Privacy Policy

1. INTRODUCTION

NCLEX Pros LLC (“Company,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit https://www.nclexpros.com (the “Website”) and any related products, mobile applications, or services that link to this policy (collectively, the “Services”). By accessing or using the Services, you acknowledge you have read and understood this Privacy Policy.

2. TABLE OF CONTENTS

• INFORMATION WE COLLECT
• HOW WE USE YOUR INFORMATION
• LEGAL BASES (EEA/UK)
• SHARING YOUR INFORMATION
• DATA RETENTION
• YOUR PRIVACY RIGHTS
• COOKIES & TRACKING
• DATA SECURITY
• INTERNATIONAL TRANSFERS
• THIRD‑PARTY WEBSITES
• CHILDREN’S PRIVACY
• CHANGES TO THIS POLICY
• CONTACT US

3. INFORMATION WE COLLECT

3.1 Information You Provide Voluntarily

• Registration data (name, email, password, professional status, time‑zone).
• Payment data (billing name, address, last four digits of card – processed via Stripe; we never store full card numbers).
• Support correspondence (messages, attachments, feedback, survey responses).
• User‑generated content (posts in discussion forums, profile photo, notes, or custom question banks).

3.2 Information Collected Automatically

• Usage Data – pages visited, clicks, referring URL, date/time stamps, session duration, error logs.
• Device & Technical Data – IP address, browser type, operating system, device identifiers, screen resolution.
• Analytics Data – aggregated performance and engagement metrics via Google Analytics 4 and PostHog.

3.3 Sensitive Information

We do not intentionally collect or process sensitive personal information such as health records, government IDs, or precise geolocation. Please refrain from submitting such data through the Services.

4. HOW WE USE YOUR INFORMATION

We process personal information for the purposes below:

• Account creation & management
• Delivery of content & adaptive exams
• Processing payments & renewals
• Customer support & incident response
• Service improvement and analytics
• Marketing communications (with opt‑out)
• Legal compliance & fraud prevention

5. LEGAL BASES FOR PROCESSING (EEA/UK ONLY)

If you reside in the European Economic Area or the United Kingdom, we process your personal data under the following lawful bases:

• Performance of a contract – to provide the Services you request.
• Legitimate interests – to improve Services, prevent fraud, and conduct business, provided these interests are not overridden by your rights.
• Legal obligation – to comply with applicable laws.
• Consent – for optional cookies or marketing where required. You may withdraw consent at any time.

6. SHARING YOUR INFORMATION

We share data only as necessary:

• Service providers – hosting (Vercel), analytics (Google, PostHog), email (SendGrid), payment (Stripe), customer support (Intercom).
• Affiliates & business partners – for joint promotions you opt into.
• Authorities – where required by law, subpoena, or to protect rights and safety.
• Business transfers – as part of a merger, acquisition, or asset sale.
• With your consent – for any other disclosure you authorize.

We do not sell or “share” personal information for cross‑context behavioral advertising.

7. DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Inactive free accounts with no log‑ins for 3 years are purged. Billing records are retained 7 years for tax compliance.

8. YOUR PRIVACY RIGHTS

8.1 Global Rights

You may request to access, correct, or delete your personal data, or to restrict/ object to certain processing.

8.2 EEA/UK GDPR Rights

• Right of access, rectification, erasure, and portability
• Right to restrict or object to processing
• Right to lodge a complaint with your local data‑protection authority

8.3 California (CCPA/CPRA)

California residents have the rights to know, delete, correct, and limit use/disclosure of sensitive personal information. You may exercise these rights via email or the in‑dashboard “Privacy Center.” We will verify your request and respond within 45 days. You may designate an authorized agent. We do not sell or share personal information, and we do not use sensitive personal information for inferring characteristics.

8.4 Other US State Laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA)

Residents of these states have similar rights to access, delete, correct, and opt out of certain data processing. We honor these rights through the same request channels.

8.5 Marketing Opt‑Outs

You may unsubscribe from marketing emails at any time by following the footer link or adjusting preferences in your profile. Transactional emails (e.g., receipts, critical service updates) will still be sent.

8.6 Do Not Track

The Website does not currently respond to browser “DNT” signals because no common standard has been adopted.

9. COOKIES & TRACKING TECHNOLOGIES

We use both session and persistent cookies for essential functionality, preferences, analytics, and security. You can control cookies through your browser settings. Detailed tables of cookie categories and lifetimes are available in our standalone Cookie Notice.

10. DATA SECURITY

We implement industry‑standard safeguards such as encryption in transit (TLS 1.3), encryption at rest (AES‑256), least‑privilege access controls, annual penetration testing, and regular vulnerability scanning. Despite our efforts, no method of transmission or storage is 100% secure; you use the Services at your own risk.

11. INTERNATIONAL TRANSFERS

We are headquartered in the United States. If you access the Services from outside the US, your information may be transferred to, stored, and processed in the US or other jurisdictions with data ‑protection laws that differ from those in your country. For EEA/UK transfers we rely on the European Commission’s Standard Contractual Clauses and supplementary measures.

12. THIRD‑PARTY WEBSITES

The Services may contain links to external sites we do not control. We are not responsible for the privacy practices or content of those sites. Review the privacy policies of any third‑party site you visit.

13. CHILDREN’S PRIVACY

The Services are intended for users 18 years or older. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such data, we will delete it promptly.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We will post the revised policy with a new “Last updated” date and, if the changes are material, notify you via email or an in‑app banner.

15. CONTACT US

For questions, requests, or complaints regarding privacy, contact our Data Protection Officer: