Privacy Policy

1. Who we are

RadTechPrepper (the "Service") is operated by Curated Curriculum ("we," "us," or "our"). This Privacy Policy describes how we collect, use, and share information about you when you visit radtechprepper.com, create an account, or use the ARRT Radiography Prep app.

For questions, email [email protected].

2. Information we collect

We collect three categories of information:

2.1 Account data (you give us)

• Name and email address when you create an account.
• Password, which we never store in plain text. Passwords are hashed using industry-standard algorithms before storage.
• Profile information you optionally provide during onboarding: your study persona (first-timer / retaker / refresher), your planned ARRT exam date, and your daily study time budget.

2.2 Usage data (collected automatically)

• Study activity: which chapters you view, which practice questions you answer, your accuracy by category, your XP and streak history, and your achievement progress. Most of this is stored in your browser's local storage and is sent to our servers only in aggregate where required.
• Forum activity: threads you create, replies you post, reactions you toggle, and reports you submit. These are public to other signed-in users in line with normal community function.
• Technical data: IP address (used for rate-limiting and abuse detection), browser type, device type, timestamps, and pages viewed. Cloudflare collects basic edge-level metadata to operate and protect the Service.

2.3 Payment data (you give to Stripe, not us)

Subscription billing is handled by Stripe, Inc. When you subscribe, you provide your payment details directly to Stripe. We never see, store, or process your full credit card number. We receive only a customer identifier and your subscription status from Stripe. Stripe's privacy practices are governed by Stripe's Privacy Policy .

3. How we use your information

• To create and manage your account, authenticate logins, and recover access (password reset, email verification).
• To deliver the ARRT prep content, personalized study plan, and progress tracking that the Service provides.
• To process subscription payments (via Stripe), send transactional email (via Resend), and provide customer support.
• To operate the community forum, including rate limiting, moderation, and reporting.
• To detect, prevent, and respond to abuse, fraud, and security incidents.
• To improve the Service: analyzing aggregated usage to identify weak content areas, broken UX, and feature opportunities.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not share your information with advertisers. We do not use your study activity for any purpose other than delivering the Service to you.

4. Service providers we use

We share limited information with the following third parties strictly to operate the Service. Each is bound by their own privacy obligations and contractual data-protection terms.

About Microsoft Clarity. Clarity is conditionally enabled on the public marketing site. It records anonymized session replays so we can see where users get stuck and improve the product. Password fields, payment forms, and other sensitive inputs are masked by Clarity's default privacy settings before any data leaves your browser. See Microsoft's Clarity Terms of Service and Privacy Statement .

5. Cookies and similar technologies

We use a small number of cookies, all strictly necessary for the Service to function:

• Authentication cookies set by our auth provider so you stay logged in. Marked HttpOnly + Secure + SameSite=Lax.
• Onboarding cookie (arrt-onboarded) to remember you completed the first-time setup wizard.
• Rate-limit cookies set briefly during sign-in / sign-up to prevent abuse.

We do not use advertising cookies, third-party tracking pixels, or cross-site behavioral tracking. Plausible Analytics (when active) is cookie-free and processes only anonymized aggregate data. Microsoft Clarity may set its own cookies for session continuity even though the data it collects is anonymized; see Microsoft's Clarity cookie list for the specific cookies and their lifetimes.

6. How long we keep your data

• Account data: while your account is active, plus 30 days after you request deletion (to allow recovery in case of accidental deletion).
• Usage data: study progress is retained while your account is active. Aggregate, deidentified usage statistics may be retained indefinitely.
• Forum content: posts, replies, and reactions remain in the forum after account deletion in deidentified form (your name is replaced with "Member"), unless you specifically request removal of individual posts.
• Payment records: retained by Stripe per their schedule. We retain the customer identifier mapping for as long as needed to handle refunds, disputes, and tax compliance.
• Logs: Cloudflare worker logs are retained per Cloudflare's retention policy (typically days, not months).

7. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated personal data.
• Export your data in a portable format.
• Object to certain processing or withdraw consent where we rely on consent.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

California residents (CCPA / CPRA)

If you are a California resident, you have the rights described above plus the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share personal information for cross-context behavioral advertising. You can exercise CCPA rights by emailing the address above.

EU/UK residents (GDPR)

If you are in the EU or UK, our legal bases for processing your information are: (a) contract (to provide the Service you signed up for), (b) legitimate interests (to protect the Service from abuse and improve it), and (c) consent where required (e.g. marketing email, which we do not currently send). You have the right to lodge a complaint with your local data protection authority.

8. Children

The Service is intended for users aged 18 and over (the typical age of ARRT exam candidates is 19 to 25, but we do not place an upper limit). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please email [email protected] and we will delete it.

9. Security

We use industry-standard measures to protect your information, including TLS encryption in transit, hashed passwords, HttpOnly + Secure cookies, server-side authorization checks on all sensitive endpoints, and rate limiting on authentication and forum write endpoints. No system is perfectly secure; we cannot guarantee absolute security but we work to maintain a strong baseline.

10. International transfers

We are based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes we will notify you by email and through an in-app banner before the changes take effect.

12. Contact

Questions about this Privacy Policy or your data?

• Email: [email protected]
• General inquiries: [email protected]