Legal
Privacy Policy
Last updated: 2026-06-01.
CASPer the Test Prep provides online CASPer® preparation, timed practice, AI-generated critique, practice planning, and account features. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices available to you.
CASPer® is a registered trademark of Acuity Insights. CASPer the Test Prep is independent and is not affiliated with, endorsed by, or sponsored by Acuity Insights.
For privacy purposes, the service is operated by Innovative Online Industries. Privacy questions, access requests, correction requests, deletion requests, and complaints can be sent to support@caspertestprep.online.
1. Information We Collect
We collect information you provide directly, including:
- Account details such as name, email address, authentication provider, and user ID.
- Profile and study details such as test date, preparation goals, theme preferences, and progress settings.
- Onboarding details such as courses you are applying to, institutions of interest, previous real CASPer attempt dates, and reported result quartiles.
- Practice content such as typed answers, video or audio responses, transcripts, reflections, scores, AI critique, saved notes, and attempt history.
- Community or feedback content such as forum posts, comments, support requests, feature requests, and issue reports.
- Billing identifiers such as Stripe customer IDs, subscription IDs, checkout session IDs, plan status, and access expiry dates. Full card numbers are processed by Stripe and are not stored by us.
We may also collect technical information automatically, including IP address, browser type, device information, referring URLs, feature interactions, error logs, cookies, local storage identifiers, and approximate location derived from network information. Optional analytics are limited to redacted page paths and product events after you choose to allow analytics.
2. How We Use Information
We use information to:
- create and secure your account;
- provide timed practice, scoring, feedback, transcripts, and practice plans;
- save progress, attempts, plan limits, and dashboard history;
- process payments, renewals, cancellations, invoices, and plan access through Stripe;
- send service messages, optional weekly activity reports, account notices, billing notices, and deletion reminders;
- respond to support, feedback, and community moderation requests;
- detect abuse, enforce fair-use limits, prevent membership-limit evasion, and protect the service;
- debug reliability issues and, where you consent, measure and improve product usage; and
- comply with legal, tax, accounting, and security obligations.
For UK and EEA users, the legal bases may include contract performance for account, payment, and practice features; legitimate interests for security, abuse prevention, service diagnostics, and basic administration; consent for optional analytics; and legal obligation where records or notices are required by law.
3. AI Feedback, Transcripts, and Practice Data
When you request AI critique, your scenario, answers, transcript, reflection responses, and related scoring context may be sent to AI service providers to generate feedback. Video responses may be transcribed with AI. You can edit transcripts before re-running critique where that feature is available.
AI and transcription requests are rate limited and size limited to reduce abuse, cost, and unnecessary data transfer. We send only the content needed to produce the requested critique, coaching response, or transcript.
Do not include sensitive personal information, patient information, confidential school or workplace information, or identifying information about other people in practice answers unless it is necessary for the exercise. We do not use your practice data to make admissions decisions and we do not send your practice results to schools or programs.
Your CASPer test date, selected courses, previous results, practice answers, recordings, transcripts, and AI feedback are not shared with Acuity Insights, universities, schools, admissions programs, or other applicants.
4. Cookies and Analytics
We use cookies, local storage, and similar technologies for authentication, session security, remembering the browser, saving preferences, and optional analytics. Essential storage is required for sign-in, account security, theme preferences, and session continuity. Analytics and product usage diagnostics are off until you choose to allow them in the site privacy banner.
When analytics are allowed, we avoid sending full query strings, disable product session recording in PostHog, and limit Sentry replay sampling to error sessions only after analytics consent. You can change your choice from the Privacy choices button in the footer or by contacting support.
5. When We Share Information
We may share information with service providers that help us operate the service, including:
- Firebase and Google Cloud for authentication, database, storage, hosting support, and functions;
- Stripe for payments, billing, invoices, subscriptions, fraud prevention, and customer portal access;
- Resend for transactional email;
- AI and transcription providers for critique and transcript generation;
- analytics, logging, and monitoring providers such as PostHog, Vercel Analytics, and Sentry for optional product measurement and reliability diagnostics; and
- professional advisers, regulators, or authorities where required by law.
