Plain-English summary
We try to collect as little as possible to run the service. In short:
- We need your email and a name to create an account and send important messages (sign-in, receipts, password resets).
- We store your practice answers, AI scores and progress so you can come back to them and track improvement over time.
- Your Writing and Speaking submissions are sent to Google Gemini to generate feedback and an estimated CLB band — they are processed in the United States.
- We don’t see your card details — payments are handled by Stripe, a PCI-DSS-certified processor.
- We don’t sell your personal information to anyone, ever.
Who this applies to
This Policy applies to celpiptest.organd any related subdomains, applications and services we operate (collectively, the “Service”). It applies whether you are a registered user, a free-trial user, a paying subscriber, or simply browsing public pages.
Who is responsible (controller)
CelpipTest (“CelpipTest”, “we”, “us”) is an independent project operated by an individual based in Nova Scotia, Canada. We are not (yet) incorporated as a company. The operator personally acts as the Privacy Officer for the purposes of this Policy and Canadian privacy law. You can reach the Privacy Officer using the contact details in section 19; on written request, we will provide the operator’s legal name and a postal address for formal correspondence.
Information we collect
We group the data we collect into the following categories:
Account information
- Display name and email address.
- Password (stored as a one-way hash — we never see your plaintext password).
- If you sign in with Google: your Google account ID, email and basic profile information provided by Google OAuth.
- Email-verification status and timestamps.
Learning and assessment data
- Lessons started and completed, time spent, attempts and per-section scores.
- Mock-exam attempts, your answers, and the resulting CLB band estimates.
- Writing submissions (the text you type for emails and survey responses).
- Speaking submissions (the audio recordings you submit for each speaking task) and their machine-generated transcripts.
- AI-generated feedback, rubric scores and notes attached to your submissions.
- Study preferences such as target exam date, target band, daily-goal minutes.
Billing information
- Plan you selected (Weekly, Monthly, Yearly, Lifetime), subscription status and renewal dates.
- Stripe customer ID, subscription ID and last-payment intent ID.
- Coupon code redeemed (if any) and the timestamp it was applied.
- We do not store full card numbers, CVC or bank details.Those are entered directly into Stripe’s secure form and held by Stripe.
Communications
- Messages you send through the in-product feedback form.
- Emails we send you via Resend (sign-in, password reset, receipts, optional product updates) and your engagement with them.
Technical and usage data
- IP address, user-agent, device, browser, language, approximate location (derived from IP) and timestamps of requests.
- Cloudflare Turnstile signals used to verify that you are a human (and not a bot) on sign-up, sign-in and feedback forms.
- Pages viewed, features used, errors encountered — kept in our server logs and any privacy-respecting analytics we use.
Marketing-attribution data
- Referral / promo code used at signup (e.g.
?ref=...), UTM parameters (campaign, medium), and the source you told us about during onboarding (Google, social, referral, consultant, etc.). We use this only to understand which channels work, not to build advertising profiles.
Why we use it (purposes)
We use your personal information for the following purposes only:
- Provide the Service — create your account, save progress, generate AI feedback, run mock exams, deliver lessons.
- Process payments — start, renew, change or cancel subscriptions; issue receipts and apply coupons.
- Communicate with you — transactional emails (sign-in, password reset, receipts), respond to your support messages, and — if you opted in — send product updates.
- Keep the Service safe — detect fraud, abuse, scraping and other violations of the Terms; enforce rate limits and bot protection.
- Improve the product — analyse aggregate, de-identified usage trends to decide what to build next, improve scoring rubrics and fix bugs.
- Comply with the law — meet our obligations under Canadian and other applicable laws and respond to valid legal requests.
Legal basis & your consent
Under the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and substantially similar provincial laws (Alberta PIPA, British Columbia PIPA, Quebec Law 25), we rely on your consent to collect, use and disclose your personal information — given when you create an account and use the Service. For certain processing we may also rely on legitimate business interests (e.g. fraud prevention) or to perform our contract with you (e.g. billing). You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice — see Your rights.
AI scoring of Writing & Speaking
To deliver feedback on your Writing and Speaking practice, we send your submission (text, audio and a generated transcript) to Google Gemini (Google LLC / Google Ireland Limited), a large-language-model API. Specifically:
- The submission is processed in Google data centres in the United States.
- Per Google’s API terms for paid Gemini usage, your submission is not used to train Google’s models. We do not opt in to model improvement.
- The model returns a structured response (rubric scores, per-criterion notes and an overall CLB band estimate). We store this response alongside your submission.
- AI scores are estimates, not official CELPIP results. Only Paragon Testing Enterprises issues real CELPIP scores.
Cookies & similar technologies
We use the following types of browser storage:
- Strictly necessary — session and authentication cookies set by Better Auth so you stay signed in; CSRF and security tokens; Cloudflare Turnstile tokens. The Service will not work without these.
- Functional — small amounts of
localStorageused to remember UI preferences (e.g. last lesson opened, audio volume). - Payments — cookies set by Stripe on its checkout / customer-portal pages for fraud prevention and session continuity.
We do not currently use third-party advertising cookies or cross-site tracking. If we add analytics in the future, we will use a privacy-respecting tool that does not require a cookie banner under PIPEDA, or we will request your consent.
