Privacy Policy
Effective date: July 9, 2026 · Replaces all prior versions
This Privacy Policy describes how QuantegyAI ("QuantegyAI," "we," "us," or "our") collects, uses, discloses, and protects information that we receive when you visit, sign up for, or use our test-preparation services (the "Services"). This Policy applies to information collected through our website, the QuantegyAI application, and related communications.
By creating an account or using the Services, you confirm that you have read this Policy and agree to the practices it describes. If you do not agree, please do not use the Services.
1. Who we are and how to contact us
QuantegyAI is operated by Dr. Mienie de Kock at 118 Harvest Loop, Harker Heights, TX 76548. For privacy-related questions, requests, or complaints, contact us at support@quantegyai.com or by phone at 903-705-9703 (Mon–Fri, 9 am–6 pm CT).
2. Categories of information we collect
We collect information in three broad categories: information you give us, information we collect automatically when you use the Services, and information we receive from institutional partners when you participate in a cohort.
2.1 Information you provide
- Account information: your email address, a password (stored only as a salted bcrypt hash; we never see or store your plaintext password), the display name you choose, and an attestation timestamp confirming that you are eighteen years of age or older or are signing up under institutional sponsorship.
- If you are a teacher, the redemption record of your single-use teacher-invite code.
- If you join a cohort, the cohort invite code you redeemed and the resulting cohort membership.
- If you purchase a paid product, billing information you provide to our payment processor (see Section 5).
- If you contact us by email or via support channels, the content of your message and any information you choose to share.
2.2 Information we collect automatically
- Learning interactions: the items you are administered, your responses, the time you take to respond, the skill and competency tags associated with each item, the calculated probability that you would have answered correctly under our Item Response Theory model, and per-skill mastery estimates produced by our Bayesian adaptive engine. This information is the substantive content of the Services and is necessary for the adaptive coaching to function.
- Session and authentication metadata: a signed session cookie (with no third-party tracking purpose), session start and end timestamps, the IP address from which you accessed the Services, and the browser user-agent string. We use this information to authenticate you, to enforce session-expiry rules, and to defend against credential-stuffing and other automated abuse.
- Audit events: timestamped records of sensitive actions including login successes and failures, account lockouts, signups, teacher-invite creation and redemption, cohort creation, viewing of student detail by a teacher, profile export, profile deletion, and purchase events. Audit records carry the actor, the target (if any), the source IP, and a request correlation ID. They support security investigations, institutional access reviews, and the access and erasure obligations described in Section 8.
- Server-side performance and error telemetry: structured JSON logs with per-request correlation identifiers, and (when configured) reports to an error-monitoring vendor.
We do not use behavioral advertising cookies, third-party analytics scripts, or cross-site tracking pixels.
2.3 Information from institutional partners
If you join a cohort created by a teacher, the teacher's institution may provide us with information necessary to establish your cohort membership. The categories and uses of that information are governed by the data-processing addendum negotiated with the institution; the categories typically include the cohort roster, optional internal student identifiers, and (where the institution requests it) limited demographic information for institutional reporting.
3. How we use information
We use information collected through the Services for the following purposes:
- To deliver the adaptive learning experience: present items, estimate ability and per-skill mastery, schedule spaced review, generate readiness assessments, and produce student-facing dashboards.
- To deliver teacher-facing tools: cohort rosters, drill-down on individual student progress (within a teacher's own cohorts), the audit-log view scoped to that teacher's reach, content-governance dashboards, and CSV roster exports.
- To authenticate users, enforce rate limits, and defend against credential-stuffing, signup flooding, and other automated abuse.
- To send transactional communications: account verification, password reset, purchase receipts, and security or service-availability notices.
- To improve item quality: aggregate exposure rates, classical test-theory difficulty (p-values), and discrimination (point-biserial correlations) inform item retirement and editorial review.
- To comply with legal obligations and to protect the rights, property, and safety of QuantegyAI, our users, and others.
We do not sell your information. We do not use your responses to train models for any party other than QuantegyAI itself, and only in the service of improving the adaptive engine and content.
