Privacy Policy

Last updated: April 7, 2026

VIISLABS ("we," "us," or "our") operates the ExamPal mobile application and the ExamPal.app website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect information provided by your chosen authentication provider:

  • User ID from Apple Sign In or Google Sign In
  • Display name (optional — you may choose to hide this)
  • Email address (optional — Apple Sign In allows you to use a private relay email or hide your email entirely)

We do not receive or store your Apple or Google password.

1.2 Learning Data

We collect data about your study activity to provide and improve our learning features:

  • Answer records and accuracy rates
  • Study time and session activity
  • Bookmarked questions and flagged items
  • Mistakes notebook (wrong answer history)
  • Personalized study plan data
  • FSRS spaced repetition state (review intervals, retention parameters, scheduling data)

1.3 Subscription Data

All subscription payments are processed through Apple In-App Purchase. We do not collect or store your payment card information. We receive only subscription status and transaction confirmations from Apple for the purpose of managing your access and verifying Pass Guarantee eligibility.

1.4 Device Information

We collect limited device information for technical support and app health monitoring (heartbeat):

  • Device model
  • iOS version
  • App version

1.5 App Attest

We use Apple's DeviceCheck framework (App Attest) for device integrity verification to protect against fraud and abuse. This process does not collect any personal information — it only verifies that requests originate from a legitimate instance of the ExamPal app on a genuine Apple device.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide a personalized learning experience: Power the FSRS spaced repetition algorithm, generate personalized study plans, analyze your weak areas, and deliver targeted practice content.
  • Sync your progress across devices: Keep your study data, bookmarks, mistakes notebook, and learning state synchronized between your devices when you sign in with your account.
  • Manage subscriptions and verify Pass Guarantee eligibility: Process subscription status, verify study completion criteria, and administer the Pass Guarantee program.
  • Improve the product and provide technical support: Analyze aggregated usage patterns to improve question quality, study algorithms, and app stability. Use device information to diagnose technical issues.

3. Third-Party Services

We use the following third-party services in connection with the Service:

3.1 Apple

We use Apple services for authentication (Sign In with Apple), payment processing (In-App Purchase), and device integrity verification (App Attest). See Apple's Privacy Policy.

3.2 Google

We use Google Sign In as an alternative authentication method. Google shares your name and email based on your Google account settings. See Google's Privacy Policy.

3.3 Cloudflare

Our API is hosted on Cloudflare Workers and served through Cloudflare's CDN. Cloudflare processes requests on our behalf to deliver the Service. See Cloudflare's Privacy Policy.

3.4 Neon

Your account and learning data is stored in a PostgreSQL database hosted by Neon in the United States. Neon processes data on our behalf and is contractually obligated to protect your information. See Neon's Privacy Policy.

4. Data Storage and Security

4.1 Local Storage

Study content and progress data are stored locally on your device in a SQLite database to enable offline study. This local data is encrypted and synchronized to the cloud when a network connection is available.

4.2 Cloud Storage

Your account data and learning progress are stored on Cloudflare Workers with Neon PostgreSQL, hosted in the United States. All data is encrypted in transit using TLS. Exam question content is additionally protected with AES-256-GCM encryption during transmission.

4.3 Credential Storage

Sensitive authentication credentials (access tokens and refresh tokens) are stored in the iOS Keychain, which provides hardware-backed encryption via Secure Enclave and is protected by your device's security (passcode, Face ID, Touch ID).

4.4 Security Measures

We implement industry-standard security measures including TLS-encrypted API communications, AES-256-GCM content encryption, iOS Keychain for credential storage, App Attest for device integrity verification, and access controls limiting access to personal data. However, no method of electronic storage or transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5. Data Retention and Deletion

  • Active accounts: We retain your account data and learning progress for as long as your account is active and you continue to use the Service.
  • Account deletion: You may delete your account at any time from the app under Profile → Account → Delete Account. Upon deletion, all server-side data will be permanently removed within 30 calendar days.
  • Local data: Data stored locally on your device is deleted when you uninstall the app. Note that iOS Keychain data may persist after uninstallation by default — this is standard iOS behavior and outside our control.
  • Aggregated data: Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytical and service improvement purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal data.
  • Right to Deletion: You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us at support@ExamPal.app. We will respond to your request within 30 days. You may also delete your account directly from the app under Profile → Account → Delete Account.

7. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, email support@ExamPal.app with the subject line "CCPA Request." We will verify your identity before fulfilling your request and respond within 45 days.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child, please contact us at support@ExamPal.app.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via an in-app notification

Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ExamPal (operated by VIISLABS)

Email: support@ExamPal.app

Website: ExamPal.app

See also our Terms of Service. Questions? Contact us.