Privacy Policy

We collect information in the following categories:

• Account information: Your name, email address, and hashed password when you register. Passwords are stored as a one-way cryptographic hash — we never store or see your plaintext password.
• Optional phone number: If you provide a phone number during registration, we store it on your account. This field is entirely optional and is currently used only as a contact preference. We do not use it for SMS marketing without your explicit consent.
• State and profile data: The state you're studying for, your role (student, parent), and profile preferences you set in the app.
• Study performance data: Practice question answers, test scores, mock exam results, lessons completed, AI Tutor chat history, readiness scores, XP points, and study streaks. This data drives your personalized study experience.
• Billing information: If you subscribe, payments are handled by Stripe. We receive and store only a Stripe customer ID and your subscription status — we never see or store your full card number, CVV, or bank details.
• Technical / server logs: IP address, browser type, device type, and request timestamps for security monitoring, rate limiting, and debugging. These are retained for a limited period and are not used for advertising.

We use the information we collect to:

• Provide the Service: Personalize practice tests, study plans, AI explanations, and readiness scores to your state and learning level
• Communicate with you: Send transactional emails — account verification, password reset, billing receipts, and important Service notices. We do not send marketing email without your consent.
• Improve the product: Analyze aggregate, de-identified usage patterns to understand which features are working and what needs improvement. Individual users are not identified in these analyses.
• Prevent abuse: Apply rate limiting, detect fraudulent activity, and enforce our Terms of Service
• Process payments: Manage subscription billing through Stripe

We do not use your data to build advertising profiles, sell to data brokers, or train third-party AI models on your personal information.

We work with the following categories of third-party providers. Each receives only the data they need to perform their service:

DriveReady AI uses cookies, server-side sessions, and browser local storage to deliver core functionality and improve your learning experience. Here is a plain-language breakdown of what we use and why:

• Authentication & security (required): When you log in, we set a secure, HTTP-only session cookie that identifies your session on our server. This cookie is essential — without it you cannot stay logged in. It is flagged HttpOnly (inaccessible to JavaScript) and Secure (transmitted only over HTTPS) to protect against common web attacks. It expires when you log out or after a period of inactivity.
• Login persistence: The session cookie keeps you logged in between page loads so you don't have to re-enter your credentials on every visit. No personal data is stored inside the cookie itself — only an opaque session identifier that references your server-side session.
• Language preference: If you change the display language, your selection is stored in your session so it persists across pages and visits. This is a functional preference, not a tracking mechanism.
• Core functionality & UI state: We may use browser localStorage to remember lightweight UI preferences — for example, whether you have acknowledged the cookie notice on this site. No personal data is stored in local storage.
• Analytics and service providers (future): We may in the future add analytics or performance-monitoring tools that set their own cookies or use local storage. If and when this happens, we will update this policy and the cookie notice before those technologies are active. We will never introduce third-party advertising or retargeting cookies without your explicit consent.

Your control: You can clear cookies and local storage at any time through your browser settings. Note that clearing the session cookie will log you out. Most browsers also allow you to block third-party cookies by default — our core functionality does not depend on any third-party cookies, so that setting will not affect your ability to use DriveReady AI.

If you use the Family plan, the following additional data practices apply:

• Parent visibility: A parent or guardian ("Family Owner") can view the study progress, practice scores, mock exam results, readiness scores, and study streaks of all driver profiles linked to their family account.
• Linked profiles: Data for each linked driver profile — including name, state, scores, and study history — is accessible to the Family Owner through the Family Dashboard.
• Teen AI Tutor chats: Detailed AI Tutor conversation history for linked profiles is not shared with the Family Owner at this time. We review this approach as the product evolves.
• Purpose limitation: Family dashboard data is provided solely for educational support purposes. It is not intended for any other use by the Family Owner.

DriveReady AI is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age.

If a parent or guardian believes their child under 13 has created an account, please contact us at privacy@drivereadyai.com immediately. We will delete the account and all associated data promptly.

For users aged 13–17, we encourage parental involvement. The Family plan is specifically designed to give parents visibility into their teen's study progress while the teen remains the primary learner.

COPPA compliance for users under 13 — attorney review recommended.

We do not sell your personal data. We do not share your personal information with third parties for their own marketing purposes.

We share data only in these limited circumstances:

• With vendors required to operate the Service (as described in Section 3), under appropriate confidentiality agreements
• If required by law, court order, or valid legal process
• To protect the rights, property, or safety of DriveReady AI, our users, or the public
• In connection with a merger, acquisition, or sale of assets — in which case we will notify users and the acquirer will be bound by this policy

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data
• Portability: Request your data in a machine-readable format (where technically feasible)
• Opt-out: California (CCPA) and EU/UK (GDPR) residents have additional rights; we do not sell personal information so the CCPA "opt-out of sale" right is satisfied by default

To exercise any of these rights, email privacy@drivereadyai.com with your account email and the specific request. We will respond within 30 days. For account deletion, you can also delete your account directly from the Account settings page.

Attorney review recommended for full GDPR/CCPA compliance documentation.

We use industry-standard security practices to protect your data:

• All data in transit is encrypted via HTTPS / TLS
• Passwords are stored using a one-way cryptographic hash — they cannot be recovered even by us
• Access to production systems is restricted to authorized personnel only
• Session cookies are flagged as HTTP-only and secure

No system is completely immune to breaches. If we become aware of a security incident affecting your personal data, we will notify affected users as required by applicable law. Please use a strong, unique password and enable any available account security features.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes — such as new categories of data collection or new third-party sharing — we will notify you via email or an in-app notice before the changes take effect.

Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

Questions or concerns about your privacy? We take these seriously.