4. Legal bases (for users in jurisdictions where required)
Where the General Data Protection Regulation, the United Kingdom GDPR, or a similar regime applies, we rely on the following legal bases: performance of a contract with you (delivering the Services you signed up for); our legitimate interests in operating, securing, and improving the Services; and your consent (for any optional processing where consent is the relevant basis).
5. Payment information
QuantegyAI currently offers two paid products — the Mock Exam Pass ($49, one-time) and the Retaker Bundle ($99, one-time). A free diagnostic tier is available with no payment required. No recurring subscriptions are currently offered. All purchases are processed through Stripe, Inc. We do not see, store, or transmit your full payment card number, your card verification value, or any other element of your payment card data. We retain only the Stripe customer and payment-intent identifiers needed to apply your entitlements and process refunds where applicable. For the full refund terms, see our Refund Policy.
6. How we share information
We share information only as described in this Section. We do not sell information.
- Service providers ("subprocessors"): we use a small set of vendors to host the Services, send transactional email, process payments, and (optionally) collect error telemetry. The current list of subprocessors is published at /legal/subprocessors.html and is updated when material changes occur. Each subprocessor is bound by a written agreement that requires the protection of information at a level no less stringent than this Policy.
- Institutional partners: if you participate in a cohort, your cohort progress is visible to the teachers within that cohort's institution to the extent described in the data-processing addendum signed by that institution. We do not share your information with other institutions.
- Legal and safety: we may disclose information when required by law, when responding to validly served legal process, or when we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of QuantegyAI, our users, or others.
- Business transactions: if QuantegyAI is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. The receiving party will be bound by a privacy notice no less protective than this one.
7. How long we keep information
We retain account information and learning records for as long as your account is active. If you delete your account (see Section 8), the email, display name, and password hash on your account row are scrubbed and the row is marked deleted; your responses, mastery estimates, and audit records are retained in de-identified form to support content-governance statistics and to satisfy institutional record-retention obligations consistent with the Family Educational Rights and Privacy Act and Texas state record-retention requirements.
8. Your rights
Every authenticated user has the following rights, exercisable directly within the Services:
- Access. You can download a JSON file containing your complete record, including your profile, purchase history, sessions, responses, per-skill mastery estimates, and the audit events you are the actor of, by visiting your profile settings and clicking "Download my data." This export is rate-limited to one per hour per user, is scoped strictly to your account, and is itself audited.
- Correction. You can update your display name at any time in your profile settings. To correct your email address, contact us at support@quantegyai.com.
- Erasure. You can delete your account from your profile settings. Deletion irreversibly scrubs your identifying information. De-identified learning records may be retained as described in Section 7.
- Objection and restriction. If you are in a jurisdiction that provides these rights, you may contact us to object to or restrict our processing of your information. We will respond within the timeframe required by applicable law.
- Portability. The data-download feature described above provides your information in a machine-readable JSON format.
- Complaints. If you believe we have not handled your information in accordance with this Policy or applicable law, you may contact us at support@quantegyai.com. If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data-protection authority.
9. Security
We maintain technical and organisational measures designed to protect your information against unauthorised access, disclosure, alteration, and destruction. These measures include TLS encryption in transit, encryption at rest for the database, bcrypt hashing for passwords, row-level security policies, rate limiting on authentication endpoints, and structured audit logging. No system is completely secure; if you believe you have found a security vulnerability, please disclose it responsibly to support@quantegyai.com.
10. Children
The Services are not directed to, and we do not knowingly collect personal information from, anyone under the age of eighteen. If we learn that we have collected personal information from a person under eighteen outside of an institutional sponsorship context, we will take reasonable steps to delete that information promptly. Contact us at support@quantegyai.com if you have concerns.
11. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the effective date at the top of this page. If you continue to use the Services after the updated Policy is posted, you accept the revised Policy. If a change materially affects your rights, we will make reasonable efforts to notify you by email or by a notice within the Services before the change takes effect.
12. Contact
For any privacy-related questions or requests, contact us at support@quantegyai.com or by phone at 903-705-9703 (Mon–Fri, 9 am–6 pm CT).