Privacy Policy
Effective date: April 10, 2026 · Last updated: April 10, 2026
StampReady ("we," "us," or "our") operates the website https://stampready.app and related mobile applications (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By using the Service, you agree to the collection and use of information in accordance with this policy.
We collect the minimum data needed to run an exam-prep platform: your email, display name, state, exam choice, practice results, and anything you voluntarily type into feedback or chat. We do not sell your data. We do not show ads. We do not track you across other websites. You can export or delete your account at any time.
1. Who we are
StampReady is operated by Devin Davidson, P.E. (Texas PE #124920), a licensed Professional Engineer. Contact: privacy@stampready.org.
2. Information we collect
2.1 Information you provide directly
- Account information: Email address, password (stored as a hash, never in plain text), display name, avatar selection.
- Profile information: Your licensure state, engineering discipline, target exam date, school, accommodations preferences (extended time, large print, high contrast, reduced distractions).
- Study data: Practice exam answers, scores, flagged questions, study session duration, progress tracking.
- Purchase records: Items purchased from the marketplace (references, question bundles). We do not currently process real payments — all purchases are recorded for inventory tracking only.
- Chat messages: Text you send in Study Rooms. Messages are transmitted via Supabase Realtime and stored only in memory during an active session.
- Feedback and support requests: Any content you submit through the in-app feedback form or via email to support@stampready.org.
2.2 Information collected automatically
- Device and browser information: User agent string, operating system, screen size, language preference, time zone. This is used to render the app correctly and fix display bugs.
- Usage data: Which panels you visit, how long sessions last, whether features work correctly. No clickstream tracking or behavioral profiling.
- Diagnostic data: JavaScript error reports and crash logs if something breaks.
- Service worker cache: A local browser cache for offline capability (no personal data is stored in the cache).
2.3 Information we do NOT collect
- We do not collect your real name unless you enter it voluntarily.
- We do not collect your phone number.
- We do not collect your home or mailing address.
- We do not collect payment card information. (When real payments are enabled in a future version, this will be handled by a PCI-compliant third party such as Stripe, and the relevant details will be added to this policy.)
- We do not collect social security numbers, driver's license numbers, or other government identifiers.
- We do not collect biometric data, facial recognition data, or location data.
- We do not use cross-site tracking cookies or third-party advertising pixels.
3. How we use your information
We use the information we collect to:
- Provide and maintain the Service (log you in, remember your progress, show content relevant to your state and exam).
- Filter marketplace and library content to match your licensure jurisdiction and target exam.
- Improve the Service by fixing bugs and adding requested features.
- Respond to your support requests and feedback.
- Communicate important service updates (account issues, policy changes, security notices) — NOT marketing emails.
- Prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations.
4. Third-party services we use
We use a small number of third-party services to operate StampReady. Each one has its own privacy policy that you can review:
| Service | What it does | Data shared | Privacy policy |
|---|---|---|---|
| Supabase | Database, authentication, real-time chat | Email, display name, profile fields, study data, chat messages | supabase.com/privacy |
| GitHub Pages | Static web hosting | IP address (in access logs), user agent | GitHub Privacy |
| Jitsi Meet (meet.jit.si) | Video conferencing for Study Rooms (optional) | Room name (not your personal info), video/audio stream during an active call | jitsi.org/meet-jit-si-privacy |
| Apple App Store / Google Play | App distribution (mobile only) | Install metadata, crash reports | Apple / Google platform policies |
We do not use Google Analytics, Facebook Pixel, Hotjar, or any other cross-site tracker.
5. How we protect your information
- All data is transmitted over HTTPS with TLS 1.2 or higher.
- Passwords are hashed using industry-standard algorithms (bcrypt, handled by Supabase Auth). We never see or store your plain-text password.
- Database access is protected by Row-Level Security (RLS) policies — users can only access their own data.
- We follow the principle of least privilege for internal access.
- We keep systems patched and monitor for suspicious activity.
No online service can guarantee 100% security. If you suspect a security issue, please contact us immediately at security@stampready.org.
6. Your rights and choices
6.1 Access and export
You can export all of your account data in JSON format at any time from Profile → Export Data. This includes your profile, study history, purchases, and any feedback you've submitted.
6.2 Correction
You can edit your profile information (name, state, discipline, accommodations, etc.) at any time from the Profile panel.
6.3 Deletion
You can request full account deletion by emailing privacy@stampready.org from your registered email address. We will delete your account and all associated personal data within 30 days, except where we are legally required to retain certain records (e.g., transaction records for tax purposes).
6.4 Chat messages
Study Room chat messages are transient — they exist only in the memory of active participants during a session. We do not archive chat history server-side. When you close the room, the messages are gone.
6.5 Reporting and blocking
If another user posts inappropriate content in a Study Room chat, you can:
- Tap the ⋯ menu on any message and select Report message
- Tap the ⋯ menu and select Block user to hide all messages from that person
Reports are reviewed by the operator (Devin Davidson) within 24 hours. Serious violations result in account suspension.
6.6 Marketing communications
We do not send marketing emails. You will only receive service-related messages (password resets, security notices, major policy changes). There is nothing to unsubscribe from.
7. Data retention
- Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Study session data: Retained with your account until deletion.
- Feedback and support tickets: Retained for 2 years to help us track recurring issues, then deleted.
- Chat messages: Not retained server-side. Lost when the Study Room session ends.
- Server logs: Retained for up to 90 days for security and diagnostic purposes.
8. Children's privacy
StampReady is intended for users age 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@stampready.org and we will delete the information promptly.
9. International users
StampReady is operated from the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where privacy laws may be different from those in your jurisdiction.
9.1 European users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation, including:
- Right of access, rectification, erasure, restriction of processing, and data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
The lawful basis for processing your data is: (a) contract performance (to provide the Service you requested), and (b) legitimate interests (to improve the Service and prevent fraud). Contact privacy@stampready.org to exercise any of these rights.
9.2 California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Delete your personal information
- Opt out of the sale or sharing of personal information (we do not sell or share personal information)
- Non-discrimination for exercising your rights
To exercise these rights, email privacy@stampready.org.
10. Cookies and local storage
We use a small number of first-party cookies and browser local storage items to keep you logged in and remember your preferences:
- Authentication token (Supabase session) — required for login
- Language preference (EN / ES) — remembers your chosen language
- Theme preference (light / dark) — remembers your display preference
- Service worker cache — enables offline support
We do not use third-party advertising cookies or cross-site tracking cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, post a notice in the app and email all registered users. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.
12. Contact us
If you have questions about this Privacy Policy or your data, please contact:
- Privacy questions: privacy@stampready.org
- Security concerns: security@stampready.org
- General support: support@stampready.org
- Operator: Devin Davidson, P.E. · Texas PE #124920