Exmora
Sign InGet Started

Privacy Policy

Last updated: March 2, 2026

At Exmora, we take your privacy seriously. This Privacy Policy describes how we collect, use, and protect your personal information when you use our cloud certification exam preparation platform ("the Service"). This policy is designed to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

Information You Provide

  • Account information: name, email address, and password
  • Payment information: processed securely by Stripe (we do not store card details)
  • Profile preferences and settings
  • Support inquiries and feedback

Information Collected Automatically

  • Usage data: exam sessions, answers, scores, study patterns, and feature usage
  • Device information: browser type, operating system, and screen resolution
  • Log data: IP address, access times, and pages viewed
  • Cookies and similar tracking technologies (see Section 4)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Generate personalized analytics (score trends, domain heatmaps, readiness scores)
  • Power spaced repetition scheduling and adaptive question selection
  • Send account-related communications (password resets, billing notifications)
  • Respond to support requests
  • Analyze aggregate usage to improve our question bank and features
  • Detect and prevent fraud or abuse

3. Legal Basis for Processing

Under the GDPR, we process your data based on the following legal grounds:

  • Contract performance: processing necessary to provide the Service you signed up for
  • Legitimate interest: analytics and product improvement, fraud prevention
  • Consent: optional marketing communications (you can opt out at any time)
  • Legal obligation: tax and financial record-keeping requirements

4. Cookies and Tracking

Exmora uses cookies and similar technologies to maintain your session, remember your preferences (such as dark mode), and understand how you use the Service.

  • Essential cookies: required for authentication and core functionality
  • Analytics cookies: help us understand usage patterns and improve the Service

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent some features from functioning correctly.

5. Third-Party Services

We share limited data with trusted third-party services that help us operate the platform:

  • Stripe: payment processing. Stripe handles your payment information under its own privacy policy.
  • Analytics providers: anonymized usage data to help us understand product performance
  • Cloud infrastructure: hosting and data storage providers with appropriate security certifications

We do not sell your personal data to third parties. We do not share your data for third-party advertising purposes.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records).

Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytics and product improvement purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), secure password hashing, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your personal data ("right to be forgotten")
  • Portability: request your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interest
  • Restriction: request restricted processing in certain circumstances

CCPA rights: California residents have the right to know what personal information is collected, request its deletion, and opt out of the sale of personal information. Exmora does not sell personal information.

To exercise any of these rights, contact us at support@exmora.app. We will respond within 30 days.

9. Children's Privacy

Exmora is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. International Data Transfers

Your data may be processed in countries other than your own. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. We encourage you to review this page periodically for the latest information.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@exmora.app.