Privacy Policy

1) Introduction

Welcome to SuperApp DSAT (“we”, “us”, “our”). We respect your privacy. This policy explains what we collect, how we use it, and the choices you have when you use our mobile application and related web pages (the “Service”).

2) What we collect

• Account data — email address, display name, and your Firebase user ID (UID) created during sign-in.
• Practice & progress data — items such as generated exams/modules, attempts, scores, timestamps, and preferences you set in the app.
• Purchase data — product ID, transaction/receipt information from Apple In-App Purchase needed to verify and grant credits. We do not receive or store your full payment card details.
• Technical logs — basic device and network information (e.g., IP address) captured by our hosting and security providers; error messages necessary to diagnose issues.

3) How we use your data

• Provide and operate the Service — authenticate you, generate DSAT practice content, save progress, and show your results.
• Process purchases — verify App Store receipts server-side and grant credits to your account.
• Improve reliability — troubleshoot, protect against abuse, and enhance performance and UX.
• Support — respond to requests and account issues you raise.

4) Legal bases

Where applicable (e.g., EEA/UK), we process data based on: performance of a contract (providing the app and IAP), our legitimate interests (security, fraud prevention, improvement), and compliance with legal obligations.

5) Sharing & processors

We share data with service providers that help us run the Service, under appropriate agreements:

• Google Firebase (Authentication, Cloud Firestore, Cloud Functions, Hosting) — account, progress, and server verification data are stored/processed here.
• Apple (App Store / In-App Purchase) — handles payments and issues receipts used for verification.

We may disclose information if required by law, to protect rights/safety, or during a merger/acquisition.

6) International transfers

Our primary Firestore database is configured in EU (europe-west12). Some services (e.g., certain Cloud Functions like receipt verification) may operate in US (us-central1). As a result, your information may be transferred to or processed in regions outside your country. We use reputable providers and appropriate safeguards for such transfers.

7) Retention

We keep personal data only as long as necessary to provide the Service and meet legal obligations. If you request account deletion, we delete or irreversibly anonymize personal data from active systems except where retention is required by law (e.g., transaction records).

8) Children’s privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, please contact us so we can delete it.

9) Your rights

• Access, correct, or delete your personal data.
• Object to or restrict certain processing where applicable by law.
• Data portability where applicable.

You can exercise these rights via the app (Profile settings, where available) or by contacting us at the address below. We will verify your request and respond within the time required by law.

10) Security

We use industry-standard safeguards (encrypted transport, access controls). No method of transmission or storage is 100% secure; use the Service at your own risk.

11) In-App Purchases

Purchases are processed by Apple. We store only what’s required to verify your entitlement (e.g., product ID and receipt data). Prices may vary by region and are displayed before you confirm a purchase.

12) Changes

We may update this policy from time to time. We will post the new policy here and update the “Last updated” date above.

13) Contact

Questions or requests (including account deletion):