Privacy Policy

1. Overview

DAT RC Mastery (“we,” “us,” or “the service”) is a web application that helps pre-dental students prepare for the Reading Comprehension section of the Dental Admission Test. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

By using the service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

2. Information We Collect

Account information

When you create an account, we collect your name, email address, and (for password-based accounts) a hashed password. If you sign in with Google, we receive your name, email, and profile image from Google via the OAuth protocol. We do not receive or store your Google password.

Practice data

We collect information about your practice sessions: which passages you attempted, your answers, your scores, your reading speed (WPM), time spent per passage, and question-level performance. This data powers the analytics and score tracking that are central to the product.

Payment information

Payments are processed entirely by Stripe. We do not receive, store, or have access to your full credit card number. We receive only a customer identifier, the plan you purchased, payment confirmation, and the billing email you provided to Stripe.

Technical information

When you use the service we collect standard technical information that your browser sends with every request: IP address, user agent, page paths visited, referring URLs, and timestamps. We use this to operate and monitor the service.

3. How We Use Your Information

• To create and maintain your account and authenticate your sessions.
• To provide the core product: passage access, question grading, WPM tracking, analytics, and progress history.
• To process payments for Standard and Premium subscriptions through Stripe.
• To communicate with you about your account, including security-critical notices and receipts.
• To monitor and improve the service, including diagnosing bugs and preventing abuse.
• To comply with legal obligations.

We do not sell your personal information. We do not use your practice data to train any third-party AI models.

4. Third-Party Services

We use a small number of third-party services that receive limited data in order to operate the platform:

• Google (OAuth login), receives and verifies your sign-in. See Google’s Privacy Policy.
• Stripe (payments), processes all card transactions. See Stripe’s Privacy Policy.
• Neon / PostgreSQL (database hosting), stores account data, subscription status, and practice records. See Neon’s Privacy Policy.
• Vercel (application hosting), serves the website and runs the application code. See Vercel’s Privacy Policy.

These providers act as data processors on our behalf. We share the minimum information required for each service to function.

5. Cookies and Local Storage

We use cookies for authentication sessions and to remember your sign-in. We also use browser local storage to persist your practice attempts, reading speed data, and user-interface preferences. These are first-party and are not used for advertising or third-party tracking.

6. Data Security

We take reasonable measures to protect your information. Passwords are stored as one-way bcrypt hashes and never in plain text. Traffic to the site is encrypted in transit via HTTPS. Access to the production database is restricted to administrators.

No system is perfectly secure. In the event of a data breach that we determine has compromised your information, we will notify affected users without unreasonable delay.

7. Data Retention

We retain your account and practice data for as long as your account exists. If you delete your account, we will delete your personal information and practice data within 30 days, except for records we are required to retain for tax, accounting, or legal reasons (for example, Stripe payment records).

8. Your Rights

You may at any time:

• Access the personal information we hold about you through your Profile page.
• Correct your name or profile image from the Profile page.
• Request deletion of your account by contacting us at the email address below.
• Export a copy of your practice data on request.

Depending on your jurisdiction, you may also have rights under regional privacy laws (including GDPR for users in the EU/UK and CCPA for users in California). Contact us if you wish to exercise any of these rights.

9. Children’s Privacy

The service is intended for university-aged pre-dental students and is not directed at children under 13. We do not knowingly collect information from anyone under 13. If you believe a child under 13 has signed up, please contact us and we will delete the account.

10. Changes to This Policy

We may update this policy as the product evolves. When we do, we will update the “Last updated” date at the top. Material changes will be communicated by a notice in the product or by email to the address on file.

11. Contact

Questions about this policy or a request to exercise your rights? Reach us through our contact page.