Privacy Policy

This privacy policy applies to the US Citizenship Test app (the "Application") for mobile devices provided "AS IS". The Application includes an ad-supported experience and may offer an optional subscription to remove ads (the "Subscription").

We strive to comply with applicable privacy laws, including the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"), and we aim to process your data lawfully, fairly, and transparently.

Information Collection and Use

The Application may collect information when you download and use it. This information may include:

• Device and app information: device model, operating system version, app version, language, and diagnostic information.
• Usage information: which screens/features you use and how long you use them (in an aggregated way).
• Advertising information: ad impressions, advertising identifiers (such as IDFA on iOS or Advertising ID on Android), and related data used to deliver and measure ads. If you consent, this information may be used for personalized advertising.
• Purchase/subscription information: purchase status, entitlement status (e.g., "Pro / Ad‑Free"), and purchase/receipt data necessary to validate your subscription.

We do not collect precise location from your device. However, third-party services (such as ad providers) may infer an approximate location from your IP address for fraud prevention, compliance, and ad delivery.

Study Data Stored on Your Device

The Application stores study-related data locally on your device (e.g., progress, favorites, selected test version, language, and settings). This data is used to provide the core study experience. You can remove this data at any time by using the app's reset features or uninstalling the Application.

ZIP Code / Elected Officials Feature

The Application offers an optional feature to display your elected officials (e.g., your U.S. Representative, Senators, Governor) based on your ZIP code.

• Local storage only: Your ZIP code is stored locally on your device and is not transmitted to or stored on our servers.
• Government API queries: When you use this feature, your ZIP code is sent to public government APIs solely to retrieve your elected officials. These queries happen on-demand and the results are displayed in the app.
• No tracking: We do not use your ZIP code for advertising, profiling, or any purpose other than displaying your elected officials.
• You can remove it: You can update or clear your ZIP code anytime in the app settings.

Microphone / Speech Features

The Application includes optional features that use your microphone (e.g., mock interview practice). Microphone access is requested only when needed and can be controlled in your device settings. Speech recognition and audio processing may be handled by your device/OS services depending on platform configuration.

AI-Powered Features (Premium)

The Application offers AI-powered features for premium subscribers, including AI Mock Interview and AI-assisted reading practice. These features process your data as follows:

• Audio transcription: When you use AI Mock Interview or AI reading practice, your recorded audio is sent to our secure server (Supabase Edge Functions), which forwards it to OpenAI's Whisper API for speech-to-text transcription. The audio is processed in real time and is not stored by us or OpenAI after transcription.
• Answer evaluation: Your transcribed text, along with the test question and accepted answers, is sent to OpenAI's GPT model for semantic evaluation. This determines if your answer is correct and provides feedback. No personal identifying information is included in this evaluation.
• Data minimization: We only send the minimum data required for transcription and evaluation. Audio recordings are deleted from your device after processing. OpenAI processes data under their Enterprise Privacy policy and does not use API data to train their models.

Server-Side Session Tracking

To enforce daily usage limits and prevent abuse of AI features, we store minimal session data on our server (hosted on Supabase):

• What we store: A pseudonymous user identifier (RevenueCat anonymous ID), session counts per day, session type (mock interview or reading practice), number of AI calls made, estimated processing cost, and your score.
• What we do NOT store: Your name, email, audio recordings, transcripts, answers, IP address, or any other personally identifiable information.
• Purpose: This data is used solely to enforce the daily AI session limit (currently 5 sessions per day), monitor costs, and prevent abuse. This processing is necessary for the performance of our service contract with you (GDPR Article 6(1)(b)).
• Retention: Session data is retained for 90 days for cost analysis and dispute resolution, then may be archived or deleted.
• Security: All server-side data is protected by Row Level Security policies. Only our server-side functions (not the app directly) can access this data. Communication is encrypted via HTTPS.

Subscriptions & Payments

If you purchase a subscription, payment is processed by the platform provider (Apple App Store or Google Play). We do not collect or store your full payment card details. We (and our subscription provider, RevenueCat) receive limited information required to validate and manage subscription access (for example: purchase status, entitlement status, and receipt tokens).

Cancellation: You can cancel your subscription anytime from your App Store / Google Play subscription management settings. After cancellation, access may remain active until the end of the current billing period.

