Legal

Privacy Policy

Effective date: June 9, 2026

Terms of Service|Cookie Policy

1. Introduction

DuckSAT (“we,” “us,” or “our”) operates the website at ducksat.com. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service. By using DuckSAT, you consent to the practices described here.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Credentials accounts: username and hashed password. We generate a synthetic email address (username@duck.local) that is never sent externally.
  • Google OAuth accounts: your Google profile name, email address, and profile picture URL as provided by Google.
  • Optional onboarding data: SAT target score, planned test date, study goals — if you choose to provide them.

2.2 Usage and Performance Data

  • Answers to practice questions and drills (correct/incorrect, time taken).
  • Practice test scores, module-level results, and historical score trends.
  • Topics studied, drills completed, and streaks.
  • Pages visited and time spent on the site (via analytics).

2.3 Payment Information

Payments are processed by Stripe, Inc. We never receive or store your full card number, CVV, or bank account details. We store only the Stripe Customer ID and subscription status returned by Stripe.

2.4 Feedback

If you submit a rating or written review through the feedback widget, we store your rating (1–5 stars), your optional written review (up to 500 characters), the page URL where you submitted it, and your user account if you were logged in.

2.5 Communications

If you have a real email address on file (Google OAuth accounts), we may send you transactional emails (billing receipts, account notices) and, with your consent, promotional communications. You can unsubscribe at any time via the link in any email we send.

2.6 Technical Data

  • IP address (used for rate limiting; not stored long-term).
  • Browser user-agent string.
  • Cookies and localStorage items described in our Cookie Policy.

3. How We Use Your Information

  • Providing the Service: authenticating you, tracking your progress, generating personalized recommendations, and running AI tutoring features.
  • Billing: processing subscription payments and managing your plan.
  • Communications: sending receipts, password/account notices, and (if opted in) study reminders and feature announcements.
  • Improving the Service: analyzing aggregate usage to improve question quality, site performance, and feature design.
  • Safety and compliance: detecting abuse, enforcing our Terms of Service, and complying with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We share it only:

  • Stripe, Inc. — to process payments. Stripe's privacy policy applies to data you provide during checkout.
  • Google LLC — if you sign in with Google, your authentication data is governed by Google's Privacy Policy.
  • Resend, Inc. — to deliver transactional emails. Your email address is transmitted to Resend for delivery.
  • Meta Platforms, Inc. — if you accept analytics cookies, Meta Pixel may transmit page view events. You can opt out via our Cookie Policy.
  • Microsoft Azure — our cloud infrastructure provider stores all application data (database, server logs) in Azure data centers in the United States.
  • Legal requirements: if required by law, court order, or to protect the rights of DuckSAT or others.

5. Data Retention

  • Account data: retained as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where required to be retained by law (e.g., billing records for 7 years).
  • Practice results and scores: retained as long as your account is active.
  • Server logs and IP addresses: retained for up to 30 days for security purposes.
  • Feedback and reviews: retained indefinitely unless you request deletion.

6. Security

We use industry-standard safeguards including HTTPS encryption in transit, bcrypt password hashing (cost factor 12), and Azure SQL encryption at rest. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Children's Privacy

DuckSAT is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will delete it.

8. Your Rights

Depending on your location, you may have rights regarding your personal data, including:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion: request deletion of your account and associated personal data.
  • Portability: receive your data in a machine-readable format.
  • Opt-out of marketing: unsubscribe from promotional emails at any time.

To exercise any of these rights, email us at support@ducksat.com. We will respond within 30 days.

9. International Transfers

DuckSAT is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the effective date at the top of the page and, for material changes, notify you via email (if you have one on file) or via a notice on the site.

11. Contact Us

For privacy-related questions or requests, contact us at support@ducksat.com.

HomeTerms of ServiceCookie Policy