Privacy Policy

January 1, 1 4 min read
How Tokenizer Inc. collects, uses, and protects your information across our websites and the Mastery: Pro Exam Prep app. Includes individual rights and enterprise disclosures.

Privacy Policy

Last updated: August 26, 2025

1) Scope & Who We Are

Tokenizer Inc. (“Tokenizer”, “we”, “our”) provides the Mastery: Pro Exam Prep mobile application and related websites.

Covered properties

This Policy explains what we collect, how we use it, and the choices you have. It applies globally and may include jurisdiction-specific disclosures below.

2) Data We Collect

Account & Profile

Name or alias, email, exam selections, region, study preferences.

Purchases & Subscriptions

Order history and receipts (processed by App Store / Google Play); limited billing metadata required for tax and accounting.

Usage & Device

App version, device/OS, language, crash logs, feature interactions, time-on-task. We do not use third-party ad networks.

Content You Submit

Notes, flags, feedback, support messages, and (for enterprise) assessment responses.

Children’s Privacy

Our services are not intended for children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal data from children in those age ranges.

3) How We Use Data

  • Provide and improve features (practice sets, analytics, syncing, crash recovery).
  • Process purchases, subscriptions, and account administration.
  • Personalize study plans and recommendations.
  • Communicate about updates, new content, and service notices.
  • Detect abuse, maintain integrity (e.g., proctoring, randomization for enterprise assessments).
  • Comply with legal, accounting, and tax requirements.

Legal bases (where applicable): consent, performance of a contract, legitimate interests (e.g., service security, product improvement), and legal obligations.

4) Sharing & Processors

  • Service providers (processors): cloud hosting, analytics, error/crash reporting, email delivery, and payment platforms (App Store / Google Play). These providers only process data under our instructions and agreements.
  • Enterprise customers: where your organization provides access, we may share progress and assessment results with designated admins under the enterprise agreement.
  • Legal & safety: to comply with law, enforce terms, or protect rights, property, or safety.
  • Business transfers: in a merger, acquisition, or asset sale, data may transfer as permitted by law.
No selling of personal data: We do not sell personal information and we do not use third-party advertising networks.

5) Retention

  • Account data: kept while your account is active; deleted or anonymized upon verified request or after inactivity per our internal schedule.
  • Purchase records: retained for at least 7 years to meet accounting/tax obligations.
  • Support tickets & feedback: typically 24 months.
  • Logs & diagnostics: typically 12–24 months.
  • Backups: rolling backups are purged on a schedule (commonly 30–90 days).

6) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data and risks (e.g., access controls, encryption in transit, environment segmentation, and monitoring). No system is perfectly secure; please notify us promptly if you suspect unauthorized activity.

7) Cookies & Tracking

Our websites may use essential cookies for core functionality and limited, privacy-respecting analytics to understand usage and improve features. We do not run third-party ad networks or cross-site tracking for advertising.

You can manage website cookies via your browser settings and (where available) our cookie preferences link in the footer.

8) Your Privacy Rights

Access, Correction, Deletion

You may request a copy of your data, ask us to correct inaccuracies, or delete your account (subject to legal retention). We will verify your identity before fulfilling requests.

Opt-Outs & Preferences

You can opt out of non-essential emails, and you may limit analytics/cookies where offered. We do not sell personal data.

Jurisdictional notes

  • Canada (PIPEDA): you have rights to access and correct personal information; contact us to exercise these rights.
  • EU/EEA & UK (GDPR/UK GDPR): rights include access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your supervisory authority.
  • California (CCPA/CPRA): rights include to know, delete, correct, and opt out of certain sharing. We do not “sell” personal information as defined by CCPA.
Submit a Privacy Request Request Account Deletion

9) International Data Transfers

We may process and store data in Canada, the United States, and other countries where our service providers operate. When transferring personal data from the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses, as applicable.

10) Enterprise (B2B) Disclosures

For enterprise customers, we typically act as a processor for end-user assessment data and as a controller for account, billing, and platform operations data. A Data Processing Addendum (DPA) is available upon request. We provide SSO integrations and controls to help administrators manage access and retention.

11) Changes & Contact

We may update this Policy to reflect product, legal, or operational changes. We will revise the “Last updated” date and, where required, provide additional notice.

Contact Us

Questions, concerns, or rights requests:

privacy@tokenizer.ca support@tokenizer.ca

Mailing Address

Tokenizer Inc. — Privacy
Canada

If you have an unresolved privacy concern, you may have the right to contact your local data protection authority.

FAQ | AccountingExamsMastery.ca

Mastery Education

We make complex finance and technology clear and actionable.