E
EPSOready

Privacy Policy

Last updated: 25 March 2026

1. Who We Are

EPSOready (epsoready.eu) is an online EPSO test preparation platform. For any privacy-related questions, contact us at: contact@epsoready.eu

2. Data We Collect

We collect only the minimum data necessary to provide the service:

DataPurposeLegal Basis
Email addressAccount creation & loginContract performance
Full namePersonalisationContract performance
Test results & scoresProgress trackingContract performance
Payment dataPurchase processingContract performance
Language preferenceLocalised contentLegitimate interest
Campaign parameters (utm_source, utm_medium, utm_campaign)Marketing attribution & analyticsLegitimate interest

We do not collect sensitive personal data or track browsing behaviour across other websites. Our analytics practices are disclosed in the Cookies section below.

3. How We Use Your Data

  • To create and manage your account
  • To provide access to purchased test content
  • To track your test progress and display your scores
  • To process payments (via our payment provider)
  • To send transactional emails (account confirmation, purchase receipts)
  • To respond to support requests

We do not send marketing emails without your explicit consent, and we do not sell your data to third parties.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase (EU region) — database and authentication
  • Vercel — website hosting
  • Lemon Squeezy — payment processing (acts as Merchant of Record; handles payment data directly)
  • Facebook Conversions API (CAPI) — conversion tracking. We send your hashed email address to Facebook for conversion matching and deduplication. This is necessary for measuring purchase conversions from Facebook ads and is part of our legitimate business interest in accurately tracking campaign performance.
  • Anthropic API — used internally for content generation (no user data is sent)

Each provider processes data according to their own privacy policy and applicable law. Payment providers are responsible for the security of payment card data — EPSOready never stores card numbers. Facebook receives hashed email only; we never send plaintext email addresses.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days, except where retention is required by law (e.g. payment records for tax purposes, retained for 5 years).

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request that we restrict processing of your data

To exercise any of these rights, contact us at contact@epsoready.eu. We will respond within 30 days.

7. Cookies & Tracking

We use cookies and tracking technologies as follows:

Essential Cookies (No consent required)

  • Session cookie — Maintains your login session
  • CSRF token — Prevents cross-site request forgery attacks

Analytics & Attribution Cookies (Legitimate interest)

  • pe_utm — Stores campaign source (utm_source, utm_medium, utm_campaign) for 30 days. Helps us measure which marketing channels drive conversions and optimize marketing spend.
  • Umami Analytics — Privacy-friendly analytics that runs without tracking cookies or cross-site tracking. Only stores aggregated data about page visits and user behaviour.
  • IP address & User Agent — Collected for fraud prevention and site security.

Marketing & Conversion Tracking Cookies (Consent required)

When you accept marketing cookies in our cookie banner, we enable:

  • _fbp, _fbc — Facebook Pixel browser tracking cookies for conversion measurement and retargeting audiences.
  • _ga, _gcl_au — Google Analytics and Google Ads tracking cookies for measuring conversions and campaign performance.

Server-Side Conversion Tracking (Always Active)

When you complete a purchase, we send your hashed email address to Facebook Conversions API (CAPI) to measure purchase conversions from Facebook ads. This happens automatically as part of the purchase process and is necessary for our legitimate business interest in tracking campaign performance and fraud prevention. This is not controlled by the marketing cookies checkbox.

You can manage your cookie preferences at any time using the "Cookie Preferences" link in the footer. Withdrawing consent will stop future tracking but will not delete data already collected.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and secure cloud infrastructure. However, no method of transmission over the internet is 100% secure.

9. Complaints

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority in your country of residence. In Romania, this is the ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) at www.dataprotection.ro.

10. Contact

For any privacy-related questions or requests:

Email: contact@epsoready.eu

© 2026 EPSOready. All rights reserved.
Terms of ServiceContactHome