528
528-prep

Privacy

Last updated: 2026-05-06

What we collect

  • An anonymous device token (16 hex chars) so your saved schedules and notes stay tied to your browser without needing an account.
  • Your email — only if you choose to sign in via a magic link, so your library is accessible from other devices.
  • Whatever you put into the schedule form (exam date, hours per day, weak subjects, vacation days) and the lecture-notes form (slide PDFs, transcripts, course tags, titles).
  • Anonymous web traffic data (URL visited, referrer, country, device type) via Vercel's built-in analytics. Cookieless, no individual user tracking.
  • If you check out, Stripe collects card details directly — we never see them. If you book a consulting session, Cal.com collects what you put into their form.

What we store

  • Generated schedules and lecture notes, keyed by your token (and your email if you signed in). Records have a 5-year TTL that refreshes on every read/write — an active account's data effectively never expires.
  • Note content as markdown in our database (Upstash Redis). Slide PDFs you upload get rasterized into per-slide PNGs and stored on Vercel Blob with unguessable URLs. The original PDF itself lives in our staging KV for one hour during generation, then is deleted.
  • Slide PNGs are deleted from Blob when you delete the corresponding note.
  • One HTTP-only secure session cookie if you sign in via magic-link (30-day expiry).
  • Consulting booking metadata (date, time, your email) — kept for 2 years so we both have a record.

Third parties we send data to

  • Anthropic — your slide PDFs and transcripts go to Anthropic's API for the notes generation. Per their policy, content is retained for abuse-review only and is not used for model training.
  • Resend — sends the magic-link sign-in email and the post-purchase welcome email.
  • Vercel — our hosting, serverless functions, blob storage (slide PNGs), and analytics. Upstash Redis (via Vercel) holds the metadata.
  • Stripe — payment processing. We share your token + product info; Stripe collects everything else directly from you.
  • Cal.com — consulting booking calendar. Their privacy policy applies to anything you put into their form.

What we don't do

No third-party analytics like Google Analytics or Mixpanel. No ad networks, no tracking pixels, no remarketing. No email marketing — your email is only used for sign-in links and purchase receipts. We don’t see or store your card details. We don't sell or share data with anyone outside the services listed above.

Your rights

Email hello@528-prep.com to:

  • Delete your account and every record tied to it (schedules, notes, slide PNGs, bookings, email).
  • Get a copy of everything we have on you.
  • Refund a purchase made in the last 7 days.

Same address, same person reading it. Usually within 24 hours.

Cookies

One HTTP-only session cookie (528prep_session) after you sign in via magic-link, expires after 30 days. No analytics cookies, no marketing cookies, no third-party cookies. Vercel's analytics are cookieless.

Changes

If we change anything material — what we collect, who we send it to, how long we keep it — the date at the top updates and signed-in accounts get an email.

    Privacy — 528-prep