Skip to content
Home

Privacy Policy

Last updated: February 2026

Overview

GanttGrind (“we,” “us,” “our”) operates ganttgrind.com. This policy explains what data we collect, why we collect it, and how we protect it. We keep this straightforward because we believe you should actually read your privacy policy.

What We Collect

Account Information

When you create an account, we collect your email address and optionally your name. We use Supabase for authentication, which means your password is handled by their secure infrastructure — we never see or store your password directly.

Study Activity

We record your answers to practice questions, including which questions you answered, whether you got them right, how long you spent, and when you practiced. This data powers your mastery tracking, adaptive question selection, and readiness predictions.

Exam Results

If you upload a score report or manually enter exam results, we store the section, score, exam date, and content area performance breakdown. This data is used to improve your personal study plan and, in aggregate, to train our pass prediction model.

Question Flags

If you report an issue with a question, we store the flag reason and any notes you provide, along with your user ID, so we can follow up if needed.

Technical Data

We collect standard web server logs (IP address, browser type, pages visited) for security and debugging purposes.

Web Analytics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect any personal data. Plausible is GDPR-compliant and allows us to understand aggregate traffic patterns (e.g., page views, traffic sources, popular content) without compromising individual user privacy. All data collected by Plausible is anonymized and cannot be used to identify you. Learn more at plausible.io/privacy.

We do not use third-party tracking cookies, advertising pixels, or invasive analytics tools like Google Analytics.

How We Use Your Data

  • Personalization: Your study activity drives adaptive question selection, mastery scores, and readiness predictions. This is the core product.
  • Platform improvement: Aggregated, anonymized data (e.g., overall pass rates, common weak areas, question difficulty statistics) helps us improve question quality and study recommendations for all users.
  • Prediction model: Exam results, combined with study activity patterns, train our pass likelihood model. Individual results are never shared — only statistical patterns across all users.
  • Communication: We may email you about account-related matters (password resets, critical updates). We do not send marketing emails.

What We Don’t Do

  • We do not sell your data to anyone.
  • We do not share your individual study activity, scores, or exam results with third parties.
  • We do not use your data for advertising.
  • We do not use tracking cookies. Our analytics provider (Plausible) is cookie-free and privacy-first.
  • We do not track you across other websites or use fingerprinting techniques.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase on AWS infrastructure in the United States. Authentication is handled by Supabase Auth with industry-standard encryption. All connections use HTTPS/TLS.

We apply reasonable security measures including parameterized database queries, rate limiting on API endpoints, role-based access controls, and security headers. However, no system is 100% secure, and we cannot guarantee absolute security.

Cookies

We use essential cookies only — specifically, authentication session cookies managed by Supabase. These are required for you to stay logged in. We do not use analytics cookies, advertising cookies, or any third-party cookies.

Your Rights

You can:

  • Access your data: Your dashboard shows your study activity, mastery scores, and exam results.
  • Delete your account: Go to Settings and choose “Delete my account.” This permanently removes your account and all associated data.
  • Export your data: Go to Settings and click “Download my data” to get a copy of all your data in JSON format.

If you are in the EU/EEA, you have additional rights under GDPR including the right to rectification, restriction of processing, and the right to lodge a complaint with a supervisory authority.

Children

GanttGrind is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

Changes

We may update this policy as the platform evolves. If we make material changes, we will update the “Last updated” date at the top of this page. Continued use of GanttGrind after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at [email protected].