Back to app

Privacy Policy

Effective July 12, 2026

BCBA Scenario Tutor uses browser storage and server-side processing to provide study tools, understand product use, prevent abuse, and follow up when you submit a lead form. This page describes the current service rather than a planned future version.

Information We Process

Analytics events may include an event name, page path and title, referring page without its query string, UTM attribution, random visitor/session/run identifiers, language, timezone, viewport, device and browser details, user agent, effective network type, clicks, scroll depth, active-page duration, and study interactions such as question IDs, answers, scores, domains, difficulty, confidence, and completion state. The analytics client and server strip query strings and URL fragments before storing reported URLs.

If you submit a study-plan or lead form, we process your email and any optional WhatsApp, study need, target exam, score, weak-area, mistake-tag, or generated study-summary fields included with that submission. Lead records inherit the same first-touch and last-touch attribution used for analytics.

How We Use It

We use this information to operate and improve the study experience, measure navigation and feature use, understand acquisition sources, identify reliability problems, protect the event and lead endpoints from repeated abuse, and provide the study-plan follow-up you requested. The abuse controls temporarily use a one-way in-memory fingerprint derived from network address and user agent; the application does not add that fingerprint to Lark records. Hosting providers may still process network logs as part of delivering the site.

Browser Storage

Local storage holds saved explanations, attempts, usage and feedback state, a random visitor ID, first-touch and last-touch attribution, and any internal-test setting. Session storage holds a random session ID and active study-run state. A same-site cookie copies attribution so a lead submission can inherit it on the server. Clearing site data removes these browser copies; the attribution cookie is otherwise configured to expire after 90 days.

Service Providers

When real-time synchronization is enabled, analytics events and lead submissions are written to Feishu/Lark Base for analysis and lead operations. Study questions, follow-up prompts, and relevant explanation context may be sent to DeepSeek or OpenAI, depending on which AI provider is configured on the server, to generate a response. These providers and the site hosting provider process data under their own service terms and policies. Server API keys, tokens, and Base identifiers are not collected from users or exposed in analytics records.

Retention

Browser data remains until you clear it or the application replaces it. The service does not currently apply a fixed automatic deletion schedule to records synchronized to Lark; those records are kept until they are no longer needed for analytics, abuse review, or requested lead follow-up and are then removed through operational review. AI providers and hosting providers may retain request data according to their own applicable settings and policies.

Do Not Submit Clinical Data

Do not submit client names, identifying details, protected health information, or real clinical records. The service is designed for exam-prep scenarios and is not a system for clinical documentation.