Skip to main content
Q
SAT

Privacy Policy

Effective Date: March 20, 2026

1. Introduction

Quantum Learning Machines (“QLM,” “Company,” “we,” “our,” or “us”) operates the SAT Mastery platform, including ACT Mastery, AP Mastery, and Foundation Mastery (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, store, and otherwise process your personal information when you access or use any of our Services, whether through our website, mobile applications, APIs, or any other means.

By accessing or using any of the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must immediately cease all use of the Services.

This Privacy Policy applies to all information collected through the Services, including information collected from students, parents, guardians, educators, institutional administrators, and any other users or visitors.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you register for an account, use the Services, make a purchase, or otherwise communicate with us. This includes:

  • Name, email address, date of birth, and other identifying information
  • Account credentials, including usernames and passwords
  • Payment and billing information, processed securely through Stripe — we do not store full credit card numbers on our servers
  • User-generated content, including practice responses, notes, study plans, target scores, test dates, and any other content you submit through the Services
  • Communications you send to us, including support requests, feedback, and correspondence
  • Educational information, including school name, grade level, and academic goals

2.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain information, including:

  • Usage Data: Practice session data, question responses, time spent on tasks, feature interactions, click patterns, navigation paths, and learning progress metrics
  • Device Information: Device type, operating system, browser type and version, screen resolution, language preferences, and unique device identifiers
  • Log Data: IP address, access times, pages viewed, referring URLs, and actions taken within the Services
  • Location Data: Approximate geographic location inferred from your IP address
  • Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Services. See Section 10 for more details.

2.3 Information From Third Parties

We may receive information about you from third-party sources, including authentication providers (such as Google, Apple, or other single sign-on services) when you choose to link your account, analytics providers that help us understand usage patterns, educational institutions that license our Services on your behalf, and publicly available sources. We may combine information received from third parties with information we collect directly.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the Services, including personalized learning features, diagnostic assessments, score predictions, and personalized study plans
  • Personalization: To tailor content, recommendations, difficulty levels, and learning pathways based on your performance, skill mastery levels, and learning patterns
  • Communication: To send you transactional messages, service updates, administrative notices, security alerts, and support responses
  • Analytics: To analyze usage patterns, measure effectiveness, conduct research, and generate aggregate insights to improve the Services
  • Security: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, and to protect the rights, property, and safety of QLM and our users
  • Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including COPPA, FERPA, CCPA/CPRA, and other data protection laws
  • Account Management: To create and manage your account, process payments, provide customer support, and enforce our terms of service
  • Marketing: To send promotional communications about new features, products, and services, subject to your ability to opt out at any time

4. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share information with third-party service providers who perform services on our behalf, including:
    • Supabase — database hosting and authentication infrastructure, with row-level security enforced
    • Anthropic — AI provider for explanations and tutoring features; receives only anonymized learning context (student names, emails, and identifying information are stripped before transmission)
    • Stripe — payment processing; receives billing data only, no education records
  • Legal Requirements: We may disclose information when required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
  • Business Transfers: In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as a business asset. You acknowledge and agree that such transfers may occur and that the acquirer may continue to use your information as set forth in this Privacy Policy
  • Aggregate and De-Identified Data: We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you, for any purpose including research, analytics, and business development
  • With Your Consent: We may share your information with third parties when you have provided explicit consent for us to do so

5. Data Security

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments.

However, no method of transmission over the Internet and no method of electronic storage is completely secure. We cannot and do not guarantee the absolute security of your information. Any transmission of personal information is at your own risk, and you are responsible for maintaining the confidentiality of your account credentials.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, QLM SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS TO, USE OF, OR DISCLOSURE OF YOUR PERSONAL INFORMATION, REGARDLESS OF THE CAUSE, INCLUDING BUT NOT LIMITED TO HACKING, DATA BREACHES, SYSTEM VULNERABILITIES, OR THE ACTIONS OF THIRD PARTIES.

6. Children's Privacy (COPPA Compliance)

QLM complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506) and its implementing regulations. We collect date of birth at registration to determine age-appropriate privacy protections.

Users Under 13

Children under the age of 13 cannot create accounts directly. A parent or legal guardian must create an account on the child's behalf using the Parent/Guardian role. We obtain verifiable parental consent before collecting any personal information from children under 13.

