Privacy Policy
How we collect, use, and protect your data.
Effective Date: 13 March 2026
1. Introduction
Whiz Coach ("Company", "we", "us", or "our") operates https://whiz.coach/ ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA).
By using the Service, you consent to the practices described in this Privacy Policy.
2. Data We Collect
Account Information:
- Email address — stored in Firebase Authentication only (not in our application database). Used for sign-in and account recovery.
- Nickname / first name — stored in our application database. Displayed to other users in games and coaching groups.
Usage Data (automatically collected):
- Learning progress (questions answered, scores, mastery levels)
- Game activity (games played, scores)
- Chat session metadata (message counts, topics discussed — not message content after session ends)
- Flashcard review history
- Notification preferences
Payment Data:
- Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank details, or other payment credentials. Stripe provides us with subscription status only.
3. How We Use Your Data
We use your data to:
- Provide and personalise the Service (adaptive questions, mastery tracking, AI coaching)
- Process payments via Stripe
- Send notifications about your learning progress (if enabled)
- Improve the Service through aggregated, anonymised analytics
- Comply with legal obligations
4. AI Data Processing
Your learning progress data (questions answered, scores, topics studied) is processed by Google's Gemini API to provide personalised AI coaching and generate practice content. No personally identifiable information (PII) such as your email address is sent to the AI. Only learning activity data (e.g., "the user answered 3 out of 5 questions correctly on algebra") is shared with the AI service.
5. Analytics and Advertising
Firebase Analytics: We use Firebase Analytics to understand how users interact with the Service. This collects anonymised usage data such as pages visited, features used, and session duration.
Google Ads Conversion Tracking: We use Google Ads to measure the effectiveness of our advertising. When you sign in or visit certain pages, a hashed (one-way encrypted) version of your email may be sent to Google for ad measurement purposes. Google cannot reverse the hash to obtain your email address. This helps us understand which ads lead to sign-ups but does not enable Google to contact you.
6. Third-Party Services
We share data with the following third-party services, each governed by their own privacy policies:
| Service | Data Shared | Purpose |
|---|---|---|
| Firebase Authentication | Email address | User sign-in |
| Firebase Analytics | Anonymised usage data | Service improvement |
| Google Gemini API | Learning activity (no PII) | AI coaching and content generation |
| Stripe | Payment details (direct to Stripe) | Subscription billing |
| Google Ads | Hashed email | Ad conversion measurement |
We do not sell your personal data to any third party.
7. Data Retention
- Active accounts: Your data is retained for as long as your account is active.
- Deleted accounts: When you delete your account, all personal data is removed from our systems. Anonymised, aggregated data (e.g., quiz answer statistics that cannot be linked back to you) may be retained for analytics.
- Payment records: Stripe retains payment records according to their own data retention policy and legal requirements.
8. Your Rights
Under the PDPA, you have the right to:
- Access your personal data — use the "Download My Data" feature in Settings to export your data as a JSON file.
- Correct your personal data — update your nickname in Settings.
- Delete your personal data — use the "Delete Account" option in Settings. This removes your user profile, learning progress, chat history, coaching relationships, notifications, and Firebase Authentication account.
- Withdraw consent — you may stop using the Service at any time. Deleting your account withdraws consent for future data processing.
9. Children's Privacy
The Service provides educational content designed for primary and secondary school students. However, children under 18 must not create accounts directly. Parents or guardians must create accounts on behalf of their children, accept the Terms and Conditions, and supervise their use of the Service.
We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data without parental consent, we will delete that data.
10. Cookies and Local Storage
The Service uses:
- Firebase session cookies for authentication
- Browser local storage (IndexedDB) for offline caching of Firestore data
- Session storage for temporary UI state
We do not use third-party tracking cookies beyond the analytics services described in Section 5.
11. Data Security
We protect your data through:
- HTTPS encryption for all data in transit
- Firebase security rules that enforce authentication on all database access
- API keys stored in Google Cloud Secret Manager
- No storage of passwords (authentication is handled by Google via Firebase Auth)
12. International Data Transfers
Your data is processed on Google Cloud servers. By using the Service, you consent to your data being processed in jurisdictions where Google Cloud operates, subject to Google's data protection commitments.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect, via email or a notice on the Service. Your continued use of the Service after the notice period constitutes acceptance of the revised policy.
14. Contact Us
For questions about this Privacy Policy or to exercise your data rights, contact us at:
- Email: rishit@whiz.coach