Service providers we share data with
We share personal information only with vendors who help us run the Service, under contracts that limit their use of your data to that purpose. Today these are:
- Stripe, Inc. (United States) — payment processing, subscription management, fraud prevention.
- Google LLC — Gemini API (United States) — AI scoring of Writing and Speaking submissions.
- Google LLC — Sign in with Google (United States) — optional OAuth sign-in.
- Resend Inc. (United States) — sending transactional and product email.
- Cloudflare, Inc. (United States) — DNS, CDN, DDoS protection and Turnstile bot mitigation.
- MongoDB Atlas / hosting infrastructure — database and application hosting (region disclosed on request).
We may also disclose information when required by law, to enforce our Terms of Service, to protect the rights, property or safety of users, or in connection with a corporate transaction (merger, acquisition, sale of assets) — in which case we will require the recipient to honour this Policy.
We do not sell your personal information.
International transfers
Some of our service providers (Stripe, Google, Resend, Cloudflare) are located in the United States, and your information may be processed there. When personal information is transferred outside Canada, it becomes subject to the laws of that country, including lawful access by foreign authorities. We rely on contractual safeguards (including Standard Contractual Clauses where applicable) and on each provider’s privacy and security commitments to protect your data.
How long we keep your data
- Account data: while your account is open, plus up to 30 days after you delete it (to recover from accidental deletion and complete pending operations).
- Practice answers, AI feedback and progress: while your account is open, unless you delete them earlier from inside the app.
- Billing records (invoices, payment IDs): kept for at least seven (7) years as required by Canadian tax and accounting law.
- Server and security logs: typically 30–90 days.
- Backup snapshots: rolling, typically up to 35 days.
After these periods, your information is either permanently deleted or irreversibly anonymised so it can no longer identify you.
How we protect your data
- HTTPS/TLS in transit for all traffic to and from the Service.
- Passwords are hashed with industry-standard algorithms (bcrypt) — we never store them in plaintext.
- Access to production systems is limited to authorised personnel, requires strong authentication, and is logged.
- Database backups, principle-of-least-privilege access controls, and routine dependency updates.
No system is perfectly secure. If we ever suffer a breach that creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada (and other regulators as required) without undue delay, in line with PIPEDA’s breach-notification requirements.
Your rights
You have the following rights with respect to your personal information:
- Access — ask for a copy of the personal information we hold about you.
- Correction — ask us to correct inaccurate or incomplete information.
- Deletion — ask us to delete your account and associated data, subject to retention required by law.
- Withdrawal of consent — at any time, by contacting us. Note that some features of the Service may stop working without that consent.
- Portability — receive a machine-readable export of your practice data.
- Complaint — file a complaint with the Office of the Privacy Commissioner of Canada or your provincial regulator.
Most of these rights can be exercised directly from /account. For anything else, email our Privacy Officer (section 19) and we will respond within 30 days.
Marketing emails (CASL)
Under Canada’s Anti-Spam Legislation (CASL), we send commercial electronic messages (e.g. product updates, tips, promotional offers) only with your express opt-in consent, given separately from the rest of sign-up. Transactional emails (sign-in, receipts, security alerts, account notices) are sent under implied consent because they are necessary to provide the Service. Every commercial email includes:
- Our identity and contact information.
- A working unsubscribe link that takes effect within 10 business days.
Quebec residents (Law 25)
If you are a resident of Quebec, the Act respecting the protection of personal information in the private sector (as modernised by Law 25) gives you additional rights:
- The right to be informed when your personal information is communicated outside Quebec (see International transfers).
- The right to be informed when a decision is based exclusively on automated processing and to request a review by a human. AI-generated CELPIP band estimates are study aids, not consequential decisions about you, but you may always ask us to review them.
- The right to data portability and to request that your data be transferred to a designated person or organisation in a structured, commonly used format.
Our Privacy Officer (see section 19) acts as the person-in-charge of personal information protection for the purposes of Law 25.
Users in the EEA / UK
The Service is offered to people in Canada, but if you happen to be located in the European Economic Area, the United Kingdom or Switzerland, the GDPR / UK GDPR applies to the extent we offer services to you. Our legal bases are: performance of a contract (running your account), legitimate interests (security, product improvement) and consent (marketing). You have GDPR rights of access, rectification, erasure, restriction, portability, objection and the right to lodge a complaint with your local supervisory authority. Contact us using the details below to exercise them.
Children’s privacy
The Service is intended for users aged 16 and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.
Changes to this Policy
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date at the top, and — for significant changes — notify you in-app or by email before the change takes effect. Continued use of the Service after the effective date means you accept the updated Policy.
Contact us
For privacy questions, requests or complaints, contact our Privacy Officer:
- Email: support@celpiptest.org(subject: “Privacy”)
- Postal correspondence: available on written request to the email above. Because the Service is currently operated by an individual rather than a registered company, we do not publish a residential mailing address here for personal safety reasons. We will provide one promptly to anyone with a legitimate need (e.g. a formal privacy request or a regulator inquiry).
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or your provincial regulator (e.g. the Commission d’accès à l’information du Québec).