Advertising and Personalization

The Application displays advertisements to support the free version. We use Google AdMob to serve ads. Depending on your consent choices and location, you may see:

• Personalized ads: If you consent, ads may be tailored based on your interests, app usage, and device information.
• Non-personalized ads: If you do not consent or withdraw consent, you will still see ads, but they will not be based on your personal data.

Consent Management

We use Google's User Messaging Platform (UMP) to collect and manage your consent preferences in compliance with applicable regulations:

• European Economic Area (EEA), UK, and Switzerland: When you first use the app, you will see a consent form asking for your permission to use your data for personalized advertising (GDPR compliance).
• United States: In applicable states (e.g., California, Virginia, Colorado), you will see options to opt out of the sale or sharing of your personal information (CCPA/state privacy law compliance).
• iOS Users: You will see Apple's App Tracking Transparency (ATT) prompt asking for permission to track your activity across other companies' apps and websites.

Managing Your Ad Preferences

You can change your consent and ad preferences at any time:

• In-App: Go to Settings → Privacy Settings to update your consent choices.
• Device Settings (iOS): Go to Settings → Privacy & Security → Tracking to manage app tracking permissions.
• Device Settings (Android): Go to Settings → Google → Ads to manage your advertising ID and personalization preferences.

Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Third-Party Services

The Application uses third-party services that may collect information according to their own privacy policies. These services help provide ads, analytics, subscription functionality, and elected official information.

Note: Some third-party services, such as Google AdMob, act as independent data controllers for their own purposes and are responsible for their own compliance with privacy laws.

Subscription, Analytics, and AI Services

• RevenueCat: Privacy Policy
• Google Mobile Ads (AdMob): Policy
• Firebase Analytics: Privacy Policy
• Google Play Services: Privacy Policy
• Apple: Privacy Policy
• OpenAI: Enterprise Privacy
• Supabase: Privacy Policy
• Upstash: Privacy Policy

Government APIs (for Elected Officials Feature)

• Congress.gov API (Library of Congress): Congress.gov Data
• U.S. Census Bureau Geocoder: Census Privacy Policy
• HUD USPS Crosswalk API: HUD Privacy Policy. This product uses the HUD User Data API but is not endorsed or certified by HUD User.
• Zippopotam.us: Used to convert ZIP codes to geographic coordinates (public API).

Disclosure of Information

The Service Provider may disclose User Provided and Automatically Collected Information:

• As required by law (e.g., to comply with legal processes such as subpoenas).
• When disclosure is necessary to protect rights, user safety, or investigate fraud.
• To trusted service providers who assist in app operations and agree to confidentiality terms.

Data Retention

Study data is stored locally on your device until you delete it (reset) or uninstall the app. Analytics and usage data are typically retained for up to 14 months. Server-side session data (AI usage counts and cost tracking) is retained for up to 90 days. You can delete this data at any time through "Delete My Data" in the app's Settings.

Audio recordings submitted for AI transcription are processed in real time and are not stored by us or our AI provider (OpenAI) after processing.

You may request deletion of any support communications you send us by contacting sendfeedbackus@gmail.com.

Your Privacy Rights

General Rights (All Users)

Depending on your location, you may have rights to:

• Access your personal information
• Request deletion of your personal information
• Correct inaccurate information
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent

EEA and UK Users — GDPR Rights

If you are located in the EEA or UK, we process your personal data under performance of a contract, legitimate interests, consent, and legal obligations. You may also request data portability and file a complaint with your local data protection authority.

California Residents — CCPA Rights

If you are a California resident, you have the right to know, access, delete, correct, and opt-out of the sale or sharing of personal information. To exercise your rights, contact us at sendfeedbackus@gmail.com.

International Data Transfers

We are based in the United States. Your information may be processed in the United States or other countries. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable.

Children's Privacy

The Application is not intended for children. In the United States, we do not knowingly collect personal information from children under 13 (COPPA). In the EEA/UK, we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us.

Security

We implement reasonable technical and organizational measures to help prevent unauthorized access to user data, including HTTPS/TLS encryption, Row Level Security policies, per-IP and per-user rate limiting, server-side subscription verification, and input validation on all API endpoints. However, no method of internet transmission or electronic storage is completely secure.

Changes to This Policy

This Privacy Policy may be updated from time to time. Material updates will be communicated through the app or other appropriate means.

Contact Us

If you have questions about this Privacy Policy, contact us at: sendfeedbackus@gmail.com