ABA MasteryBeta

Privacy Policy

Last updated · May 12, 2026

What we collect, why we collect it, who we share it with, and how to get your data back or have it deleted.

In short

We collect the minimum information needed to run ABA Mastery: your email and name to identify your account, your study activity so we can show you your progress, and your fieldwork entries because that's the feature. We don't sell your data, and we don't show you ads. The full details are below.

1. What we collect

Account information

  • Your email address and name.
  • A hashed version of your password (we never see the plaintext).
  • Or, if you sign in with Apple or Google: a stable identifier from those providers.
  • Your subscription tier and billing status.

Study activity

  • Quizzes you take, questions you answer, and whether you got them right.
  • Flashcards you review and your spaced-repetition schedule.
  • Bookmarks and notes you create.
  • Your readiness score, streak, and per-domain mastery, derived from the above.

Fieldwork data

  • Your fieldwork profile, supervisors, and individual entries.
  • Hours, activity types, settings, optional client initials, and your activity descriptions.

AI Study Partner conversations

  • The messages you send to the AI tutor and the responses it generates.

Operational data

  • Standard server logs (IP address, user-agent, request timestamps) for security and debugging.

2. How we use it

  • To provide the Service: render your dashboard, run the quiz engine, compute your readiness score, schedule flashcard reviews, track your fieldwork.
  • To bill you, via Stripe, if you have a paid plan.
  • To send you account-related email (password resets, billing notifications, optional study reminders).
  • To improve the Service: we may review anonymized usage patterns to find broken explanations, confusing questions, or bugs.
  • To prevent abuse and enforce the Terms of Service.

We do not sell your personal information. We don't run advertising on ABA Mastery. We don't share your study activity or fieldwork data with third parties for marketing.

3. Third-party services we use

To run the Service we share certain data with a small number of processors, each under a contract that limits how they may use it:

  • Anthropic: when you message the AI Study Partner, your prompt (and limited recent conversation context) is sent to Anthropic's Claude API to generate a response. Anthropic's privacy terms govern that processing.
  • Stripe: handles all payments. We never see your card number; Stripe gives us a reference token.
  • Resend: sends our transactional email (password resets, receipts, optional study reminders).
  • Hetzner: hosts our servers and database in their data centers.

We don't transfer your AI tutor conversations to anyone other than Anthropic, and we don't use them to train any model.

4. Cookies and similar tech

We use a small set of strictly necessary cookies to keep you signed in (an httpOnly access token and a refresh token). We don't use advertising cookies, and we don't run third-party analytics scripts in the app.

5. How long we keep your data

  • Account data and study activity: as long as your account is active.
  • AI tutor conversations: stored alongside your account so you can review history; deleted when you delete your account.
  • Fieldwork entries: kept while your account is active. The BCBA requires you to retain fieldwork documentation for at least 7 years; you're responsible for keeping your own copies if you close your account.
  • Server logs: typically rotated within 30 days.

6. Your rights

You can export your data (your account, study history, fieldwork log, and AI conversations) at any time from your account settings. You can delete your account from the same screen; we remove your personal data within 30 days. We may retain aggregated, anonymized statistics that can no longer be linked back to you.

If you're in California, the EU, the UK, or another jurisdiction that gives you additional data rights, you have them with us. Email privacy@abamastery.app with the specific request and we'll respond within 30 days.

7. Security

We hash passwords with bcrypt, transport everything over TLS, store access tokens in httpOnly cookies, and run on hardened infrastructure. No system is perfectly secure; we'll notify affected users promptly if we ever learn of a breach involving your data.

8. Children

ABA Mastery is for adults studying for the BCBA exam. We don't knowingly collect personal information from anyone under 18. If you believe a minor has created an account, email us and we'll close it.

9. Changes to this policy

When we change this Privacy Policy we'll update the "Last updated" date at the top. For material changes we'll also notify you by email before they take effect.

10. Contact

Privacy questions go to privacy@abamastery.app. Everything else: hello@abamastery.app.