Privacy Policy

1. Introduction

ProdExam ("Service") is operated by Montague Labs LLC, a Delaware-registered company ("Company," "we," "us," or "our"). This Privacy Policy describes how we collect, use, and share information when you use ProdExam, including our web application, dashboard, SDK, and any other products or services we provide.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and any profile information you provide. If you sign in via Google OAuth, we receive your Google user ID, name, email, and avatar.

Authentication Data

We store authentication tokens to maintain your session and enable features that connect with third-party services.

Test & Project Data

Tests, questions, projects, and configuration you create in ProdExam are stored in our database so we can deliver them to your testers and surface results to you.

Test Participant Responses

When participants complete a test you share with them, we collect their responses, any pinned comments, screenshots, session metadata (e.g. page URL, viewport size, user agent), and any identifying information they provide (such as email or name, if requested by your test). As the test creator, you are the controller of this data; ProdExam processes it on your behalf.

Payment Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status, but we do not store your full credit card details on our servers.

Usage Data

We track usage metrics such as the number of tests created, sessions captured, responses collected, and AI analyses used, in order to enforce plan limits and improve the Service.

Log & Device Data

Like most web services, we automatically collect IP addresses, browser type, operating system, referring URLs, and access timestamps when you interact with the Service.

3. How We Use Your Information

• Provide, maintain, and improve the Service.
• Authenticate users and secure accounts.
• Process subscription payments and manage billing.
• Send transactional and account-related emails.
• Generate AI-powered summaries, sentiment scores, and insights from responses.
• Enforce plan usage limits and detect abuse.
• Respond to inquiries and provide customer support.
• Protect against fraud, abuse, and security threats.
• Comply with legal obligations.

4. Third-Party Services

We rely on trusted third-party providers to operate ProdExam. Each is bound by its own privacy commitments:

• Supabase — Database, authentication, and file storage.
• Stripe — Payment processing and subscription management.
• OpenAI — AI analysis of responses for sentiment, themes, and executive summaries.
• Resend — Transactional email delivery.
• Render — Application hosting and infrastructure.

5. Data Storage & Security

We implement industry-standard security measures to protect your information, including encryption in transit and at rest, secure authentication, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information while your account is active or as needed to provide the Service. When you delete your account, we remove your personal data except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Test participant responses are retained for as long as the test owner's account is active or until the test owner deletes them, whichever is sooner.

7. Your Rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your account and associated data.
• Export a copy of your data.
• Cancel your subscription at any time.
• Opt out of non-essential communications.

To exercise any of these rights, email hi@testflow.app. We may need to verify your identity before processing the request.

8. Children's Privacy

ProdExam is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us information, contact us at hi@testflow.app and we will promptly delete it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and third-party service providers are located. We take steps to ensure your data receives an adequate level of protection wherever it is processed.

10. California Privacy Rights (CCPA)

If you are a California resident, the CCPA grants you additional rights:

• Right to Know — Request disclosure of the categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it in the past 12 months.
• Right to Delete — Request deletion of your personal information through your account settings or by contacting us.
• Right to Opt-Out of Sale — We do not sell your personal information to third parties. No opt-out is required.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.

Under California's "Shine the Light" law, we do not share personal information with third parties for their own direct-marketing purposes. To submit a request, email hi@testflow.app. We verify identity before responding and will reply within 45 days.

11. Cookies & Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Service, and understand how it is used. You can configure your browser to refuse cookies, but some features may not work as intended if you do.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page and update the effective date. Your continued use of the Service after the update constitutes acceptance of the revised policy.

14. Contact

If you have questions about this Privacy Policy, contact us:

• Email: hi@testflow.app
• Mailing Address: Montague Labs LLC, c/o LEGALINC CORPORATE SERVICES INC., 131 Continental Dr, Ste 305, Newark, DE 19713, United States