Users Ages 13–17 (Minors)

Students ages 13 through 17 must obtain verifiable parental consent before accessing learning features of the Services. We collect the following data from minors:

  • Name, email address, and date of birth
  • Practice session data, question responses, and time spent
  • Skill mastery levels and score predictions
  • AI tutor conversation context (anonymized before processing)
  • Error patterns and learning trajectory data

Parental Rights

Parents and legal guardians of minor students have the right to:

  • Review all personal information collected from their child
  • Request deletion of their child's personal information
  • Refuse further collection of their child's data
  • Revoke consent at any time (the child's account will be suspended and data deleted in accordance with applicable law)
  • Request a copy of their child's data in a portable, machine-readable format

To exercise these rights, contact us at privacy@satmastery.app or use the parental controls in your account settings.

Analytics for Minors

We disable third-party analytics tracking (including Google Analytics and similar services) for all authenticated minor users. No behavioral tracking, interest-based profiling, or advertising data is collected from minors.

7. Student Education Records (FERPA Compliance)

QLM complies with the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g) and its implementing regulations when operating on behalf of educational institutions. When a school, school district, or educational institution licenses the Services, the following provisions apply:

Education Records Maintained

We maintain the following categories of education records:

  • Diagnostic assessment results and score predictions
  • Practice session history and question-level performance data
  • Skill mastery profiles and progress data
  • Error classification and learning trajectory data
  • Weekly progress reports and goal completion data
  • AI tutor interaction logs (anonymized)

Parent and Student Rights

Parents of students under 18 (and eligible students 18 and older) have the right to inspect and review education records, request amendments to records they believe are inaccurate or misleading, and consent to disclosure of personally identifiable information from education records. These rights transfer to the student at age 18 or when the student enrolls in a postsecondary institution.

Directory Information

We do not designate any student information as directory information. All student data requires prior written consent for disclosure, except as otherwise permitted under FERPA.

Third-Party Disclosures

Student education records are disclosed to the following third parties under signed Data Processing Agreements (DPAs) that impose obligations consistent with FERPA requirements:

  • Supabase (database hosting) — stores all student data with row-level security and encryption at rest
  • Anthropic (AI provider) — receives anonymized learning context for AI tutoring; student names, emails, and identifying information are stripped before transmission
  • Stripe (payment processing) — receives billing data only; no education records are shared

Data Retention

Education records are retained for the duration of the institutional relationship and for a period thereafter as required by applicable law or contractual obligations. Upon termination of an institutional agreement, we will delete or return education records in accordance with the terms of the Data Processing Agreement, subject to our backup and retention policies described in Section 17.

8. AI Data Processing

The Services use artificial intelligence to provide personalized learning experiences. The following describes how AI features process your data:

AI Explanations and Tutoring

When you request AI-generated explanations or interact with the AI tutor, question content, your estimated score range, and anonymized learning context (such as mastery levels and recent performance) are sent to Anthropic's Claude API. Your name, email address, and other personally identifying information are never included in these transmissions. Anonymization occurs on our servers before any data is sent to external AI providers.

Personalized Learning

Skill mastery calculations and personalized difficulty adjustments run locally on our servers using proprietary models. This computation does not require transmission of your data to external AI providers.

Data Minimization

We apply data minimization principles to all AI processing. Only the minimum data necessary for the specific AI function is transmitted to external providers. We do not send historical data, account metadata, or payment information to AI providers.

Audit Trail

Every AI data transmission is logged in an immutable audit trail, including the timestamp, the type and volume of data sent, the receiving provider, and the purpose of the transmission. For users subject to FERPA, this audit trail is maintained as part of the education record.

AI Features for Minors

AI-powered features for minor students are only available after verifiable parental consent has been obtained. Parents and guardians may opt their child out of AI features at any time through account settings or by contacting privacy@satmastery.app.

AI Limitations

AI-generated content, including explanations, tutoring responses, recommendations, and score predictions, is provided for informational and educational supplementation purposes only. AI features are not a substitute for professional instruction, academic advising, or human judgment. AI outputs may contain errors, inaccuracies, or omissions. QLM makes no guarantee, warranty, or representation regarding the accuracy, completeness, reliability, or suitability of any AI-generated content. Users rely on AI-generated content entirely at their own risk.

9. Your Rights

Subject to applicable law and verification of your identity, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to our retention obligations and the limitations described in Section 17
  • Data Portability: Request an export of your data in a portable, machine-readable format (JSON)
  • Opt Out of AI Processing: Request that your data not be processed by external AI providers
  • Opt Out of Marketing: Unsubscribe from marketing communications at any time
  • Revoke Consent: Withdraw any previously granted consent, including parental consent for minor accounts

To exercise any of these rights, contact us at privacy@satmastery.app. We will respond to verified requests within the timeframes required by applicable law. We may deny or limit requests where permitted by law.

10. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to operate and improve the Services. These technologies serve the following purposes:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without losing access to the Services.
  • Functional Cookies: Used to remember your preferences, settings, and prior interactions
  • Analytics Cookies: Used to understand how users interact with the Services, measure feature adoption, and identify areas for improvement
  • Performance Cookies: Used to monitor performance, detect errors, and optimize the Services

You can control cookies through your browser settings. However, disabling certain cookies may impair the functionality of the Services. By continuing to use the Services, you consent to the use of cookies as described in this section.

11. International Data Transfers

QLM is headquartered in the United States. Your information may be transferred to, stored in, and processed in the United States and other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your country of residence.

By using the Services, you explicitly consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. You acknowledge that the data protection laws in these jurisdictions may not provide the same level of protection as the laws in your country of residence.

12. Third-Party Links

The Services may contain links to third-party websites, services, or resources that are not owned or controlled by QLM. We are not responsible for the privacy practices, content, or security of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit. QLM assumes no responsibility or liability for any damages, losses, or harm arising from your use of or reliance on any third-party websites, services, or resources.

13. LIMITATION OF LIABILITY FOR DATA HANDLING

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, QUANTUM LEARNING MACHINES, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, SUCCESSORS, ASSIGNS, LICENSORS, AND SERVICE PROVIDERS (COLLECTIVELY, THE “QLM PARTIES”) SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO: (A) ANY DATA BREACH, SECURITY INCIDENT, OR UNAUTHORIZED ACCESS TO YOUR PERSONAL INFORMATION; (B) ANY UNAUTHORIZED USE OR DISCLOSURE OF YOUR DATA; (C) ANY LOSS, CORRUPTION, OR DESTRUCTION OF DATA; (D) ANY FAILURE TO PROTECT DATA AGAINST UNAUTHORIZED ACCESS; OR (E) ANY OTHER DATA HANDLING PRACTICES, REGARDLESS OF THE THEORY OF LIABILITY, INCLUDING CONTRACT, TORT (INCLUDING NEGLIGENCE AND GROSS NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, AND WHETHER OR NOT QLM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN NO EVENT SHALL THE TOTAL AGGREGATE LIABILITY OF THE QLM PARTIES FOR ALL CLAIMS ARISING OUT OF OR RELATED TO DATA HANDLING, PRIVACY, OR SECURITY UNDER THIS PRIVACY POLICY EXCEED THE LESSER OF: (I) THE TOTAL AMOUNTS PAID BY YOU TO QLM DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (II) ZERO DOLLARS AND ZERO CENTS ($0.00). THIS LIMITATION APPLIES REGARDLESS OF WHETHER THE REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

14. RELEASE OF CLAIMS

BY USING THE SERVICES, YOU HEREBY RELEASE, WAIVE, AND FOREVER DISCHARGE THE QLM PARTIES FROM ANY AND ALL CLAIMS, DEMANDS, ACTIONS, CAUSES OF ACTION, SUITS, DAMAGES, LOSSES, EXPENSES, AND LIABILITIES OF EVERY KIND AND NATURE, WHETHER KNOWN OR UNKNOWN, SUSPECTED OR UNSUSPECTED, DISCLOSED OR UNDISCLOSED, ARISING OUT OF OR IN ANY WAY RELATED TO THE COLLECTION, USE, STORAGE, DISCLOSURE, PROCESSING, LOSS, BREACH, UNAUTHORIZED ACCESS, OR OTHER HANDLING OF YOUR PERSONAL INFORMATION OR DATA.

YOU EXPRESSLY WAIVE THE BENEFITS OF CALIFORNIA CIVIL CODE SECTION 1542, WHICH PROVIDES: “A GENERAL RELEASE DOES NOT EXTEND TO CLAIMS THAT THE CREDITOR OR RELEASING PARTY DOES NOT KNOW OR SUSPECT TO EXIST IN HIS OR HER FAVOR AT THE TIME OF EXECUTING THE RELEASE AND THAT, IF KNOWN BY HIM OR HER, WOULD HAVE MATERIALLY AFFECTED HIS OR HER SETTLEMENT WITH THE DEBTOR OR RELEASED PARTY.”

