Privacy Policy

Last updated: April 29, 2026

1. Introduction

PTEPilot ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, password (hashed)
  • API Keys: Encrypted third-party API keys (OpenAI, Anthropic, DeepSeek, ElevenLabs)
  • Usage Data: Test scores, responses, progress tracking, timestamps

2.2 Automatically Collected Information

  • Log Data: IP address, browser type, operating system, access times
  • Cookies: Session cookies for authentication and preferences
  • Analytics: Usage patterns, feature interactions (anonymized when possible)

3. How We Use Your Information

We use your information to:

  • Provide and maintain the PTEPilot service
  • Generate practice questions using your API keys
  • Score your responses and provide feedback
  • Track your progress and display analytics
  • Authenticate your account and maintain security
  • Send important service-related notifications
  • Improve our service based on usage patterns
  • Respond to support requests and inquiries

4. API Key Security

Your API keys are extremely important to us. We implement multiple layers of security:

  • Encryption: All API keys are encrypted using AES-256 encryption before storage
  • User-specific encryption: Keys are encrypted with your unique user ID
  • No logging: API keys are never logged or exposed in error messages
  • Secure transmission: All data is transmitted over HTTPS
  • Limited access: Only used for generating questions and scoring on your behalf
  • No sharing: We never share, sell, or expose your API keys to third parties

5. Third-Party Services

PTEPilot uses your provided API keys to interact with third-party AI services:

  • OpenAI: For question generation, scoring, and transcription
  • Anthropic (Claude): For question generation and scoring
  • DeepSeek: For question generation and scoring
  • ElevenLabs: For audio generation (listening section)

Your interactions with these services are governed by their respective privacy policies. PTEPilot is not responsible for the privacy practices of these third-party services.

6. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Hosting, database, and infrastructure providers under strict confidentiality agreements
  • Legal requirements: If required by law, court order, or government regulation
  • Safety and security: To protect the rights, property, or safety of PTEPilot, users, or others

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. You may request account deletion at any time, which will result in:

  • Immediate deletion of your encrypted API keys
  • Deletion of your personal account information within 30 days
  • Anonymization of test data for analytics purposes

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct your information
  • Deletion: Request deletion of your account and data
  • Export: Request an export of your test data
  • Opt-out: Unsubscribe from non-essential emails

To exercise these rights, contact us at privacy@ptepilot.com

9. Cookies and Tracking

PTEPilot uses essential cookies for:

  • Authentication and session management
  • Remembering user preferences
  • Security and fraud prevention

You can control cookies through your browser settings, but disabling cookies may affect functionality.

10. Children's Privacy

PTEPilot is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: