cookies. If you use a shared device, you should sign out when finished.

6. Optional Analytics

Optional analytics may be provided by Vercel Analytics and Vercel Speed Insights. If you choose to enable them, we may collect page views and performance-related signals to understand how the Service is used and to improve reliability. You can change this preference in Settings at any time.

7. Third-Party Services

  • OpenAI: prompts and generated question content are processed by OpenAI's API
  • Google: sign-in flows may use Google Identity Services and Google ID tokens
  • MongoDB: database storage for user accounts, progress data, and cached questions
  • AWS S3: file storage for generated question content and related assets
  • GitHub: bug reports are submitted as GitHub Issues when you use the in-app bug report form
  • Resend: delivery of verification and reset emails
  • Vercel: website hosting and deployment infrastructure

Each third party has its own terms and privacy practices. We do not sell your personal information.

8. Your Rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. You can delete your account through the Service or contact us for help. We will delete your account record from our primary database, and some information may remain in backups, logs, or third-party systems for a limited period, subject to legal or operational retention requirements.

9. Children's Privacy

The Service is intended for students, but it is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will address the request appropriately.

10. International Transfers

Your information may be processed in the United States or other countries where we or our service providers operate. Where required, we take steps intended to protect the information in accordance with applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last Updated" date. Continued use of the Service after changes take effect means you accept the updated policy.

12. Contact Us

For questions about this policy or to exercise your privacy rights, contact us at:
Operator: Ajay Saravanan
Website: freeappractice.org
Email: [email protected]