Skip to main content

Privacy Policy

Last updated: May 30, 2026

1. Information We Collect

We collect the following information when you use Cram24:

  • Account information: email address, full name, username (if set), and password (hashed with bcrypt).
  • Profile information: bio and profile visibility setting, if you provide them.
  • Sprint and study activity: your sprint progress (blocks completed, checkpoint attempts and scores, and readiness results) and the projects you create. This reflects your activity within the Service.
  • Usage data: request timestamps, IP address, user agent, and feature usage. Used for security, abuse prevention, and product analytics.
  • Payment information: processed by Dodo Payments. We store the order ID, plan, billing interval, and amount. We do not store card numbers, CVVs, or bank details.

2. How We Use Your Information

We use your information to: operate the educational interview-preparation service; render public profiles and social features you have opted into; process subscription payments; deliver transactional and product emails; enforce our Terms of Service; detect and prevent abuse; and improve the Service.

3. What We Make Public

By default your account is private. Some features publish data about you when you opt in: public profiles (under /p/<username>) are visible to anyone with the link when you make them public, and posts you choose to publish are visible to other users and your followers. None of these surfaces ever expose your email address.

4. Third-Party Services

We use the following third-party services to operate Cram24:

  • Dodo Payments: payment processing (Merchant of Record). Subject to Dodo Payments' Privacy Policy.
  • Email provider: transactional email (verification, password reset, billing notices) is delivered via a third-party email service.

5. Aggregated and De-identified Data

We may produce aggregated or de-identified statistics from activity across the Service — for example, how often a particular checkpoint is missed or how long a study block typically takes — to improve our content and the Service.

Aggregated and de-identified data does not identify you and is not subject to the restrictions in this policy. We do not sell your personal data.

6. Data Retention

Account data is retained while your account is active. Sprint history (progress, checkpoint attempts, and results) and the projects you create are retained for as long as your account exists so those surfaces continue to work. Dispatched event-bus rows are pruned after 7 days. If you delete your account, your personal data is removed within 30 days, except where we are required to retain billing records for tax and accounting purposes.

7. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), hashed passwords (bcrypt), and JWT-based authentication. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

8. Your Rights

You have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your account and associated data; and flip your profile back to private at any time. To exercise these rights, contact us using the link below.

9. Cookies and Local Storage

Cram24 uses browser localStorage to store authentication tokens, theme preference, and UI and onboarding state. We do not use tracking cookies or third-party advertising cookies.

10. Children

Cram24 is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notice. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact

For privacy-related questions, contact us.