Privacy Policy
Effective date: April 10, 2026 · Last updated: April 20, 2026
StampReady ("we," "us," or "our") operates the website https://stampready.app and related mobile applications (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By using the Service, you agree to the collection and use of information in accordance with this policy.
We collect the minimum data needed to run an exam-prep platform: your email, display name, state, exam choice, practice results, and anything you voluntarily type into feedback or chat. We do not sell your data. We do not show ads. We do not track you across other websites. You can export or delete your account at any time.
1. Who we are
StampReady is operated by Devin Davidson, P.E. (Texas PE #124920), a licensed Professional Engineer. Contact: privacy@stampready.org.
2. Information we collect
2.1 Information you provide directly
- Account information: Email address, password (stored as a hash, never in plain text), display name, avatar selection.
- Profile information: Your licensure state, engineering discipline, target exam date, school, accommodations preferences (extended time, large print, high contrast, reduced distractions).
- Study data: Practice exam answers, scores, flagged questions, and study session duration. Used only to show you your own progress — not shared externally, never used for advertising.
- Feedback and support requests: Any content you submit through the in-app feedback form or via email to support@stampready.org.
2.2 Information collected automatically
- Device and browser information: User agent string, operating system, screen size, language preference, time zone. This is used to render the app correctly and fix display bugs.
- Usage data: Which panels you visit, how long sessions last, whether features work correctly. No clickstream tracking or behavioral profiling.
- Diagnostic data: JavaScript error reports and crash logs if something breaks.
- Service worker cache: A local browser cache for offline capability (no personal data is stored in the cache).
2.3 Information we do NOT collect
- We do not collect your real name unless you enter it voluntarily.
- We do not collect your phone number.
- We do not collect your home or mailing address.
- We do not collect payment card information. The app is 100% free during beta — there are no in-app purchases, no subscriptions, and no paid tiers.
- We do not collect social security numbers, driver's license numbers, or other government identifiers.
- We do not collect biometric data, facial recognition data, or location data.
- We do not use cross-site tracking cookies, third-party advertising pixels, data brokers, or any SDK that enables user tracking as defined by Apple's App Privacy policy. We do not call
ATTrackingManager. - We do not transmit the contents of reference PDFs, images, or other in-app study materials to any server. These are fetched from our hosted storage and rendered locally in your browser.
2.4 iOS app — Privacy Manifest
The StampReady iOS app ships with a PrivacyInfo.xcprivacy file as required by Apple (iOS 17+). It declares: no tracking, no IDFA, no cross-app tracking domains. The only "required reason" APIs used are indirect — through Apple's own WebKit (file timestamps, system boot time) and system-default user-preferences storage. Full manifest in the source repository.
3. How we use your information
We use the information we collect to:
- Provide and maintain the Service (log you in, remember your progress, show content relevant to your state and exam).
- Filter the state licensure checklist and reference content to match your jurisdiction and target exam.
- Improve the Service by fixing bugs and adding requested features.
- Respond to your support requests and feedback.
- Communicate important service updates (account issues, policy changes, security notices) — NOT marketing emails.
- Prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations.
4. Third-party services we use
We use a small number of third-party services to operate StampReady. Each one has its own privacy policy that you can review:
| Service | What it does | Data shared | Privacy policy |
|---|---|---|---|
| Supabase (Database + Auth) | Account database and authentication | Email, display name, profile fields, study data | supabase.com/privacy |
| Supabase Storage | Hosts the public-domain reference PDFs (MUTCD, FHWA HIF, DoD UFS) served to the in-app PDF viewer | IP address (in access logs only). No personal data is associated with PDF requests. | supabase.com/privacy |
| Mozilla pdf.js | Open-source PDF rendering library (MIT licensed). Runs entirely in-browser on your device. | None — pdf.js does not communicate with any server. The PDF bytes are fetched from Supabase Storage above, then rendered locally. | pdf.js project |
| Cloudflare | Static web hosting, CDN, DNS | IP address (in access logs), user agent | Cloudflare Privacy |
| Sentry | Error monitoring and crash reporting | JavaScript error details, browser info, page URL (no personal data) | sentry.io/privacy |
| Apple App Store / Google Play | App distribution (mobile only) | Install metadata, crash reports | Apple / Google platform policies |
We do not use Google Analytics, Facebook Pixel, Hotjar, or any other cross-site tracker.
5. How we protect your information
- All data is transmitted over HTTPS with TLS 1.2 or higher.
- Passwords are hashed using industry-standard algorithms (bcrypt, handled by Supabase Auth). We never see or store your plain-text password.
- Database access is protected by Row-Level Security (RLS) policies — users can only access their own data.
- We follow the principle of least privilege for internal access.
- We keep systems patched and monitor for suspicious activity.
No online service can guarantee 100% security. If you suspect a security issue, please contact us immediately at security@stampready.org.
6. Your rights and choices
6.1 Access and export
You can export all of your account data in JSON format at any time from Profile → Export Data. This includes your profile, study history, and any feedback you've submitted.
6.2 Correction
You can edit your profile information (name, state, discipline, accommodations, etc.) at any time from the Profile panel.
6.3 Deletion
You can request full account deletion by emailing privacy@stampready.org from your registered email address. We will delete your account and all associated personal data within 30 days, except where we are legally required to retain certain records (e.g., transaction records for tax purposes).
6.4 Marketing communications
We do not send marketing emails. You will only receive service-related messages (password resets, security notices, major policy changes). There is nothing to unsubscribe from.
7. Data retention
- Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Study session data: Retained with your account until deletion.
- Feedback and support tickets: Retained for 2 years to help us address recurring issues, then deleted.
- Server logs: Retained for up to 90 days for security and diagnostic purposes.
8. Children's privacy
StampReady is intended for users age 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@stampready.org and we will delete the information promptly.
9. International users
StampReady is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where privacy laws may be different from those in your jurisdiction.
9.1 European users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation, including:
- Right of access, rectification, erasure, restriction of processing, and data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
The lawful basis for processing your data is: (a) contract performance (to provide the Service you requested), and (b) legitimate interests (to improve the Service and prevent fraud). Contact privacy@stampready.org to exercise any of these rights.
9.2 California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Delete your personal information
- Opt out of the sale or sharing of personal information (we do not sell or share personal information)
- Non-discrimination for exercising your rights
To exercise these rights, email privacy@stampready.org.
10. Cookies and local storage
We use a small number of first-party cookies and browser local storage items to keep you logged in and remember your preferences:
- Authentication token (Supabase session) — required for login
- Display preferences — remembers your UI settings (question numbering, timer sounds, etc.)
- Service worker cache — enables offline support
We do not use third-party advertising cookies or cross-site tracking cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, post a notice in the app and email all registered users. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.
12. Contact us
If you have questions about this Privacy Policy or your data, please contact:
- Privacy questions: privacy@stampready.org
- Security concerns: security@stampready.org
- General support: support@stampready.org
- Operator: Devin Davidson, P.E. · Texas PE #124920