Privacy Policy

Last Updated: January 12, 2026

Sharp Test Prep, Inc. ("Sharp," "we," "us," or "our") provides a learning app that helps students practice and analyze standardized test performance. This Privacy Policy explains what we collect, how we use it, how we share it, how long we keep it, and your choices.

1) Information We Collect

Account & Profile

• First name
• Email (if you choose email sign-in) (for account, sign-in, and support). We use Resend to verify emails (e.g., OTP codes).
• Phone number (if you choose phone sign-in) (for account, sign-in, and support). We use Twilio to verify phone numbers (e.g., SMS codes).

Learning Data

• Standardized test information you provide (e.g., test type, test dates, scores)
• Question performance (items attempted, correctness, time on question, skill/difficulty)

Usage & Diagnostics

• Product analytics & session replay via PostHog (e.g., screens viewed, taps/clicks, session metadata). We configure replay to mask/redact sensitive fields where feasible.
• Error/crash monitoring via Sentry (e.g., crash reports, stack traces, device/app version metadata).

Notifications (Push, Email, SMS)

• If you opt in, we send notifications (e.g., reminders, updates) using Klaviyo and the Apple Push Notification service (APNs). We process a device push token to deliver messages. You can turn off push at any time in iOS Settings or in-app where available; email/SMS preferences can be managed via in-message links or by contacting us.

Communications

• Chat/messages you send us (in-app support, email, and SMS threads via Quo (formerly OpenPhone)), kept as a record of conversations.

We do not collect advertising identifiers (IDFA) and we do not use your data for advertising or cross-app tracking.

2) Chrome Extension (Sharp — SAT Practice Test Insights)

What the Extension does

The Extension helps you view and export SAT practice results from College Board's Bluebook "My Practice" site in your browser.

Data collection & processing (default)

By default, the Extension does not collect, transmit, or store personal data. All parsing of page content occurs locally in your browser, and results are displayed only to you.

Optional account sync

If you choose to sign in to your Sharp account from the Extension, we may sync the performance data shown in the Extension to your account to provide cross-device history and insights. Before any sync, we will clearly indicate what is sent and why. You can stop syncing at any time by signing out. If you do not sign in, no data leaves your device.

Permissions

The Extension requests access only to:

• https://mypractice.collegeboard.org/* — to read SAT practice test data while you use the tool.

What we don't do

• We don't track your browsing across other sites.
• We don't access personal information without your consent.
• We don't sell or share your data with third parties for advertising.

3) How We Use Information

• Provide and operate the app (authentication, features, session continuity)
• Personalized analytics for you (progress, skills, recommended practice)
• Troubleshoot & improve (diagnose issues using PostHog/Sentry, measure reliability, UX research)
• Security & compliance (prevent abuse/fraud, meet legal obligations)
• Communications (account notices, support, notifications you opt into)

4) How We Share Information

We do not sell or "share" (for cross-context behavioral advertising) your personal information. We disclose data only to:

• Service providers (processors) that help us run the app, under contract and only on our instructions:
  • Supabase (hosting/storage; primary region US-East)
  • PostHog (product analytics & session replay)
  • Sentry (error/crash monitoring)
  • Resend (email verification)
  • Twilio (SMS/phone verification)
  • Klaviyo (push notifications, email/SMS messaging)
  • Quo (formerly OpenPhone) (two-way texting with users)
• Legal/compliance when required by law, to protect rights, or investigate misuse
• Business transfers (e.g., merger/acquisition) with appropriate safeguards and notice as applicable

5) SMS Privacy (Quo/Twilio/Klaviyo)

Sharp may disclose Personal Data and other information as follows:

• Third parties that help provide the messaging service. We will not share your opt-in to an SMS short code campaign with any third party for purposes unrelated to supporting you in connection with that campaign. We may share your Personal Data with third parties that help us provide the messaging service, including, but not limited to, platform providers, phone companies, and other vendors who assist us in the delivery of text messages (e.g., Quo (formerly OpenPhone), Twilio, Klaviyo).
• Affiliates. We may disclose Personal Data to our affiliates or subsidiaries; if we do, their use and disclosure will be subject to this Policy.
• Opt-in data/consent. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

You can stop SMS at any time by replying STOP (or HELP for help), or by contacting team@getsharp.app.

6) Data Location & Transfers

We host and store data primarily in the United States (US-East) using Supabase. Some providers may process data in other locations under contractual safeguards. We currently operate and target users within the United States.

7) Retention

We keep personal data no longer than necessary for the purposes above. Our current targets:

• Account & profile: for the life of your account, then delete within 90 days of confirmed account deletion (subject to limited legal/backup holds).
• Learning & usage data (including session replay): up to 4 years from last activity, then delete or de-identify.
• Chat/messages: up to 4 years from last activity.

We may retain limited records, including emails, as required by law, to resolve disputes, or for security/audit.

8) Your Choices & Rights

• Access/Update: View or update profile info in the app.
• Delete Account & Data: Initiate deletion in-app (where available) or email team@getsharp.app. We will delete associated personal data except where we must retain some records (e.g., legal, security, limited backups).
• Notifications: Manage push in device settings; manage email/SMS via links or by contacting us.

US State privacy rights (e.g., California): Depending on your state, you may have the right to request access, deletion, correction, and a copy (portability) of certain data. We do not sell or share personal information for advertising. To make a request, email team@getsharp.app. We will verify your request before responding.

9) Security

We use administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS/HTTPS) with our providers:

• Administrative: role-based access, least-privilege, employee practices, vendor due diligence
• Technical: TLS, authentication, logging/monitoring, backups
• Physical: secure data-center facilities provided by hosting partners (restricted access, environmental/physical controls)

No system is 100% secure; please use strong, unique credentials.

10) Children's Privacy (Under 13)

We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will delete it.

11) Changes to This Policy

We may update this Policy from time to time. We will post the revised version with the "Last Updated" date. If changes are material, we may provide additional notice (e.g., in-app).

12) Contact Us

Sharp Test Prep, Inc.
Email: team@getsharp.app
Mailing Address: