Privacy Policy

Effective date: May 10, 2026 · Last updated: May 10, 2026

WhizPass ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data. By using WhizPass you agree to this Privacy Policy. If you do not agree, please do not use the platform.

1. Data We Collect

1.1 Data You Provide

  • Account data: email address, hashed password, and optional display name provided at registration.
  • Display name: a pseudonym of your choice (or an auto-generated one) used publicly on the leaderboard. This replaces your real name and email in public views.
  • User-generated content: notes, comments, and flags you submit on questions. This content is associated with your account.
  • Communications: if you contact us, we retain the communication for support purposes.

1.2 Data Collected Automatically

  • Study activity: your exam attempts, answers submitted, scores, bookmarks, streak data, and badges. This data is used to power your personal progress tracking.
  • Session data: authentication tokens stored in secure, HTTP-only cookies to maintain your login session.
  • Technical data: where required for platform operation, basic server-side request logs may be retained temporarily (e.g., IP addresses for security purposes). We do not build user profiles from this data.

1.3 Data We Do NOT Collect

  • Payment card data — WhizPass does not process payments directly and does not store any payment information.
  • Government-issued ID numbers, national insurance numbers, or similar sensitive identifiers.
  • Precise geolocation data.
  • Data from minors. WhizPass is not intended for users under 16 years of age.

2. How We Use Your Data

We use collected data solely to:

  • Create and manage your account and authenticate your login sessions;
  • Provide, operate, and improve the platform and its features;
  • Track your study progress, scores, streaks, and achievements;
  • Display your pseudonym on the public leaderboard (never your real name or email);
  • Send transactional emails such as welcome messages, password reset links, and account notifications;
  • Detect and prevent fraud, abuse, and security incidents;
  • Respond to support enquiries;
  • Comply with applicable legal obligations;
  • Generate aggregated, anonymised analytics to understand platform usage and improve content (these reports contain no personally identifiable information).

We do not sell your personal data. We do not use your personal data for third-party advertising. We do not build advertising profiles from your data.

3. Sharing Your Data

We do not sell, rent, or trade your personal data. We may share data with trusted third parties only in the following limited circumstances:

  • Service providers: we use third-party services to operate the platform, including database hosting (Neon/PostgreSQL) and email delivery (Resend). These providers process your data only as instructed by us and under appropriate data processing agreements.
  • Legal requirements: we may disclose data if required by applicable law, court order, or lawful governmental request.
  • Security: we may share data when necessary to protect the rights, safety, or security of WhizPass, its users, or the public.
  • Business transfer: if WhizPass is merged, acquired, or its assets transferred, your data may be transferred to the successor entity, subject to equivalent privacy protections.
  • With your consent: in any other circumstance, we will only share your data with your explicit prior consent.

Aggregated or fully anonymised data (which cannot identify any individual) may be disclosed without restriction.

4. Leaderboard & Public Visibility

The WhizPass leaderboard displays your display name (pseudonym) and best exam score. Your real name and email address are never displayed publicly. You may change your display name at any time from your account settings. Comments and notes you submit on questions may be visible to other registered users. You are responsible for the content you choose to share.

5. Cookies & Session Tokens

WhizPass uses essential cookies only — specifically a secure, HTTP-only session token cookie required to maintain your authenticated login session. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The session cookie is deleted when you log out or when it expires.

If you disable cookies in your browser, you will not be able to log in or use authenticated features of the platform.

6. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, we will delete your personal data from our active systems within a reasonable timeframe. Certain anonymised or aggregated data derived from your activity may be retained indefinitely for platform improvement purposes. Where we are required by law to retain data, we will do so for the mandated period.

7. Security

We implement reasonable technical and organisational security measures to protect your data, including password hashing (bcrypt), HTTPS-only transmission, and secure session management. However, no internet-based system is 100% secure. WhizPass cannot guarantee that unauthorised third parties will never defeat our security measures or access your data. You use the platform at your own risk. You are responsible for maintaining the confidentiality of your account credentials.

WhizPass accepts no liability for any loss or damage arising from a security breach, data loss, or unauthorised access to your account, to the maximum extent permitted by law.

8. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data. You can update your display name directly in account settings.
  • Deletion: request deletion of your account and personal data.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: request a machine-readable export of data you have provided to us.
  • Objection: object to processing of your data in certain circumstances.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@whizpass.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

9. Children's Privacy

WhizPass is not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

10. Limitation of Privacy-Related Liability

To the maximum extent permitted by applicable law, WhizPass shall not be liable for any damages, losses, or costs of any kind arising from or related to any breach of data security, data loss, or any privacy incident, regardless of whether such breach arises from negligence or any other cause. WhizPass provides security measures on a best-efforts basis with no guarantee.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by a notice on the platform. The updated policy will be effective upon posting. Continued use of the platform after any change constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, please contact us at: support@whizpass.com

© 2026 WhizPass. All rights reserved.

See also: Terms & Conditions · FAQ