← Back to Home

Privacy Policy

Last Updated: January 22, 2026

1. Introduction

Welcome to Freeappractice.org ("Service", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and services, including account-based features introduced in recent updates.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account we collect identifying information such as your name, email address, and password (securely hashed).
• Preferences: AP class selection, subject area, custom unit ranges, theme preferences, AI provider choice.
• Progress Data: Number of questions answered, correctness, streaks, and other learning metrics (used to provide cross-device progress sync).
• Bug Reports & Support Requests: Any information you include when contacting support.

2.2 Information Collected Automatically

• Server Logs: Standard request metadata (IP address, request path, status code, timestamps, user agent) for security, diagnostics, and abuse prevention.
• Local Storage: Local browser storage is used for performance and offline access; some preferences remain local unless you enable account sync.

3. How We Use Your Information

• To provide account features and sync progress across devices.
• To generate and improve AP practice questions tailored to your settings.
• To respond to support and bug reports.
• To detect, investigate, and prevent fraud or other prohibited activity.

4. Data Storage, S3, and Retention

Your account data and progress summaries are stored on our servers to enable cross-device access. In addition, generated questions and per-question logs are stored in AWS S3 for durability and analysis. Data stored in S3 is access-controlled and encrypted at rest using AWS-managed encryption. We retain account and usage data for as long as necessary to provide the Service and comply with legal obligations.

If you delete your account, we will remove your personally-identifying data from our primary databases within a reasonable timeframe. Some cached or archived copies may persist in backups for a limited period in accordance with our retention policies.

5. Authentication & Passwords

We store passwords using secure hashing (bcrypt or equivalent). Authentication tokens (JWT) are used to authenticate API requests. Never share your password or token. If you suspect unauthorized access, contact support immediately and change your password.

6. Third-Party Services and AI Providers

We use third-party services including AI providers and CDNs. Requests to external AI providers (such as OpenAI) are subject to their privacy policies. Generated question content may be stored in our S3 bucket and is used to improve service quality; we do not sell question content to third parties.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information. Access to production data is limited to authorized personnel and audited. However, no system is fully secure; if a breach occurs we will follow applicable notification rules and notify affected users where required.

8. Your Rights and Choices

• Access & Portability: You may request a copy of your account data.
• Deletion: You may request account deletion; we will delete identifying data from primary systems and stop collecting new data for that account.
• Opt-Out: You can disable account sync and keep data local only.

9. Cookies and Tracking

We use cookies and browser storage to power session handling, preferences, and the features described below. Necessary cookies remain enabled to keep you logged in and to preserve onboarding and theme settings, and they cannot be turned off on our site.

Optional categories (analytics and advertising) are disabled by default. You decide whether to accept them via the cookie banner or the Settings modal: analytics cookies power anonymized usage reports that help us improve question quality, while advertising cookies enable personalized offers and may be shared with the ad partners listed in this policy or disclosed separately in the footer.

When you interact with those controls we store your choice in localStorage under cookieConsent:v1, emit the corresponding consent events, and only load the related scripts if you consent. You can change those preferences at any time through the “Settings” modal (linked in the top-right user menu) or by clearing the consent entry in your browser. If you ever revoke consent, we stop loading the optional scripts and the data collection tied to them.

10. Children's Privacy

Our Service is intended for teens preparing for AP exams. We do not knowingly collect information from children under 13. If you believe a child under 13 provided us personal data, contact us and we will take steps to delete it.

11. International Transfers

Data stored on our servers and in S3 may be processed in the United States or other jurisdictions. When transferring data internationally we take steps to protect it in accordance with applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be reflected in the "Last Updated" date and, where feasible, communicated to registered users. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this policy or to exercise data rights, contact us at:

Website: freeappractice.org
Email: [email protected]