Privacy Policy

Last updated: September 2025

1. Summary

We collect the minimum data necessary to run ToucanPass. Primarily, this is your email address for account creation, authentication, and service communications. We use Stripe to process payments and do not store complete payment card information on our servers.

2. What we collect

• Account data: email address and a hashed password.
• Service data (optional): study progress and usage metrics to personalize content and show progress. This may be stored under your account.
• Support data: messages you send us when you request help.

3. How we use data

• Provide, secure, and maintain the Service.
• Personalize learning and track progress.
• Communicate about account activity, updates, and important service notices.
• Process payments and prevent fraud (via Stripe).

4. Payments

We use Stripe as our payment processor. Your payment information is handled by Stripe in accordance with their terms and privacy policy (stripe.com/legal and stripe.com/privacy). We receive limited information from Stripe necessary to record your subscription status (e.g., success/failure, last 4 digits, and expiration month/year).

5. Legal basis

We process your data to perform our contract with you (provide the Service), to comply with legal obligations (e.g., tax and accounting), and for our legitimate interests (security, improving the Service). Where required, we obtain consent.

6. Sharing

We do not sell your data. We share data only with service providers that help us operate the Service (e.g., hosting, analytics, email delivery, and Stripe). These providers are bound by confidentiality and use restrictions.

7. Data retention

We keep account and subscription records for as long as your account is active and as needed to comply with our legal obligations. You can request deletion of your account; we will delete data that is not legally required to be retained.

8. Security

We use reasonable administrative, technical, and physical safeguards to protect your information. However, no method of transmission or storage is 100% secure.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or export your data, and to object to or restrict certain processing. Contact us to exercise these rights.

10. Children

ToucanPass is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

11. International transfers

Your data may be processed in the United States and other countries where we or our service providers operate. We take steps to ensure appropriate protections are in place.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date will reflect the most recent changes. If changes are material, we will provide additional notice (e.g., email or in‑app).

13. Contact us

Questions or requests about this policy? Contact us.