At AceJAMB, your privacy is important to us. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights under the Nigerian Data Protection Regulation (NDPR) 2019 and other applicable laws.
By using our Service, you consent to the practices described in this Policy. If you do not agree, please do not use the Service.
1. Who We Are (Data Controller)
AceJAMB operates this platform. For data-related queries, contact us at: support@acejamb.com
2. Data We Collect
a) Data you provide directly
- Email address — when you register with email and password
- Name — provided via Google or Apple sign-in (optional for email accounts)
- Password — stored as a one-way encrypted hash; we never see your actual password
b) Data generated by your use of the Service
- Practice session records (questions attempted, answers given, scores)
- Mock exam records (subjects selected, time taken, results)
- Bookmarked questions
- Subject and topic preferences
- AI chat interactions (stored to provide context during a session; not retained permanently)
c) Automatically collected data
- Browser type, device type, and operating system
- IP address and approximate geographic location (country/state level)
- Pages visited, time spent, and clicks (via analytics)
- Session authentication tokens (stored in secure browser cookies)
3. How We Use Your Data
| Purpose | Legal Basis |
|---|
| Create and manage your account | Contract performance |
| Track your study progress and provide personalised results | Contract performance |
| Provide AI-powered study tips and explanations | Contract performance |
| Send account-related emails (verification, password reset) | Contract performance |
| Improve the platform and fix bugs | Legitimate interest |
| Analyse aggregated usage patterns (anonymised) | Legitimate interest |
| Send product updates or marketing emails (with your consent) | Consent |
| Comply with legal obligations | Legal obligation |
| Prevent fraud and enforce our Terms of Service | Legitimate interest |
4. Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication and session management (Supabase auth tokens). You cannot opt out of these and still use the Service.
- Analytics cookies: Used to understand how users interact with the platform (e.g. pages visited, time on page). We use privacy-respecting analytics that do not track you across other websites.
We do not use advertising cookies or sell your data for advertising purposes.
5. Who We Share Your Data With
We do not sell your personal data. We share data only with trusted third-party processors necessary to operate the Service:
| Processor | Purpose | Location |
|---|
| Supabase Inc. | Database, authentication, and storage | USA (AWS) |
| Vercel Inc. | Web hosting and edge network delivery | USA/Global |
| Google LLC | OAuth sign-in; Gemini AI for question generation | USA/Global |
| Apple Inc. | Sign in with Apple (optional) | USA |
| Paystack / Flutterwave | Payment processing (premium features) | Nigeria/Africa |
Cross-border transfers: Your data may be transferred to and stored in countries outside Nigeria (including the United States) where our processors operate. These transfers are protected by standard contractual clauses or equivalent safeguards as required by the NDPR.
6. Data Retention
- Your account data and progress records are retained for as long as your account remains active.
- If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. payment records, which are retained for 7 years).
- Anonymised, aggregated usage data may be retained indefinitely for analytics purposes.
7. Children's Privacy
Our Service is designed for students preparing for Nigerian national examinations, many of whom are aged 16–18. We take children's privacy seriously.
- We do not knowingly collect data from children under 13 without verifiable parental consent.
- If you are between 13 and 17, your parent or guardian must agree to our Terms and this Privacy Policy on your behalf.
- We do not serve targeted advertising to any users, including minors.
- We do not share data about users under 18 with third parties for marketing purposes.
- If you believe a child under 13 has provided us with personal data without parental consent, please contact us immediately at support@acejamb.com and we will delete it promptly.
8. Your Rights
Under the Nigerian Data Protection Regulation (NDPR) and applicable law, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right of Rectification: Request correction of inaccurate or incomplete data.
- Right of Erasure: Request deletion of your personal data (subject to legal retention requirements).
- Right to Object: Object to processing based on legitimate interest (e.g. marketing).
- Right to Withdraw Consent: Where processing is based on consent (e.g. marketing emails), you may withdraw consent at any time.
- Right to Complain: Lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
To exercise any of these rights, contact us at support@acejamb.com. We will respond within 30 days.
9. Security
- All data is transmitted over HTTPS (TLS encryption).
- Passwords are hashed using industry-standard bcrypt hashing — we never store plain-text passwords.
- Authentication is managed by Supabase, which implements Row-Level Security (RLS) to ensure users can only access their own data.
- We regularly review our security practices.
- In the event of a data breach affecting your personal data, we will notify you and the relevant authorities within 72 hours as required by law.
10. Marketing Communications
- We may send you product updates, study reminders, and promotional emails where you have given consent or where permitted by applicable law.
- You can opt out of marketing emails at any time by clicking "Unsubscribe" in any email or by contacting us at support@acejamb.com.
- We do not sell or rent your email address or any personal data to third parties for marketing purposes.
- Transactional emails (account confirmation, password reset, exam reminders) are always sent regardless of marketing preferences.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email or a prominent notice on our website at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the updated Policy.
12. Contact Us
For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer at: support@acejamb.com