Privacy Policy

Last updated: March 2026

1. Who we are

EUPrep is an online study platform for EPSO exam preparation. For any privacy-related questions, contact us at support@eu-prep.com.

2. What we collect

• Email address — collected when you create an account via Firebase Authentication (Google)
• Payment information — processed entirely by Stripe. We never receive or store your card details.
• Study progress data — flashcard reviews, scores, and session history stored in our database to power spaced repetition and adaptive difficulty
• User-uploaded documents — only if you choose to upload study material. Used solely for generating your flashcards.

3. Why we collect it

• Account authentication and access control
• Processing and managing payments
• Delivering and personalising your study experience
• Communicating service updates or responding to support requests

3a. Lawful basis for processing

We process your personal data on the following legal bases under GDPR Art. 6:

• Contract performance (Art. 6(1)(b)) — processing your email address and study progress data is necessary to provide the EUPrep service you have signed up for
• Legal obligation (Art. 6(1)(c)) — retaining payment records as required by applicable financial and tax law
• Legitimate interests (Art. 6(1)(f)) — service security, fraud prevention, and improving the platform

4. Data processors

We use the following third-party processors:

• Stripe — payment processing. Stripe’s privacy policy applies to all payment data: stripe.com/privacy
• Firebase / Google — authentication. Google’s privacy policy applies to auth data: policies.google.com/privacy
• Anthropic — AI explanations (Analyst plan only). Prompts contain flashcard content only, never personal data: anthropic.com/privacy

We do not sell or share your data with any other third parties.

5. Data retention

Your data is retained for as long as your account is active. If you delete your account, all personal data — including your email address, study history, and any uploaded documents — is permanently deleted from our systems. No backups of personal data are retained after deletion.

To request account deletion, email support@eu-prep.com.

5a. International data transfers

Some of our data processors are based outside the European Economic Area (EEA):

• Anthropic (United States) — AI explanation processing. Transfers are subject to Anthropic’s data processing terms and standard contractual clauses where applicable.
• Google / Firebase (United States) — authentication services. Google operates under the EU–US Data Privacy Framework and standard contractual clauses.
• Stripe (United States) — payment processing. Stripe operates under the EU–US Data Privacy Framework and standard contractual clauses.

We take steps to ensure that transfers outside the EEA are protected by appropriate safeguards as required by GDPR Chapter V.

6. Your rights (GDPR)

As a user in the European Union, you have the right to:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data (“right to be forgotten”)
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a portable format
• Object — object to processing based on legitimate interests

To exercise any of these rights, email support@eu-prep.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

7. Cookies

We use only strictly necessary cookies for authentication. See our Cookie Notice for details.