Privacy Policy

Last Updated: January 25, 2026

1. Introduction

CELPIP Simulator ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, services, and applications (collectively, the "Service").

We are a Canadian company operating from Toronto, Ontario, and we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian federal and provincial privacy laws.

By using our Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

  • Account Information: First name, last name, email address, password (encrypted). Note: If you sign up using a social login provider (Google, Facebook, or Apple), we do not store a password.
  • Profile Information: Goal CLB level, preparation timeline, preferred language for interface and feedback
  • Payment Information: Billing address, payment method details (processed securely by Stripe - we do not store full credit card numbers)
  • Exam Responses: Your written answers, audio recordings of speaking responses, and selections for multiple-choice questions
  • Communications: Messages you send to our customer support team
  • Referral Information: Referral codes, information about users you refer (if you participate in our referral program)

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information:

  • Usage Data: Pages visited, features used, time spent on pages, exam completion rates
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Performance Data: Exam scores, progress tracking, attempt history, time taken per section
  • Cookies and Similar Technologies: See Section 12 for details

2.3 Information from Third Parties

We may receive information from third-party services:

  • Social Login Providers (Google, Facebook, Apple): If you choose to sign in using a social login provider, we receive basic profile information including your name, email address, and profile picture (if available). We use AWS Cognito to securely manage federated authentication. The social login providers may share additional information with us based on your privacy settings with them. We only request the minimum information necessary to create and manage your account.
  • Payment Processors (Stripe): Payment confirmation, transaction IDs, billing information
  • Analytics Providers: Aggregated usage statistics and trends
  • Referral Sources: Information about how you found our Service (if shared by referring websites)

Important Note on Social Login: When you use social login (Google, Facebook, or Apple), you are also subject to the privacy policies of those third-party providers. We recommend reviewing their privacy policies to understand how they handle your data. We do not have control over the data practices of these third-party providers.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Providing the Service

  • Creating and managing your account, including through social login providers
  • Authenticating your identity and managing account linking (allowing you to link multiple authentication methods to a single account)
  • Delivering practice exams and educational content
  • Processing and grading your exam responses using AI technology
  • Generating personalized feedback and recommendations
  • Tracking your progress and performance analytics
  • Providing customer support and responding to inquiries

3.2 Payment Processing

  • Processing subscription payments and one-time purchases
  • Managing billing, invoicing, and payment history
  • Handling refund requests according to our refund policy
  • Processing referral program payouts
  • Detecting and preventing payment fraud

3.3 Service Improvement and Development

  • Analyzing usage patterns to improve user experience
  • Developing new features and functionality
  • Training and improving our AI grading algorithms (using anonymized data)
  • Conducting research and analytics to enhance service quality
  • Testing new features and user interface designs

3.4 Communications

  • Sending account-related notifications (e.g., password resets, payment confirmations)
  • Providing exam results and feedback
  • Sending service updates and announcements
  • Responding to your questions and support requests
  • Sending marketing communications (with your consent - you can opt out anytime)

3.5 Legal and Security

  • Complying with legal obligations and regulatory requirements
  • Enforcing our Terms of Service and other policies
  • Detecting, preventing, and investigating fraud, abuse, or security threats
  • Protecting our rights, property, and safety, and that of our users
  • Responding to legal requests from law enforcement or government authorities

3.6 AI Processing and Automated Decision-Making

We use artificial intelligence (AI) technology to grade your exam responses and provide feedback. This includes automated analysis of your written answers and audio recordings. While AI-generated grades and feedback are provided automatically, you can always contact our support team if you have questions or concerns about your results. See Section 6 for more details about AI processing.

4. Legal Basis for Processing (PIPEDA Compliance)

Under PIPEDA and Canadian privacy law, we process your personal information based on the following legal grounds:

4.1 Consent

We obtain your consent for the collection, use, and disclosure of your personal information. By creating an account and using the Service, you consent to our privacy practices as described in this Privacy Policy. You may withdraw your consent at any time, subject to legal or contractual restrictions.

4.2 Contract Performance

We process your personal information to fulfill our contractual obligations to you, including providing access to the Service, processing payments, and delivering the features you've purchased.

4.3 Legitimate Interests

We may process your information for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests do not override your privacy rights.

4.4 Legal Obligations

We may process your personal information to comply with legal requirements, including tax obligations, court orders, and regulatory reporting requirements.

5. Data Sharing and Third-Party Services

We do not sell your personal information to third parties. However, we share your information with trusted service providers who help us operate the Service:

5.1 Payment Processing

Stripe, Inc.

Purpose: Payment processing, subscription management, refund processing, referral payouts

Data Shared: Name, email, billing address, payment method details

Location: United States (certified under EU-U.S. Data Privacy Framework)

Privacy Policy: stripe.com/privacy

5.2 Cloud Hosting and Storage

Amazon Web Services (AWS)

Purpose: Application hosting, database storage, file storage (exam responses, audio recordings)

Data Shared: All data you provide through the Service

Location: Canada (ca-central-1 region) and United States

Privacy Policy: aws.amazon.com/privacy

5.3 AI Processing Services

Google Cloud Platform / Google AI (Gemini API)

Purpose: AI grading of written and spoken responses, feedback translation to user's preferred language

Data Shared: Your exam responses (written answers, audio transcriptions), anonymized performance data

Location: United States

Data Usage: Google does not use your data submitted via Gemini API to train their models

Privacy Policy: policies.google.com/privacy

5.4 Authentication Services

Amazon Cognito (AWS)

Purpose: User authentication, account management, password resets, federated authentication with social login providers (Google, Facebook, Apple)

Data Shared: Email, password (hashed - only for password-based accounts), name, profile picture (for social login accounts), account metadata, authentication tokens

Location: Canada (ca-central-1 region)

Note: When you use social login, AWS Cognito acts as an intermediary to securely authenticate you with the third-party provider (Google, Facebook, or Apple) without sharing your password with us.

5.5 Social Login Providers

If you choose to sign in using a social login provider, your authentication is managed by:

Google Sign-In

Data Received: Name, email address, profile picture

Privacy Policy: policies.google.com/privacy

Facebook Login

Data Received: Name, email address, profile picture

Privacy Policy: facebook.com/privacy/policy

Sign in with Apple

Data Received: Name (optional), email address (may be a private relay email)

Privacy Policy: apple.com/legal/privacy

We only request the minimum information necessary from social login providers to create and manage your account. We do not have access to your social media posts, contacts, or other information beyond what is explicitly shared during the authentication process.

5.6 Other Disclosures

We may also disclose your personal information:

  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, property, or safety, or that of our users or the public
  • In connection with a business transaction (e.g., merger, acquisition, sale of assets)
  • With your explicit consent for a specific purpose
  • To enforce our Terms of Service or investigate potential violations

6. AI and Automated Decision-Making

6.1 How We Use AI

We use artificial intelligence technology to:

  • Grade Exam Responses: Automatically score your Listening and Reading answers, and provide detailed feedback on your Writing and Speaking responses
  • Analyze Performance: Identify patterns in your responses to provide personalized improvement recommendations
  • Translate Feedback: Convert English feedback into your preferred language using Google's Gemini translation API
  • Generate Content: Create practice exam questions, explanations, and video tutorial content

6.2 Transparency About AI Processing

We are committed to transparency about our use of AI:

  • All exam grading and feedback is generated by AI technology, not human instructors
  • AI-generated scores and feedback are for practice purposes only and do not guarantee similar results on the official CELPIP examination
  • Our AI systems are continuously improved using aggregated, anonymized user data
  • You can request human review of your results by contacting our support team

6.3 AI Training and Model Improvement

We may use your exam responses in anonymized and aggregated form to:

  • Improve the accuracy of our AI grading algorithms
  • Identify common mistakes and create better feedback
  • Develop new practice questions and content
  • Enhance user experience and service quality

6.4 Your Rights Regarding AI

You have the right to:

  • Understand how AI-generated decisions about your performance are made
  • Request clarification about your AI-generated scores and feedback
  • Contest AI-generated results if you believe they are inaccurate
  • Opt out of having your anonymized data used for AI training (contact us to exercise this right)

