Privacy Policy

Last updated: April 24, 2026

1. What exam-helper is

exam-helper is a study tool that turns your own documents (PDFs, notes) into flashcards, study guides, and structured roadmaps. AI generation is powered by API keys you supply — we never use our own AI credits to process your content, and we never retain your API keys beyond the duration of a single generation request.

2. Information we collect

  • Account information — your name, email address, and (if you sign in with Google) your Google profile name and avatar. Passwords are hashed with bcrypt and never stored in plain text.
  • Uploaded documents — PDFs and other files you upload are stored in our database (MongoDB GridFS) to enable sync across devices. They are associated with your account and project.
  • Generated study content — flashcards, study guides, and transcripts produced from your documents are stored in your project so you can access them from any device.
  • Usage data — basic account metadata such as project count and plan tier. We do not run analytics trackers or sell usage data.
  • Billing information — if you subscribe, your payment is processed entirely by Stripe. We store only your Stripe customer ID and subscription tier. We never see or store your card number, CVV, or bank details.

3. Your AI API keys

When you trigger server-side generation (the “Generate in background” feature), your API key is encrypted in your browser using our server’s RSA public key before transmission. On the server it is stored only for the duration of the generation job and is permanently deleted — via a database $unset — the moment the job completes or fails. The key is never written to logs. Your API keys are never used for any purpose other than the specific generation you initiated.

4. How we use your information

  • To operate your account and sync your projects across devices.
  • To enforce plan limits (project count, file sizes) based on your subscription tier.
  • To send transactional emails — email verification, password reset — via Resend. We send no marketing email.
  • To process subscription payments via Stripe.

5. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing. The only third-party services that receive your data are:

  • Stripe — payment processing. Governed by Stripe’s Privacy Policy.
  • Resend — transactional email delivery. Receives your email address for the purpose of sending you messages you explicitly requested (e.g., a verification link).
  • AI providers you choose — when you generate content, your document text is sent to the AI provider whose API key you have configured (e.g., Google, OpenAI, Anthropic, OpenRouter). This is governed by that provider’s terms and privacy policy, not ours.

6. Data retention and deletion

Your data is retained for as long as your account is active. You can delete individual projects (including all uploaded files and generated content) at any time from within the app. To delete your entire account and all associated data, contact us at privacy@examhelper.app. We will process deletion requests within 30 days.

7. Security

We use HTTPS for all data in transit. Passwords are hashed. API keys in transit are RSA-OAEP encrypted. Database access is restricted to authenticated server processes. No security measure is perfect; if you discover a vulnerability please disclose it responsibly to security@examhelper.app.

8. Self-hosted instances

exam-helper is open source. If you self-host it, you operate as your own data controller. This Privacy Policy applies only to the cloud instance at examhelper.app.

9. Contact

Questions about this policy: privacy@examhelper.app