Privacy Policy

This Privacy Policy describes the categories of personal data and account-linked information that ExamCooker may collect, process, store, disclose, and retain in connection with the operation of the service.

Access to most public study material does not require authentication. Certain features, including uploads, forum actions, saved activity, CLI access, and voice or AI-assisted functionality, require an account.

Account data. When you sign in with Google or Apple, ExamCooker stores account records such as your user ID, email, name, profile image when provided, email verification time, role, provider account ID, OAuth scope, token type, token expiry, and authentication tokens or fields needed to operate sign-in.

Sessions and access. ExamCooker uses signed session cookies or tokens to keep you signed in. CLI access stores device authorization requests, device names when supplied, user codes, hashed device codes, token labels, status, last-used times, expiry, and revocation times.

Contributions. Uploads and community features can store PDF metadata, file URLs, thumbnails, titles, course links, exam type, year, semester, campus, slot, answer-key status, forum posts, comments, votes, and tags.

Saved activity. For signed-in users, the app can store bookmarks and view history for past papers, notes, forum posts, resources, and syllabi, including view counts and timestamps.

AI and voice activity. Voice guide and PDF question-answering features can send prompts, questions, current page context, document URLs, document titles, model names, response text, timing, token counts, and error details to the configured AI and analytics services. The schema also supports saved study chat conversations and messages.

Local preferences. Your browser can store small local preferences such as theme choice and upsell prompt state. These are stored on your device.

ExamCooker does not currently sell paid digital content, subscriptions, premium features, physical goods, or bundled physical and digital purchases in the app.

ExamCooker uses stored data to authenticate users, show the correct account state, operate uploads and moderation queues, display public study resources, keep bookmarks and view history, authorize CLI requests, and provide AI or voice-assisted study features.

Analytics events may be used to understand feature usage, debug failures, measure performance, and improve search, uploads, PDF viewing, and assistant flows.

Data accessed. If you choose Google sign-in, ExamCooker asks Google for basic account identity information: your Google account email address, display name, profile image or avatar when Google provides one, email verification status, and Google account identifier. The app also receives OAuth authentication data needed to create and maintain your ExamCooker session, such as the provider account ID, OAuth scope, token type, token expiry, and sign-in tokens.

Data usage. ExamCooker uses Google user data only to authenticate you, create or find your ExamCooker account, show your account identity inside the app, prevent duplicate accounts, protect account access, maintain sessions, support account deletion, and associate your uploads, forum actions, bookmarks, view history, CLI tokens, and moderation actions with the correct signed-in user.

Data storage. Google user data used for sign-in is stored in ExamCooker's authentication database for as long as your account is active or as long as needed for security, moderation, backups, and service operation. You can request deletion of account-linked data from the account deletion page.

Data sharing. ExamCooker does not sell Google user data and does not use it for advertising. Google user data is shared only with service providers that operate ExamCooker, such as hosting, database, storage, analytics, and security infrastructure, and only as needed to run, secure, debug, and improve the service.

Limited Google access. ExamCooker does not request access to Google Drive, Gmail, Google Calendar, Google Contacts, or other Google API content. Google sign-in is used only for account authentication and basic profile identity.

ExamCooker uses third-party processors to provide authentication, hosting, storage, analytics, AI features, upload processing, security, and operational infrastructure. These processors are permitted to process personal data only for the service purposes described in this policy.

Authentication providers. Google and Apple process sign-in requests and return account identity information when you choose those sign-in methods.

Hosting, database, and object storage providers. Microsoft Azure processes hosting, application runtime, logs, backups, uploaded PDFs, thumbnails, generated metadata, and public study resources. Azure Blob Storage and Google Cloud Storage process stored file assets. CockroachDB processes account records, authentication records, uploads metadata, bookmarks, view history, moderation records, and other application database records.

Upload-processing services. Configured upload processors may receive uploaded PDFs and related metadata to validate files, generate thumbnails, extract or normalize document data, and return file URLs or processed results.

AI providers. OpenAI may process prompts, questions, selected document context, document URLs, voice-session data, model settings, generated responses, timing, usage, and error information when AI or voice features are used.

Analytics providers. PostHog and Google Analytics may process page views, product events, device and browser information, approximate location derived from network data, session identifiers, signed-in user identifiers when configured, performance data, and error or AI usage telemetry.

Security, cache, and rate-limit providers. Upstash Redis may process IP addresses, request metadata, timestamps, counters, cached values, and abuse-prevention or rate-limit signals when Redis-backed security, cache, or rate-limit features are configured.

You can use public browsing features without an account. You can sign out to end the current session, clear local browser storage for device-side preferences, and revoke CLI access from the CLI flow when supported.

To delete account-linked data, use the account deletion page in the app. Some public contributions may remain available without your personal account details or be retained in backup records where required to operate the service.

ExamCooker limits write access to authenticated users and moderators where the feature requires it and uses access controls intended to protect account-linked records.

Data is kept for as long as needed to operate the service, preserve public study resources, handle moderation, maintain security, and satisfy operational backup needs.

This policy may change as ExamCooker adds or removes features. The updated date will change when the policy is revised.