← Back to MLTPrep

Privacy Policy

Effective: 2026-05-23 · Last updated: 2026-06-07

1. Who We Are (Data Controller)

MLTPrep ("we", "us", "our") is the data controller for personal information collected through MLTPrep ( mltprep.com). We are headquartered in Canada.

For privacy enquiries, contact our data protection officer at: privacy@mltprep.com

2. What Personal Data We Collect

We collect the following categories of personal data:

  • Account data: Full name, email address, password (hashed — we never store plaintext passwords), account creation date.
  • Authentication data: Login timestamps, IP address, browser type and version, operating system, device type. IP addresses are hashed after 30 days.
  • Exam and study data: Questions answered, scores, time taken per question, field and set progress, flashcard confidence ratings.
  • Payment data: Subscription plan, payment status, auto-renewal preference (on or off), and renewal reminder delivery history. We do not store card numbers, billing addresses, or any payment instrument details — payments are processed by Dodo Payments, our merchant of record, on their secure servers.
  • Cookie consent: Your consent choices, the date of consent, and the applicable jurisdiction detected at time of consent.
  • Communications: Support ticket messages you send us.

3. Legal Basis and Purpose of Processing

Processing ActivityPurposeLegal Basis (GDPR Art. 6)
Creating and managing your accountProvide the service you signed up forContract (Art. 6.1.b)
Processing subscription paymentFulfil your subscription orderContract (Art. 6.1.b)
Sending transactional emailsVerify email, password reset, receipts, security alertsContract (Art. 6.1.b)
Security and auth loggingDetect fraud, protect accounts, audit trailLegitimate interest (Art. 6.1.f)
Analytics (if consented)Improve platform features and content qualityConsent (Art. 6.1.a)
Marketing emails (if consented)Promotional messages and exam tipsConsent (Art. 6.1.a)
Sending renewal reminder emailsNotify you before each scheduled auto-renewal, as required by consumer protection lawContract (Art. 6.1.b) / Legal obligation (Art. 6.1.c)
Tax and financial recordsLegal compliance and accounting obligationsLegal obligation (Art. 6.1.c)

4. How Long We Retain Your Data

  • Account data: Until you request deletion, plus 30 days grace period.
  • Authentication logs: 12 months, then deleted automatically.
  • Access logs: 90 days, then deleted automatically.
  • Exam activity: 2 years from last activity.
  • Subscription records: 7 years (tax and legal compliance).
  • Cookie consent records: 3 years (regulatory audit trail).
  • IP addresses: Hashed (SHA-256, irreversible) after 30 days.

5. Who We Share Your Data With

We share data only with the following processors, under data processing agreements:

  • Supabase — database hosting and authentication (servers in US/EU)
  • Dodo Payments — payment processing and merchant of record. Dodo handles billing, tax collection, and payment disputes on our behalf. Dodo Payments is an international company (not domiciled in Canada) that operates globally, including serving Canadian customers. The charge on your payment statement will appear under Dodo Payments or a related entity. See Dodo Payments' Privacy Policy for details of how they handle your payment data.
  • Resend — transactional email delivery
  • Anthropic — AI-generated exam feedback (no identifiable data sent)
  • Vercel — web hosting (servers in US/EU)
  • Google LLC (Google Analytics 4) — website analytics, only when you grant analytics consent. Data sent to Google includes pages visited, time on site, browser and device type, and an anonymised IP address (last octet stripped before transmission). Google may process this data on servers in the United States. You can withdraw consent at any time via the cookie preferences banner. See Google's Privacy Policy for details of how Google handles this data.

We do not sell your personal data. We do not share it with advertisers.

6. International Data Transfers

Some of our processors store data in the United States. Where data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms. You may request a copy of applicable transfer safeguards by contacting us.

7. Your Rights

Depending on your jurisdiction, you have some or all of the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your account and associated data.
  • Portability: Receive your data in a machine-readable format.
  • Restriction: Ask us to restrict processing while a dispute is resolved.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw analytics or marketing consent at any time via your account settings. Withdrawal does not affect processing carried out before withdrawal.

To exercise any right, email privacy@mltprep.com. We will respond within 30 days. For erasure requests, we may retain certain data where required by law (e.g., tax records).

If you are in the EU/UK, you have the right to lodge a complaint with your supervisory authority. For EU users: find your authority at edpb.europa.eu. For UK users: ico.org.uk.

8. Cookies

We use cookies and similar technologies. For full details see our Cookie Policy. You can manage your preferences via the cookie banner shown on first visit, or at any time through your account settings.

9. Age Requirement

MLTPrep is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

10. Changes to This Policy

We will notify registered users by email if we make material changes to this policy. The effective date at the top of this page will always reflect the most recent version. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

Data Protection Officer
MLTPrep
Canada
privacy@mltprep.com

Governing law: Ontario, Canada.

Questions about these policies? Contact us

MLTPrep is not affiliated with or endorsed by CAMLPR.