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. We do not provide your practice answers, scores, course list, previous results, or account history to admissions programs.
Service providers are expected to process information only for the contracted service, protect it with appropriate safeguards, and support deletion or retention requests where applicable.
6. Security
We use technical and organizational safeguards designed to protect personal information, including authenticated access controls, encrypted transport, managed cloud infrastructure, Firebase App Check for callable-function abuse protection, rate limits on expensive AI routes, security headers, limited administrative access, and payment processing through Stripe. No online service can guarantee perfect security, so you should use a strong password, protect access to your email account, and notify us if you believe your account has been compromised.
If we become aware of a security incident involving personal information, we will assess the incident and provide notices to affected users or regulators where required by applicable law.
7. Retention
We keep account and practice information for as long as needed to provide the service, maintain records, enforce plan limits, resolve disputes, prevent abuse, and comply with legal obligations. Device or account signals may be retained as needed to reduce membership-limit evasion. Billing records may be kept longer where required for tax, accounting, fraud prevention, or chargeback purposes.
- Practice attempts, transcripts, recordings, notes, and profile data are kept while your account or paid plan remains active, unless you delete them earlier.
- Expired paid-plan profile and account data is scheduled for deletion 7 days after plan expiry, subject to retained billing, legal, security, fraud, chargeback, or dispute records.
- Security, rate-limit, and diagnostic records are kept only as long as reasonably needed for abuse prevention, troubleshooting, legal, or accounting needs.
Signed-in users can request deletion from Profile. Deletion requests notify the administrator and are processed within 7 days, subject to records we must keep for legal, security, fraud prevention, or accounting reasons.
Signed-in users can also delete selected activity data while retaining their account, including individual practice attempts, all saved practice attempts, selected completed practice planner activities, or all completed practice planner activity history.
If a paid plan expires and is not renewed, profile and account data is scheduled for automatic deletion 7 days after plan expiry, subject to records we must retain for legal, tax, accounting, fraud prevention, chargeback, security, or dispute-resolution reasons.
8. Your Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, request portability, withdraw consent where processing is based on consent, and complain to a privacy regulator.
- United Kingdom and European Economic Area users may have rights under UK GDPR or GDPR, including rights to be informed, access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority.
- Australian users may have rights under the Privacy Act 1988 and Australian Privacy Principles, including access, correction, complaint handling, transparent collection notices, data security, and cross-border disclosure protections where applicable.
- New Zealand users may have rights under the Privacy Act 2020, including rights to know why information is collected, request access, request correction, expect secure handling, and complain to the Privacy Commissioner.
- Canadian users may have rights under PIPEDA or applicable provincial privacy laws, including access, correction, openness about practices, limits on collection, use, disclosure and retention, safeguards, and complaint rights.
- United States users may have rights under applicable state privacy laws. California residents may have rights to know, access, delete, correct, opt out of sale or sharing, limit certain sensitive personal information uses, and not be discriminated against for exercising privacy rights. We do not sell personal information.
To make a privacy request, contact support@caspertestprep.online or use the deletion flow in your profile. We may need to verify your identity before completing a request. We aim to respond within the period required by the law that applies to your request.
The Profile page also includes a data deletion section where you can remove practice and practice planner activity data without deleting your sign-in account.
9. International Users
Our service is operated using cloud providers and service providers that may process information in the United States, Canada, Australia, the European Economic Area, and other locations. By using the service, you understand that your information may be transferred to and processed in countries with privacy laws that differ from those in your location.
Where required, we rely on contractual, technical, organizational, or other lawful transfer mechanisms to support cross-border processing by our service providers, including data processing terms, standard contractual clauses or equivalent safeguards, and vendor security controls where applicable.
10. Children
The service is intended for students preparing for professional or higher-education admissions assessments. It is not directed to children under 13. Users under the age of majority in their location should use the service only with parent or guardian permission. If you believe a child has provided personal information without appropriate consent, contact us so we can review and delete the information where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last-updated date. If a change is material, we may provide additional notice through the site or by email.
12. Contact
Privacy and support requests can be sent to support@caspertestprep.online. If you contact us, please include enough information for us to understand and respond to your request.