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

  • Account Information: Retained while your account is active, plus 30 days after account closure
  • Exam Responses and Results: Retained for the duration of your subscription, plus 90 days after expiration
  • Audio Recordings: Retained for 90 days after submission, then automatically deleted
  • Payment Records: Retained for 7 years to comply with Canadian tax and accounting requirements
  • Support Communications: Retained for 2 years for quality assurance and legal compliance
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely

7.2 Self-Service Account Deletion and Grace Period

You can request account deletion at any time from Settings > Account in your dashboard. Our deletion process includes a 30-day grace period to protect against accidental deletions:

Stage 1: Deletion Request (Day 0)

  • Account status changes to "PENDING_DELETION"
  • Deletion scheduled for 30 days from request date
  • Email confirmation sent with scheduled deletion date
  • Account remains fully accessible during grace period

Stage 2: Grace Period (Days 1-30)

  • Full access to Service maintained
  • Can cancel deletion request anytime by signing in
  • Can cancel from Settings > Account
  • Email notification sent if cancelled

Stage 3: Permanent Deletion (Day 30+)

  • Automated process runs daily at 02:00 UTC
  • User account deleted from authentication system
  • Personal information anonymized or deleted:
    • First name, last name: Replaced with "[DELETED]"
    • Profile information: Permanently deleted
    • Audio recordings: Deleted within 7 days
    • Exam history and responses: Permanently deleted
  • Account status marked as "DELETED"

Stage 4: Data Retention (Legal Compliance)

The following data is retained for legal and financial compliance:

  • Payment transaction records: 7 years (Canada Revenue Agency requirements)
  • Stripe customer ID: Indefinite (financial compliance)
  • Anonymized email hash: Indefinite (prevent duplicate accounts)
  • Anonymized analytics data: Indefinite (cannot be linked to you)
  • Deleted user archive record: 7 years with automatic deletion (PIPEDA compliance audit trail)

Important: Before requesting deletion, you must cancel any active paid subscriptions. Accounts with active Monthly Pass, Intensive Pass, or Lifetime Access subscriptions cannot be deleted until the subscription is cancelled from Settings > Subscription.

7.3 Legal Holds

We may retain your information for longer periods if required to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements. If your data is subject to a legal hold, we will inform you (unless prohibited by law) and retain the data until the hold is lifted.

8. Your Privacy Rights (PIPEDA)

Under PIPEDA and Canadian privacy law, you have the following rights regarding your personal information:

8.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data within 30 days of your request, free of charge (subject to reasonable exceptions).

8.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most of your information directly through your account settings. For other corrections, contact our privacy officer.

8.3 Right to Deletion

You have the right to request deletion of your personal information, subject to legal and contractual obligations.

Self-Service Deletion

You can delete your account at any time from Settings > Account in your dashboard. Our self-service deletion process includes:

  • 30-day grace period before permanent deletion
  • Ability to cancel deletion during grace period
  • Email notifications at request and cancellation
  • Requirement to cancel active subscriptions first

What Gets Deleted

  • Profile information (name, preferences, settings)
  • Exam responses and audio recordings
  • User-generated content
  • Account credentials (via authentication system deletion)

What Gets Retained (Legal Exceptions)

  • Payment records: Retained for 7 years to comply with Canada Revenue Agency (CRA) tax and accounting requirements under the Income Tax Act
  • Anonymized analytics: Retained indefinitely in aggregated form (cannot be linked back to you)
  • Deleted user archive: Retained for 7 years in anonymized form for PIPEDA compliance audits, then automatically deleted
  • Stripe customer ID: Retained for financial compliance and dispute resolution

Deletion Process

  1. Request deletion from Settings > Account
  2. Cancel any active subscriptions first
  3. 30-day grace period begins
  4. Cancel anytime during grace period
  5. Permanent deletion after 30 days (irreversible)

For assistance with account deletion, contact our Privacy Officer at privacy@celpipsimulator.com.

8.4 Right to Data Portability

Under Canada's new data mobility framework (coming into effect 2026), you have the right to receive your personal information in a structured, commonly used, and machine-readable format. You can export your data (exam history, scores, profile information) from your account dashboard.

