Privacy Policy

The controller is NextPrep Academy. Contact: info@paoloronco.it.

Business address: Business address to be added before public launch.

• Account data, including email address, authentication provider, Firebase user identifier, email verification state, and session records.
• Purchase and entitlement data, including Stripe customer, checkout, subscription, payment references, selected plan, access status, and purchase events.
• Product usage data, including protected course viewer access, quiz access, AI credit usage, rate-limit records, and dashboard activity needed to operate the service.
• AI assistant content, including messages you submit, assistant responses, timestamps, and related user identifiers needed to provide and protect the chat feature.
• Support and transactional email data, including messages required for verification, password reset, purchase confirmation, and account support.
• Newsletter and marketing preference data, including subscription status, consent timestamp, confirmation status, unsubscribe status, and related email delivery records.
• Analytics data, if you consent, including page views, traffic source, browser and device information, approximate location, and aggregate interaction data collected through Google Analytics.
• Technical data, including IP-related security records, request metadata, error logs, device or browser information, and security audit information.

• To create accounts, authenticate users, verify email addresses, maintain sessions, and protect access to paid content.
• To process payments, subscriptions, refunds, invoices, plan changes, and fraud prevention through Stripe.
• To provide protected course access, quiz access, daily AI credits, the AI study assistant, and related product features.
• To send transactional messages such as email verification, password reset, purchase confirmation, and credit-limit notices.
• To send optional newsletter, course update, and preparation reminder emails only where the relevant marketing consent or preference is active.
• To measure aggregate site traffic and product usage through Google Analytics only when analytics consent has been provided.
• To secure the service, enforce rate limits, detect abuse, debug errors, and maintain service reliability.
• To comply with legal, tax, accounting, consumer protection, and regulatory obligations.

We process data where it is necessary to perform the service contract, where we have a legitimate interest in securing and improving the service, where we must comply with legal obligations, and where consent is required for a specific optional activity.

Newsletter and promotional email subscriptions are optional and based on consent. Consent is not required to create an account, buy a course, or use paid features. You may withdraw newsletter consent at any time through the unsubscribe link or account email preferences.

We use service providers only where needed to operate the product. This may include Firebase and Google Cloud for authentication, database, and email workflows; Stripe for checkout, billing, and payment processing; Google Analytics for optional consent-based traffic measurement; n8n or a configured automation endpoint for the AI assistant workflow; email delivery infrastructure for transactional and newsletter email; and OAuth providers such as Google or GitHub when you choose those login methods.

Payment card details are handled by Stripe and are not stored by NextPrep Academy.

• Account and entitlement records are kept while the account is active and as needed for support, security, and legal obligations.
• Session records are retained until they expire or are revoked, plus a limited period needed for security logs.
• Purchase, refund, invoice, and tax records are retained for the period required by applicable law.
• AI chat records and product usage records are retained as needed to provide the feature, enforce credits, debug issues, and protect the service.
• Transactional email records are retained for operational evidence and support for a limited period unless legal obligations require longer retention.
• Newsletter consent and unsubscribe records are retained as needed to prove consent, respect opt-outs, and avoid sending further marketing email after withdrawal.

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also withdraw consent where processing is based on consent.

To exercise these rights, contact info@paoloronco.it. You may also have the right to complain to your local data protection authority.

Providers may process data in countries other than your own. Where required, we rely on appropriate transfer mechanisms and provider commitments. We use access controls, server-side session validation, httpOnly cookies, rate limiting, and provider security controls to protect the service.

The service is not directed to children. If you believe a child has provided personal data, contact us so we can review and remove it where appropriate.