PrepTraining

Privacy Policy

Version 1.0.0 · Last updated: January 2026

1. Data Controller

PrepTraining is the data controller responsible for your personal data.

  • Company: PrepTraining
  • Address: Lisbon, Portugal
  • Email: privacy@preptraining.com
2. Data We Collect

We collect the following categories of personal data:

Account Data

  • Email address
  • Name (optional)
  • Profile picture (optional)
  • Account creation date

Assessment and Profile Data

  • Preparedness level and concerns
  • Location type (urban/suburban/rural)
  • Household size
  • Time commitment preferences
  • Current supplies and financial readiness

Usage Data

  • Task completions and progress
  • Scenario attempts and scores
  • Collectibles and badges earned
  • Daily streaks and activity history

Device and Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Push notification subscription data

Payment Data (for Premium Users)

  • Payment processing is handled by Stripe
  • We store only Stripe customer ID, not payment card details
3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with the PrepTraining service as agreed when you create an account.
  • Legitimate Interest: Processing for service improvement, security, and fraud prevention.
  • Consent: Processing based on your explicit consent, such as marketing communications or push notifications.
4. Purpose of Processing

We use your personal data for the following purposes:

  • Providing and personalizing the disaster preparedness training service
  • Tracking your progress, streaks, and achievements
  • Generating personalized task recommendations based on your assessment
  • Sending notifications and reminders (with your consent)
  • Processing payments for Premium membership
  • Improving our service through aggregated analytics
  • Communicating important service updates
5. AI and Automated Processing

PrepTraining uses artificial intelligence in the following ways:

  • Content Generation: Some quiz questions and scenario content are AI-generated based on established disaster preparedness guidelines.
  • No AI Evaluation: Your answers and choices are not evaluated by AI. Scoring is based on predetermined criteria.
  • Task Recommendations: Task suggestions are based on your assessment responses and completion history, using rule-based algorithms rather than AI profiling.
6. Third-Party Services

We use the following third-party services to provide our platform:

  • Clerk - Authentication and user management (USA)
  • Stripe - Payment processing (USA)
  • Vercel - Hosting and content delivery (USA)
  • Neon - Database hosting (USA/EU)

These services are bound by Standard Contractual Clauses (SCCs) for international data transfers from the EU.

7. Data Retention

We retain your personal data according to the following policy:

  • Active Accounts: Data is retained for the duration of your account.
  • After Account Deletion: Data is deleted within 30 days, except where retention is required by law.
  • Consent Records: Records of your consent are retained for 3 years after withdrawal for legal compliance.
8. International Data Transfers

Your data may be transferred to and processed in the United States through our third-party service providers. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest.
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.
10. How to Exercise Your Rights

You can exercise your data rights in the following ways:

  • Self-Service: Use the Data & Privacy section in your account settings to download your data or delete your account.
  • Contact Us: Email privacy@preptraining.com with your request.

We will respond to your request within 30 days. We may request additional information to verify your identity.

11. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For PrepTraining, the lead supervisory authority is:

  • CNPD - Comissão Nacional de Proteção de Dados (Portugal)
  • Website: https://www.cnpd.pt
12. Cookies and Tracking

PrepTraining uses only essential cookies necessary for the service:

  • Session Cookies: To maintain your login state.
  • Authentication Cookies: Set by Clerk for secure authentication.

We do not use advertising cookies or third-party tracking cookies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

  • Posting a notice on the service
  • Requesting re-acceptance of the updated policy
  • Sending an email to registered users (for significant changes)

Your continued use of the service after changes indicates acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@preptraining.com
  • Address: PrepTraining, Lisbon, Portugal