8.5 Right to Withdraw Consent

You have the right to withdraw your consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Note that withdrawing consent may limit or prevent your use of certain Service features.

8.6 Right to Opt Out of Marketing

You can opt out of receiving marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by updating your email preferences in your account settings. Note that you will still receive service-related communications (e.g., payment confirmations, password resets) even if you opt out of marketing.

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer:

Privacy Officer

Email: privacy@celpipsimulator.com

Subject Line: "Privacy Rights Request"

We will respond to your request within 30 days. We may need to verify your identity before processing your request to protect your personal information from unauthorized access.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

9.1 Security Measures

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Data Storage: Personal information is stored in encrypted databases on secure AWS servers
  • Audio Files: Voice recordings are encrypted at rest in AWS S3 with server-side encryption
  • Password Protection: User passwords are hashed using industry-standard algorithms (bcrypt)
  • Access Controls: Access to personal information is restricted to authorized personnel only
  • Payment Security: Payment information is processed by PCI-DSS compliant Stripe (we never store full credit card numbers)
  • Regular Audits: We conduct regular security assessments and vulnerability testing
  • Monitoring: We monitor for suspicious activity and potential security threats

9.2 Security Limitations

While we strive to protect your personal information, no security system is impenetrable. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

9.3 Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA, without unreasonable delay. Notification will include information about the breach, the personal information affected, and steps you can take to protect yourself.

10. International Data Transfers

Our Service is operated from Canada, but we use service providers located in other countries, including the United States. Your personal information may be transferred to, stored, and processed in countries outside of Canada.

10.1 Data Transfer Safeguards

When we transfer your personal information outside of Canada:

  • We use service providers that maintain appropriate data protection standards
  • We enter into data processing agreements with third-party processors
  • We rely on standard contractual clauses and other legal mechanisms for international transfers
  • U.S.-based providers (Stripe, AWS, Google) are certified under relevant data protection frameworks

10.2 Legal Access by Foreign Governments

By using the Service, you acknowledge that your personal information may be subject to access by law enforcement and government authorities in the countries where it is stored or processed, including the United States. These countries may have different privacy laws than Canada, which may provide less protection for your personal information.

11. Children's Privacy

Our Service is intended for users aged 16 and older. We do not knowingly collect personal information from children under the age of 16 without parental consent.

If you are under 18 years of age, you represent that you have obtained parental or guardian consent to use the Service. Parents or guardians who believe we have collected information from a child under 16 without consent should contact us immediately at privacy@celpipsimulator.com. We will promptly delete such information.

In compliance with upcoming 2026 federal privacy legislation that emphasizes children's privacy protection, we are committed to implementing enhanced safeguards for users under 18, including age verification and additional consent mechanisms for certain features.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve the Service.

12.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences. We use both session cookies (deleted when you close your browser) and persistent cookies (remain on your device for a set period).

12.2 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (e.g., authentication, security)
  • Functional Cookies: Remember your preferences (e.g., language selection, dark mode)
  • Analytics Cookies: Help us understand how you use the Service (e.g., pages visited, time spent)
  • Performance Cookies: Monitor Service performance and identify technical issues

12.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete cookies
  • Block all cookies
  • Block third-party cookies
  • Receive notifications when cookies are set

Note that disabling cookies may affect the functionality of the Service. Essential cookies cannot be disabled if you want to use the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email at least 30 days before the changes take effect
  • Display a prominent notice on our website
  • Request your consent for changes that expand our use of your personal information

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you should stop using the Service and may delete your account.

14. Privacy Commissioner of Canada

If you have concerns about our privacy practices or believe we have not adequately addressed your privacy concerns, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada

Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

Toll-free: 1-800-282-1376

Phone: (819) 994-5444

TTY: (819) 994-6591

Email: info@priv.gc.ca

Website: www.priv.gc.ca

15. Contact Information and Privacy Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Privacy Officer

CELPIP Simulator

Email: privacy@celpipsimulator.com

Support: support@celpipsimulator.com

Location: Toronto, Ontario, Canada

We will respond to your inquiries within 30 days. For urgent privacy concerns, please mark your message as "URGENT" in the subject line.

Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.

← Back to Home