Skip to content
Home

Privacy Policy

Last updated: February 19, 2026

Overview

GanttGrind (“we,” “us,” “our”) operates ganttgrind.com. This policy explains what data we collect, why we collect it, and how we protect it. We keep this straightforward because we believe you should actually read your privacy policy.

What We Collect

Account Information

When you create an account, we collect your email address and optionally your name. We use Supabase for authentication — your password is handled by their secure infrastructure and we never see or store it directly.

Payment Information

If you purchase a Premium subscription, payment is processed by Stripe, Inc. We do not collect or store your credit card number, CVV, or full billing address. Stripe provides us with a customer ID and payment confirmation, which we store to manage your account status and facilitate refunds. For more on how Stripe handles your payment data, see stripe.com/privacy.

Study Activity

We record your answers to practice questions, including which questions you answered, whether you got them right, how long you spent, and when you practiced. This data powers your mastery tracking, adaptive question selection, and readiness analytics.

Exam Results

If you upload a score report or manually enter exam results, we store the section, score, exam date, and content area performance breakdown. This data is used to improve your personal study plan and, in aggregate and anonymized form, to train our pass prediction model.

Question Flags and Feedback

If you report an issue with a question, we store the flag reason and any notes you provide, along with your user ID, so we can follow up if needed.

Technical Data

We collect standard web server logs (IP address, browser type, pages visited) for security and debugging purposes. This data is retained for a limited period and not used for advertising.

Web Analytics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal data. Plausible is GDPR-compliant. All data is anonymized and cannot be used to identify you. Learn more at plausible.io/privacy.

We do not use third-party tracking cookies, advertising pixels, or tools like Google Analytics.

How We Use Your Data

  • Personalization: Your study activity drives adaptive question selection, mastery scores, and readiness analytics. This is the core product.
  • Subscription management: We use your Stripe customer ID and payment status to determine your access tier.
  • Platform improvement: Aggregated, anonymized data (overall pass rates, question difficulty, common weak areas) helps us improve question quality and recommendations for all users.
  • Prediction model: Voluntarily submitted exam results, combined with anonymized study activity patterns, train our pass likelihood model. Individual results are never shared or sold.
  • Communication: We may email you about account-related matters (sign-in links, billing receipts, critical service updates) and, occasionally, product updates and study tips relevant to your exam preparation. You can unsubscribe from non-essential emails at any time.

What We Don’t Do

  • We do not sell your data to anyone.
  • We do not share your individual study activity, scores, or exam results with third parties.
  • We do not use your data for advertising.
  • We do not use tracking cookies. Our analytics provider (Plausible) is cookie-free.
  • We do not track you across other websites or use fingerprinting techniques.

Third-Party Service Providers

We work with the following trusted providers who may process your data on our behalf:

  • Supabase — Authentication and database hosting.
  • Stripe, Inc. — Payment processing. Card details are collected and stored by Stripe, not by us.
  • Cloudflare, Inc. — CDN, DDoS protection, and DNS. Traffic to GanttGrind passes through Cloudflare’s network. Cloudflare may process IP addresses and request metadata in accordance with their privacy policy.
  • Vercel, Inc. — Application hosting and serverless infrastructure.
  • Plausible Analytics — Privacy-first, cookieless web analytics.

Each provider is contractually bound to handle your data in accordance with applicable privacy law.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase on AWS infrastructure. Authentication is handled by Supabase Auth with industry-standard encryption. All connections use HTTPS/TLS.

We apply reasonable security measures including parameterized database queries, rate limiting on API endpoints, role-based access controls, and security headers. No system is 100% secure and we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Cookies

We use essential cookies only — specifically, authentication session cookies managed by Supabase. These are required for you to stay logged in. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data (email, name, study activity, exam results) is permanently deleted within 30 days. Aggregated, anonymized data derived from your activity (e.g., anonymized pass prediction model training data) may be retained after account deletion.

Your Rights

You can:

  • Access your data: Your dashboard shows your study activity, mastery scores, and exam results.
  • Export your data: Go to Settings and click “Download my data” to get a copy of your data in JSON format.
  • Delete your account: Go to Settings and choose “Delete my account.” This permanently removes your account and all associated personal data.
  • Unsubscribe from emails: Use the unsubscribe link in any non-essential email or contact us at [email protected].

If you are in the EU/EEA, you have additional rights under GDPR including the right to rectification, restriction of processing, data portability, and the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact us at [email protected].

Children

GanttGrind is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it promptly.

Changes

We may update this policy as the platform evolves. If we make material changes, we will update the “Last updated” date at the top of this page and may notify you by email. Continued use of GanttGrind after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data? Email us at [email protected].