← Back to Home

Privacy Policy

Last Updated: March 29, 2026

1. Introduction

This Privacy Policy explains how Free AP Practice ("Service", "we", "us", or "our") collects, uses, stores, and shares information when you use the website and related features.

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: name, email address, and password hash
  • Practice data: answers submitted, question attempts, FRQ responses, progress, and bookmarks
  • Bug reports and support requests: text and metadata you submit
  • Transactional requests: password reset, verification, and account deletion requests

2.2 Automatically Collected Data

  • Server logs such as IP address, request path, timestamps, and status codes
  • Browser and device information sent through standard HTTP headers
  • Usage information such as page visits, feature interactions, and authentication state

2.3 Information Stored Locally in Your Browser

  • Authentication token and basic user profile data
  • Theme and accessibility preferences
  • Draft or in-progress state needed to keep the app responsive between refreshes

3. How We Use Your Information

  • To create and serve practice questions, explanations, and tutor responses
  • To authenticate accounts, maintain sessions, and protect the Service
  • To track progress, bookmarks, attempts, and saved preferences
  • To send transactional emails such as verification and password reset emails
  • To respond to bug reports, account requests, and support inquiries
  • To analyze usage trends and improve reliability, quality, and performance

4. Data Storage and Security

We store account and progress data in MongoDB Atlas and may store generated question content and related files in AWS S3. Passwords are stored as hashes, not plain text. We use bearer tokens for authentication, and those tokens expire after a limited period. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

5. Cookies and Local Storage

We use local browser storage to keep you signed in and to save theme and accessibility preferences. We do not use third-party advertising cookies. If you use a shared device, you should sign out when finished.

6. Third-Party Services

  • OpenAI: prompts and generated question content are processed by OpenAI's API
  • MongoDB Atlas: database hosting for user accounts and progress data
  • AWS S3: file storage for generated question content and related assets
  • Resend: delivery of verification and reset emails
  • Vercel: website hosting and deployment infrastructure

Each third party has its own terms and privacy practices. We do not sell your personal information.

7. Your Rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. You can delete your account through the Service or contact us for help. We will remove data from primary systems within a reasonable period, subject to legal or operational retention requirements.

8. Children's Privacy

The Service is intended for students, but it is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent where required by law.

9. International Transfers

Your information may be processed in the United States or other countries where we or our service providers operate. Where required, we take steps intended to protect the information in accordance with applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised "Last Updated" date. Continued use of the Service after changes take effect means you accept the updated policy.

11. Contact Us

For questions about this policy or to exercise your privacy rights, contact us at:
Website: freeappractice.org
Email: support@freeappractice.org