Legal

Privacy Policy

Last Updated: March 25, 2026 · FirstPassPA LLC, Michigan

FirstPassPA LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the FirstPassPA platform at firstpasspa.com (the "Platform").

By using the Platform, you consent to the data practices described in this Policy. If you do not agree with this Policy, do not use the Platform.

Information We Collect
How We Use Your Information
How We Share Your Information
Data Retention
Data Security
Cookies
Your Rights and Choices
California Privacy Rights (CCPA)
European Users (GDPR)
Children's Privacy
Changes to This Policy
Contact Us

1. Information We Collect

1.1 Information You Provide Directly

Account registration information: email address and password (stored in encrypted form)
Payment information: credit/debit card details — note: we never store your full card number. Payment data is transmitted directly to and stored by Stripe, our payment processor
Communications: any messages you send us via email or contact forms

1.2 Information Collected Automatically

Usage data: questions answered, accuracy rates, study sessions, features used, time spent on Platform
Performance data: per-system accuracy, streak data, flashcard views
Device information: browser type, operating system, device type
Log data: IP address, pages visited, referring URLs, timestamps
Cookies and similar technologies: session cookies required for authentication and Platform functionality

1.3 Information We Do NOT Collect

We do not collect your legal name, physical address, phone number, or date of birth
We do not collect social security numbers or government identification
We do not collect sensitive health information about you personally
We do not collect information from children under 18

2. How We Use Your Information

We use the information we collect to:

Create and manage your account
Process your subscription payments through Stripe
Provide, operate, and improve the Platform
Personalize your study experience (spaced repetition, weakness targeting)
Generate your performance analytics and progress tracking
Enforce our Terms of Service
Respond to your questions or support requests
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations

We do not sell your personal information to third parties. We do not use your information for advertising purposes. We do not send marketing emails.

3. How We Share Your Information

We share your information only in the following limited circumstances:

3.1 Service Providers

Stripe (stripe.com) — payment processing. Stripe receives your payment card information directly. Stripe's Privacy Policy governs their use of your payment data.
Supabase (supabase.com) — database storage and user authentication. Your account data and usage data are stored in Supabase's secure infrastructure.
Anthropic (anthropic.com) — AI tutoring features. When you use the AI Tutor feature, your questions and the relevant question context are sent to Anthropic's API.
Vercel (vercel.com) — Platform hosting and content delivery.

3.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

3.3 Business Transfers

If FirstPassPA LLC is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not share your information with any other third parties for their own marketing or commercial purposes.

4. Data Retention

We retain your account information and usage data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (such as records of financial transactions, which we retain for 7 years as required by law).

Anonymized, aggregated usage data (which cannot be linked back to you) may be retained indefinitely for Platform improvement purposes.

5. Data Security

We implement industry-standard security measures to protect your information, including:

Encryption of data in transit using TLS/SSL
Encrypted storage of passwords (we never store passwords in plain text)
Secure third-party infrastructure (Supabase, Vercel) with their own security certifications
Row-level security policies ensuring users can only access their own data

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Cookies

We use only essential cookies necessary for the Platform to function, including:

Authentication cookies: to keep you logged in to your account
Session cookies: to maintain your study session state

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. You can disable cookies in your browser settings, but doing so may prevent you from logging in or using the Platform.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: request a copy of the personal data we hold about you
Correction: request that we correct inaccurate personal data
Deletion: request that we delete your personal data (subject to legal retention requirements)
Portability: request your data in a portable format
Objection: object to certain processing of your data

To exercise any of these rights, email us at legal@firstpasspa.com. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

The right to know what personal information we collect, use, share, or sell
The right to delete personal information we have collected from you
The right to opt-out of the sale of your personal information
The right to non-discrimination for exercising your CCPA rights

We do not sell personal information as defined by the CCPA. To exercise your California privacy rights, contact us at legal@firstpasspa.com.

9. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Contract: processing necessary to provide the Platform services you have requested
Legitimate interests: improving the Platform, preventing fraud, ensuring security
Legal obligation: complying with applicable laws

You have the right to lodge a complaint with your local data protection supervisory authority.

10. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child under 18, please contact us immediately at legal@firstpasspa.com and we will delete the information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on the Platform and updating the "Last Updated" date. Your continued use of the Platform after changes are posted constitutes your acceptance of the revised Policy.

12. Contact Us

FirstPassPA LLC
Email: legal@firstpasspa.com
Website: firstpasspa.com
State of Formation: Michigan, United States

We will respond to all privacy-related inquiries within 30 days.