← Back to EasyBarPass

Privacy Policy

Last updated: April 27, 2026

EasyBarPass takes your privacy seriously. This policy explains what information we collect, how we use it, and the choices you have. We do not sell your personal data and we do not use your data for advertising.

1. Information We Collect

Information you provide directly

  • Name and email address (account creation)
  • Password (stored as a secure hash — we never see your password in plaintext)
  • Exam date (optional, used for personalized study planning)
  • Essay submissions (text you submit for AI grading)
  • Chat messages with Alfred (text you send to the AI coach)
  • Quiz answers and performance data
  • Terms acceptance timestamp (recorded when you agree to our Terms of Service)

Information collected automatically

  • IP address and approximate location (country/region level)
  • Browser type, operating system, and device type
  • Pages and features you visit, and how long you spend on them
  • Session timestamps and activity logs
  • Credit consumption and transaction records
  • Error logs and diagnostic data (used to fix bugs)

Information from third parties

  • Stripe: Payment confirmation and transaction identifiers. We never receive or store your full credit card number — Stripe handles all payment data.
  • Supabase: Authentication tokens and session data used to keep you logged in.

2. How We Use Your Information

  • Provide, operate, and improve the EasyBarPass study platform
  • Personalize your learning experience — adaptive quiz difficulty, readiness scores, progress tracking, and weak-area identification
  • Power AI features (Alfred coaching, Cinco reinforcement, essay grading, study plan generation) by sending appropriately sanitized input to the Anthropic Claude API
  • Process payments via Stripe for Pro purchases and credit refill packs
  • Send transactional emails: account verification, purchase confirmation, password reset, and exam reminders — delivered via Resend
  • Send product emails: upgrade suggestions, low-credit warnings, and exam-date reminders. You can opt out of product emails at any time using the unsubscribe link in each email.
  • Analyze aggregate, anonymized usage patterns to improve content quality and platform performance
  • Detect and prevent abuse, fraud, and Terms of Service violations
  • Comply with legal obligations

3. AI Data Handling

This section is especially important. When you use Alfred, Cinco, essay grading, or study plan features, your input is sent to Anthropic's Claude API for processing. Here is exactly how we handle that:

  • PII sanitization. Before sending any text to the AI, we run it through a sanitization layer that strips personally identifiable information — names, email addresses, phone numbers, and physical addresses. Your personal identity is not included in AI prompts.
  • Concept-level Cinco caching.Cinco-generated content is cached at the concept level (e.g., “promissory estoppel — 5 Explanations”) and is shared across all users. Your personal data is never included in cached Cinco content.
  • We do not use your data to train AI models. Your essays, chat messages, and quiz data are used to provide the service to you — not to fine-tune or train any AI model.
  • We do not sell your data. Your personal information is never sold, rented, or shared with third parties for advertising or marketing purposes.
  • Anthropic's data handling.Data sent to the Anthropic API is subject to Anthropic's own privacy policy and data handling terms. We recommend reviewing their policy at anthropic.com/privacy.
  • Conversation and essay storage. Your chat history with Alfred and essay submissions are stored in our database so you can review your history and track your progress. You can request deletion of this data at any time.

4. Data Storage & Security

  • Data is stored on Supabase (PostgreSQL), hosted on AWS in the US East (us-east-1) region.
  • All data is encrypted in transit using TLS/HTTPS.
  • Database access is protected by Row Level Security (RLS) policies — users can only read and write their own data.
  • Payment processing is handled by Stripe (PCI-DSS Level 1 compliant). We never see or store your full card number.
  • Rate limiting is applied to all API endpoints to prevent abuse and unauthorized bulk access.
  • Access to production data is restricted to authorized personnel only. We use the Supabase service role key only in server-side API routes, never in client-side code.
  • Passwords are hashed by Supabase Auth using industry-standard algorithms. We never store or transmit passwords in plaintext.

5. Data Retention

Data typeRetained until
Account profile (name, email)Account is active or deleted
Quiz attempts and progress dataAccount is active or deleted
Essay submissions and feedbackAccount is active or deleted
Alfred chat historyAccount is active or deleted
Payment and credit transaction records7 years (tax and legal compliance)
After account deletionPersonal data deleted within 30 days; anonymized aggregate data may be retained

6. Your Rights

You have the following rights regarding your personal data:

  • Access: You can view much of your data directly through the platform (dashboard, progress pages, essay history, chat history).
  • Correction: Contact us to correct inaccurate or incomplete information.
  • Deletion: Email team@easybarpass.com to request deletion of your account and personal data. We will process the request within 30 days.
  • Data export: Email us to request a copy of your personal data in a machine-readable format.
  • Opt-out of product emails: Use the unsubscribe link in any product email. Transactional emails (verification, password reset, purchase confirmation) cannot be opted out of as they are necessary to operate the service.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, disclose, and sell.
  • Right to delete personal information we have collected about you (subject to certain exceptions).
  • Right to opt-out of sale. We do not sell your personal information.
  • Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at team@easybarpass.com.

7. Cookies & Tracking

  • Authentication cookies: We use cookies to maintain your login session via Supabase Auth. These are essential to keep you signed in.
  • localStorage: We store user preferences locally in your browser — such as theme (light/dark), font size, and sidebar width. This data never leaves your device.
  • No advertising cookies: We do not use third-party advertising cookies, tracking pixels, or sell data to advertisers.
  • Analytics: If we implement analytics tools in the future, we will update this policy and, where required by law, obtain your consent.

You can disable cookies in your browser settings, but doing so will prevent you from staying logged in to EasyBarPass.

8. Children's Privacy

EasyBarPass is intended exclusively for users 18 years of age and older who are preparing for the bar examination. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected data from a minor, we will delete that data promptly. If you believe we may have collected information from a minor, please contact us at team@easybarpass.com.

9. Third-Party Services

We rely on the following third-party services to operate EasyBarPass. Each processes data according to their own privacy policies.

ServicePurposePrivacy Policy
SupabaseAuthentication and databasesupabase.com/privacy
StripePayment processingstripe.com/privacy
AnthropicAI features (Claude API)anthropic.com/privacy
ResendTransactional email deliveryresend.com/legal/privacy-policy
VercelHosting and edge infrastructurevercel.com/legal/privacy-policy
UpstashRate limiting (Redis)upstash.com/trust/privacy.html

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes — such as new data collection practices or changes to how we use your information — will be communicated via email to registered users before taking effect. The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of EasyBarPass after changes take effect constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data access requests, or deletion requests:

Terms of ServiceContactEasyBarPass Home