# Privacy Policy - Mastery

**Last Updated:** April 12, 2026

## 1. Overview

Mastery ("Company," "we," "us," "our") operates the Mastery mobile application and website (the "Service"). This Privacy Policy explains our practices regarding information collection, use, and protection for users of our application.

## 2. Information We Collect

### 2.1 Information You Provide
- **Account Information:** Name, email address, password, profile preferences
- **Payment Information:** Payment method details (processed securely through Stripe)
- **Profile Data:** Avatar, preferences, content interests
- **Communication:** Support inquiries, feedback, bug reports

### 2.2 Information Collected Automatically
- **Device Information:** Device type, OS version, unique identifiers
- **Usage Data:** Features accessed, content watched, viewing duration
- **Performance Data:** Crash reports, error logs
- **Network Information:** IP address (for security and analytics)

### 2.3 Analytics & Tracking
We use analytics services to understand user engagement:
- **Google Analytics:** User behavior, feature usage
- **Crash Reporting:** App stability monitoring
- **Session Recording:** Optional, for UX improvement (opt-in only)

## 3. How We Use Your Information

- **Service Delivery:** Provide, maintain, and improve the Mastery platform
- **Subscriptions:** Manage billing, trials, and subscription status
- **Communications:** Account updates, service notices, support responses
- **Security:** Detect and prevent fraud, unauthorized access
- **Analytics:** Improve features, understand user preferences
- **Legal Compliance:** Fulfill legal obligations

## 4. Information Sharing

We **do not sell** your personal data. We share information only with:
- **Service Providers:** Stripe (payments), Vercel (hosting), analytics services
- **Legal Requirements:** When required by law or to protect rights
- **Business Transfers:** If company is acquired (with privacy continuity)

## 5. Data Security

- Encrypted transmission (HTTPS/TLS for all connections)
- Secure password storage (bcrypt hashing)
- API authentication via secure tokens
- Regular security updates and patches
- Limited access to personal data (least privilege)

## 6. Your Rights & Controls

### 6.1 Access & Portability
Request a copy of your personal data at any time via the app account settings or support email.

### 6.2 Deletion
You can delete your account and all associated data through:
- App Settings → Account → Delete Account
- Or by contacting support@mastery.example.com

Account deletion is permanent and cannot be undone.

### 6.3 Data Preferences
- Disable analytics: Settings → Privacy → Analytics
- Disable notifications: Device settings or app notification preferences
- Opt-out of marketing emails: Email footer "Unsubscribe" link

### 6.4 Applicable Rights
- **US (CCPA/CPRA):** Right to know, delete, opt-out
- **EU (GDPR):** Right to access, erasure, portability
- **UK (UK GDPR):** Same as EU GDPR

## 7. Children's Privacy

Mastery is intended for adult learners (18+). We do not knowingly collect data from users under 13. If we discover such collection, we will delete it immediately. Parents/guardians: contact us at privacy@mastery.example.com if concerned.

## 8. Retention

- **Account Data:** Retained while account active + 90 days after deletion
- **Billing Data:** Retained per legal requirements (7 years for tax purposes)
- **Analytics Data:** Aggregated after 26 months, PII removed
- **Crash Reports:** Retained for 90 days then deleted

## 9. Third-Party Services

- **Stripe:** Payment processing (see [Stripe Privacy](https://stripe.com/privacy))
- **Vercel:** Hosting (see [Vercel Privacy](https://vercel.com/privacy))
- **Google Analytics:** Analytics (see [Google Privacy](https://policies.google.com/privacy))

## 10. California Residents (CCPA)

You have the right to:
- Know what personal data is collected
- Delete personal data (with exceptions)
- Opt-out of data sales (we don't sell data)
- Non-discrimination for exercising rights

**Requests:** Submit via Settings → Privacy → Data Request or email privacy@mastery.example.com

## 11. EU Residents (GDPR)

You have the right to:
- Access your data
- Correct inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Restrict processing
- Object to processing

**Data Controller:** Mastery Inc., privacy@mastery.example.com  
**Requests:** Privacy dashboard or email above

## 12. Cookie Policy

We use:
- **Essential:** Session management, security
- **Analytics:** Google Analytics (anonymized)
- **Advertising:** Not used (no third-party ads)

Users can manage cookies via browser settings.

## 13. Contact & Support

**Privacy Questions or Requests:**
- Email: privacy@mastery.example.com
- In-App: Settings → Help & Support → Contact Us
- Mail: Mastery Inc., Privacy Team, [Address]

**Data Protection Officer (EU):**
- Email: dpo@mastery.example.com

## 14. Changes to This Policy

We may update this policy. Material changes will be notified via:
- In-app notification
- Email (for material changes)
- Updated "Last Updated" date

Your continued use constitutes acceptance of updated policy.

---

**Version:** 2.0  
**Effective:** April 12, 2026  
**Status:** COMPLIANT with GDPR, CCPA, UK GDPR, Apple/Google requirements

---

This policy is for informational purposes. For legal review and finalization, consult with legal counsel in your jurisdiction.