Privacy Policy

Your privacy is important to us. Learn how we protect your data.

Effective date: 17 October 2025

This Privacy Policy explains what we collect, how we use it, and the choices you have when using istabaq.com and related apps ("Service").

Our Privacy Commitments

✓No AI Training: We never use your data to train AI/LLM models
✓No Data Selling: We do not sell your personal information
✓Minimal Analytics: Only Mixpanel for product improvement
✓Your Rights: Access, correct, or delete your data anytime

1. What We Collect

Account Data

Name, email, password (hashed), profile details. If you sign in with Google, we receive basic account information you approve (e.g., name, email, profile image).

Content You Provide

Prompts, inputs, files you upload, answers/outputs you choose to save, and feedback.

Usage & Device Data

Pages viewed, features used, time and frequency, device type, operating system, browser, approximate location from IP, crash/diagnostic logs.

Cookies & Similar Tech

Small files to keep you signed in, remember preferences, and measure usage.

2. Strict Policy on AI/LLM Training

•We do not use your personal data, prompts, inputs, messages, files, or answers/outputs to train AI or LLM models.
•We do not allow any third party we use to train their models on your data or your content from the Service.

3. Analytics (Mixpanel Only)

We use Mixpanel as our only third-party analytics provider to understand feature usage and improve the Service. Analytics data may include events (what was clicked/used), device info, and rough location from IP.
We do not use analytics for targeted advertising.

4. How We Use Data

Provide, operate, and secure the Service (authentication, fraud prevention, abuse detection).
Understand product usage and improve features, performance, and user experience.
Communicate about updates, security alerts, and support.
Comply with legal obligations and enforce our Terms of Service.

5. Google Sign-In & Data Collection

What We Collect from Google

When you sign in with Google, we request and receive the following information:

Name - To personalize your account and display your profile
Email address - For authentication, account management, and important service communications
Google User ID - To uniquely identify your account and enable secure authentication

Why We Need This Data

Authentication - Securely verify your identity and allow you to access your account
Save Your Progress - Store your exam history, practice test results, and study progress
Personalization - Provide a customized learning experience based on your performance
Account Management - Send you important updates about your account and the Service

How We Store Your Data

We use Supabase, a secure cloud database platform, to store your account and learning data:

Encryption - All data is encrypted in transit (HTTPS/TLS) and at rest
Access Control - Only authorized systems and personnel can access your data
Data Location - Stored securely in Supabase's infrastructure with industry-standard security measures
Backup & Recovery - Regular backups to prevent data loss

Google API Services Compliance:

We comply with the Google API Services User Data Policy, including its Limited Use requirements. We only use Google data to provide user-facing features you request, do not use it for advertising or AI training, and do not transfer it except as needed to operate those features.

6. When We Share Data

Service Providers

Trusted vendors that host our infrastructure, send emails, or provide support tools. They may only process data for us under strict confidentiality and security obligations.

Analytics

Mixpanel (see Section 3).

Legal & Safety

To comply with law, respond to legal requests, or protect rights, safety, and the integrity of the Service.

Business Transfers

In a merger, acquisition, or asset sale, data may transfer as part of the transaction; we will continue to protect it as described here.

We do not sell personal data.

7. Cookies & Controls

Necessary cookies run the core site (sign-in, security, preferences).
Analytics cookies help us understand usage.
Your browser may let you block or delete cookies; the Service may not work properly without necessary cookies.

8. Data Retention

We keep personal data only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Where possible, we de-identify or aggregate data.

9. Security

We use reasonable administrative, technical, and physical safeguards to protect personal data.

No method of transmission or storage is 100% secure.

10. Your Rights & Choices

Depending on your location, you may have rights to:

Access, correct, or delete your personal data.
Download a copy (data portability).
Object to or restrict certain processing.
Withdraw consent where processing is based on consent.

To exercise rights, contact support@istabaq.com

We may verify your identity before responding.

11. Student & Minor Use

The Service is designed primarily for Sixth Preparatory (السادس الإعدادي) students, typically 17–19 years old.

If you are under 18, use requires parent/guardian consent (or school consent where applicable).

The Service is not intended for children under 13.

12. International Transfers

If we transfer data across borders, we use appropriate safeguards consistent with applicable data-protection requirements.

13. Changes to This Policy

We may update this Policy. If changes are material, we will provide notice (for example, by email or in-product). Continued use of the Service after the update means you accept the revised Policy.

14. Contact

Questions or requests about this Privacy Policy?

Your Privacy Matters

We are committed to protecting your privacy and being transparent about how we handle your data.

If you have any questions or concerns, please don't hesitate to reach out to us.