Privacy Policy
Last updated: March 23, 2026
HiTCF (hereinafter referred to as “the Platform” or “we”) values your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information, in compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
1.1 Authentication Information
Users register and log in via email. Through this process, we collect:
- Email address
- Name (provided during registration)
1.2 Payment Information
Paid subscriptions are processed through Stripe. We do not directly store your credit card numbers or bank card information. Stripe, as a PCI DSS Level 1 certified payment processor, independently manages your payment data. We only store:
- Stripe customer ID
- Subscription status and expiration date
- Payment event records (success/failure, no card numbers)
1.3 Usage Data
During your use of the Platform, we automatically collect:
- Practice and exam records (answers, scores, time spent)
- Wrong answer records
- Practice statistics (accuracy rates, streak days, etc.)
1.4 Cookies & Similar Technologies
The Platform uses the following cookies or similar technologies:
- Authentication Token: Used for identity verification and maintaining login state (essential cookie)
- Locale Preference: Used to remember your language preference (essential cookie)
The Platform currently does not use third-party analytics tools (such as Google Analytics) or advertising tracking cookies. If introduced in the future, this policy will be updated and users will be notified.
2. Purpose of Information Use
Personal information we collect is used solely for:
- Providing and maintaining Platform services (authentication, practice records, performance statistics)
- Processing subscription payments and managing account status
- Sending you important account-related notifications (subscription changes, terms updates)
- Improving Platform features and user experience
- Preventing fraud and abuse
We will not use your personal information for advertising or sell it to third parties.
3. Data Storage & Security
- User data is stored in a MongoDB database deployed in a secure cloud server environment.
- Audio files are hosted on Microsoft Azure Blob Storage.
- All data transmission is encrypted via HTTPS/TLS.
- We take reasonable technical and organizational measures to protect your data, but no internet transmission or electronic storage is 100% secure.
4. Third-Party Services
The Platform uses the following third-party services, each with their own privacy policies:
| Service | Purpose | Data Type |
|---|---|---|
| Stripe | Payment processing | Payment info, subscription status |
| Azure Blob Storage | Audio file storage | Audio files (no personal info) |
| Vercel | Website hosting | Access logs |
5. Data Retention
- Account information: Retained for the duration of your account.
- Practice records: Retained for the duration of your account. If you delete your account, related data will be deleted within 30 days.
- Payment records: May be retained for up to 7 years as required by tax and legal obligations.
6. Your Rights
Under PIPEDA and applicable laws, you have the right to:
- Access: View the personal information we hold about you.
- Correction: Request correction of inaccurate personal information.
- Deletion: Request deletion of your personal information (subject to legal retention obligations).
- Data Export: Obtain a copy of your practice data.
- Withdraw Consent: Withdraw consent for data processing (which may result in inability to use certain services).
To exercise these rights, please contact: support@hitcf.com. We will respond to your request within 30 days.
7. Minors
The Platform is not intended for individuals under 16 years of age. We do not knowingly collect personal information from minors. If we discover we have collected information from a minor, it will be immediately deleted.
8. Cross-Border Data Transfers
Your data may be stored and processed on servers outside of Canada (including but not limited to the United States, due to the use of Stripe, Azure, and similar services). We ensure that these service providers maintain adequate data protection measures.
9. Policy Changes
We may update this Privacy Policy from time to time. Updated policies will be posted on this page with an updated “Last updated” date. For significant changes, we will notify you by email.
10. Contact
If you have any questions about this Privacy Policy or need to exercise your data rights, please contact:
- Email: support@hitcf.com