Privacy Policy

FE Tactical Press ("we", "us", "our") operates the website https://www.feotherdisciplines.com and the FE Other Disciplines Simulator ("the Service"). We are the data controller for the personal data described in this policy.

Contact for privacy matters: privacy@feotherdisciplines.com

2.1 Data you provide directly

• Account registration: full name, email address, password (hashed — never stored in plaintext).
• Profile settings: exam date (optional).
• Access code redemption: the code you enter (stored as redeemed; no financial data).
• Support communications: any messages you send to our contact email.

2.2 Data generated by your use of the Service

• Exam activity: questions attempted, answers selected, time per question, session scores, and topic accuracy. This data powers your performance dashboard and is the core product functionality.
• Session metadata: drill type, start/end timestamps, number of questions completed.
• Access status: access expiry date, renewal history.

2.3 Data collected automatically

• Log data: IP address, browser type, pages visited, referring URL, timestamps. Collected by our infrastructure and error-monitoring providers.
• Cookies: authentication session cookie (strictly necessary, no expiry set beyond session). Analytics cookies are set only after you accept via the cookie consent banner. See Section 5 for details.
• NCEES Handbook PDF: if you upload the NCEES handbook into the split-screen viewer, it is stored locally in your browser via IndexedDB. It is never transmitted to our servers.

2.4 Payment data

We do not store payment card details. All payment processing is handled by Stripe, Inc. Stripe may collect your card number, billing address, and payment method. See stripe.com/privacy. We receive from Stripe only: a transaction ID, the product purchased, and your email address.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:

• Contract (Art. 6(1)(b) GDPR): exam activity data, account data — necessary to provide the Service you signed up for.
• Legitimate interests (Art. 6(1)(f) GDPR): error monitoring, security logs, fraud prevention — necessary to operate a secure service.
• Consent (Art. 6(1)(a) GDPR): analytics cookies (PostHog) — only after you accept via the cookie banner. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): transaction records kept for tax and accounting compliance.

We use the following sub-processors. Each is bound by a Data Processing Agreement (DPA) where required by GDPR.

SCCs = Standard Contractual Clauses (EU Commission-approved transfer mechanism).

• sb-auth-token (strictly necessary): Supabase session cookie. Set on login, deleted on logout. Not subject to consent.
• PostHog analytics cookies (optional): set only if you click "Accept" on the cookie banner. Used to track page views, feature usage, and funnel analysis in aggregate. You may opt out at any time by clicking "Manage preferences" in the banner.

We do not use advertising cookies, tracking pixels, or third-party retargeting.

• Account and exam data: retained for the lifetime of your account, plus 90 days after deletion request (to allow dispute resolution).
• Payment records: retained for 7 years for tax compliance (Italian and US law).
• Error logs: retained 30 days by Sentry.
• Rate-limiting data (IP): retained for 1 hour maximum in Upstash Redis.

If you are in the EEA, UK, or Switzerland, you have the following rights under GDPR:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate data via your account settings or by contacting us.
• Erasure: request deletion of your account and associated data (subject to legal retention obligations).
• Restriction: ask us to restrict processing in certain circumstances.
• Portability: receive your exam activity data in a machine-readable format (JSON) on request.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: withdraw analytics consent at any time via the cookie banner.
• Lodge a complaint: with your national data protection authority (e.g., Garante Privacy in Italy, ICO in the UK).

To exercise any right, email privacy@feotherdisciplines.com. We will respond within 30 days.

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately and we will delete it.

We implement industry-standard security measures: passwords hashed with bcrypt, data in transit encrypted via TLS 1.3, database access restricted by row-level security (Supabase RLS), API keys stored as environment variables and never exposed client-side. No security measure is 100% guaranteed; we will notify you and relevant authorities of any breach as required by GDPR Art. 33–34.

We may update this policy when our practices change or when required by law. We will notify registered users by email at least 14 days before material changes take effect. The "Effective date" at the top of this page will always reflect the current version.

FE Tactical Press
Email: privacy@feotherdisciplines.com
Website: https://www.feotherdisciplines.com