YOU FURTHER WAIVE ANY RIGHTS UNDER ANY STATUTE OR COMMON LAW PRINCIPLE IN ANY JURISDICTION THAT WOULD OTHERWISE LIMIT THE COVERAGE OF THIS RELEASE TO INCLUDE ONLY THOSE CLAIMS WHICH YOU MAY KNOW OR SUSPECT TO EXIST IN YOUR FAVOR AT THE TIME OF AGREEING TO THIS RELEASE.

15. Indemnification

You agree to unconditionally and irrevocably indemnify, defend, and hold harmless the QLM Parties from and against any and all claims, demands, actions, causes of action, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or in any way related to: (a) your use of the Services; (b) your violation of this Privacy Policy; (c) your provision of inaccurate, incomplete, or misleading information; (d) any claim by a third party arising from your use of the Services or your data; or (e) your violation of any applicable law or regulation relating to privacy or data protection. This indemnification obligation survives the termination of your account and this Privacy Policy indefinitely, without limitation.

16. No Guarantee of Data Accuracy

QLM makes no warranty, representation, or guarantee regarding the accuracy, completeness, currency, or reliability of any data or information stored in, displayed by, or transmitted through the Services. All data is provided “as is” and “as available” without warranties of any kind, whether express, implied, or statutory.

Data stored in the Services is subject to errors, omissions, interruptions, delays, and losses, including loss of data. QLM does not guarantee that any data will be maintained without loss, corruption, or alteration.

You are solely responsible for maintaining your own backup copies of any data you submit to the Services. QLM shall not be liable for any loss of or damage to your data, regardless of the cause.

17. No Guarantee of Deletion

While we will make commercially reasonable efforts to honor deletion requests, you acknowledge and agree that:

  • Data may persist in encrypted backup systems, disaster recovery archives, and redundant storage for an indeterminate period
  • Aggregate, anonymized, or de-identified data derived from your information may be retained indefinitely and is not subject to deletion requests
  • Data that has been shared with third-party service providers may not be retrievable or deletable by QLM, and QLM is not responsible for the retention or deletion practices of third parties
  • Certain data may be retained as required by applicable law, regulation, legal process, or contractual obligations

QLM shall not be liable for any failure to delete data from all systems, backups, archives, caches, or third-party systems, whether such failure is technical, legal, or otherwise.

18. Changes to This Policy

QLM reserves the right to modify, amend, or replace this Privacy Policy at any time, with or without prior notice to you. Changes are effective immediately upon posting the revised Privacy Policy to the Services with an updated effective date.

It is your sole responsibility to review this Privacy Policy periodically for changes. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of and agreement to the revised terms. If you do not agree with any changes to this Privacy Policy, you must immediately discontinue use of the Services.

19. Do Not Track

Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to or alter our data collection practices upon receiving DNT signals from your browser. We will continue to monitor developments around DNT browser technology and the implementation of a standard.

20. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting your information, and the categories of third parties with whom we share your information
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions and the limitations described in Section 17
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Opt Out of Sale or Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Information: You may request that we limit our use of sensitive personal information to purposes necessary to provide the Services
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To exercise your California privacy rights, contact us at privacy@satmastery.app. We will verify your identity before processing your request.

21. Dispute Resolution

Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, including the formation, interpretation, breach, or termination thereof, shall be resolved exclusively through mandatory binding individual arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules then in effect. The arbitration shall be conducted in the State of Delaware by a single arbitrator selected in accordance with the AAA rules.

YOU AGREE THAT ANY ARBITRATION OR PROCEEDING SHALL BE LIMITED TO THE DISPUTE BETWEEN YOU AND QLM INDIVIDUALLY. TO THE FULLEST EXTENT PERMITTED BY LAW: (A) NO ARBITRATION OR PROCEEDING SHALL BE JOINED WITH ANY OTHER; (B) YOU WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION; AND (C) YOU WAIVE ANY RIGHT TO A TRIAL BY JURY.

Any claim arising out of or related to this Privacy Policy must be filed within one (1) year after the cause of action accrues. Any claim not filed within this period is permanently barred. This one-year limitation period applies regardless of any statute or law to the contrary.

22. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law provisions.

In the event of any ambiguity, conflict, or dispute regarding the interpretation of any provision of this Privacy Policy, such provision shall be interpreted in the manner most protective of and most favorable to QLM. To the extent that any provision of this Privacy Policy conflicts with any applicable law, regulation, or judicial ruling, only the specific conflicting provision shall be modified to the minimum extent necessary to achieve compliance, and all remaining provisions shall continue in full force and effect.

23. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Quantum Learning Machines
Email: privacy@satmastery.app

We will endeavor to respond to all inquiries within a reasonable timeframe.