IELTS Passport

Privacy Policy

Last updated: April 4, 2026

1. Overview

IELTS Passport (“we”, “us”, “our”) operates the website at ieltspassport.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed password. If you sign in with Google, we receive your email and profile name from Google.

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and subscription status.

Essay Submissions

If you use the AI scoring feature, the essay text you submit is sent to Google’s Gemini API for analysis. We may store your scoring history (band scores and feedback) in your account for progress tracking. We do not share your essays with third parties beyond the AI provider.

Usage Data

We may collect anonymous usage data such as pages visited, features used, and session duration to improve the Service. This data does not identify you personally.

3. How We Use Your Information

  • To provide and maintain the Service.
  • To process payments and manage your subscription.
  • To deliver AI-powered essay scoring and feedback.
  • To track your learning progress (premium feature).
  • To send important account notifications (e.g., subscription changes, security alerts).
  • To improve the Service based on aggregated usage patterns.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Supabase— our authentication and database provider, which stores your account and profile data.
  • Stripe— our payment processor, which handles billing and subscription management.
  • Google Gemini API— which processes essay text for AI scoring. Google’s data handling is governed by their own privacy policy.

5. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and Supabase Row Level Security to protect your data. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Aggregated, anonymized data may be retained indefinitely for analytics purposes.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Your theme preference (light/dark mode) is stored in your browser’s local storage.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data in a portable format.
  • Withdraw consent for data processing at any time by closing your account.

9. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or data requests, contact us at support@mavox.ca.