Privacy Policy
Last updated: April 1, 2026
CheckMate is a product of Checkmate AI LLC ("we", "us", "our"). We are committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
Account information — When you sign up, we collect your email address and, if you use Google Sign-In, your name and profile picture as provided by Google. We do not knowingly collect information from users under 16 years of age.
Usage data — We store records of your exam sessions including the certificate type practiced, number of messages exchanged, session timestamps, and the debrief outcome (pass / additional study needed). We do not store the full text of your exam conversations.
Payment information — Payments are processed by Stripe. We do not store your credit card number or full payment details. We receive and store your Stripe customer ID and subscription status.
Technical data — Standard server logs may include your IP address, browser type, and device information. This data is used for security and diagnostic purposes.
Analytics data — We use Vercel Analytics to collect page view data, including pages visited, referrer URLs, and general geographic region (country/region level). Vercel Analytics is privacy-focused and does not use cookies or fingerprinting. No personally identifiable information is collected through analytics.
2. How We Use Your Information
- To provide and operate the Service
- To manage your subscription and enforce plan limits
- To track your study progress and generate debrief reports
- To send transactional emails (receipts, account notices)
- To detect and prevent abuse or fraud
- To improve the Service based on aggregate usage patterns
We do not sell your personal information. We do not use your data to train AI models.
3. Third-Party Service Providers
We work with the following third-party providers to operate CheckMate. Each has their own privacy policy governing their data handling.
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens |
| Stripe | Payment processing | Email, billing details |
| Anthropic | AI exam simulation | Exam messages (not linked to your identity) |
| Supabase | Database | Session records, subscription status |
| Vercel | Hosting & Analytics | IP address, request logs, page view data |
4. Cookies and Local Storage
CheckMate uses browser local storage to cache your session state and promo code status for a faster experience. We do not use third-party advertising cookies. Clerk may set authentication cookies necessary for maintaining your signed-in session.
5. Data Retention
We retain your account and session data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (e.g., billing records).
6. Children's Privacy
CheckMate is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at support@checkmatepilot.com and we will delete it promptly. This age threshold applies globally, including in jurisdictions where a higher age of digital consent may apply under applicable law.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and associated data
- Portability — Request your session data in a machine-readable format
- Objection — Object to certain uses of your data
To exercise any of these rights, email us at support@checkmatepilot.com.
8. International Users and Legal Basis for Processing
CheckMate is operated in the United States. Our service providers — including Anthropic, Stripe, Clerk, Supabase, and Vercel — are also US-based. If you access the Service from outside the United States, your information will be transferred to and processed in the US, which may have different data protection laws than your country.
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:
- Contract performance — Processing necessary to provide the Service you signed up for
- Legitimate interests — Security monitoring, fraud prevention, and improving the Service
- Legal obligation — Retaining billing records as required by law
EEA and UK users may also have the right to lodge a complaint with your local data protection authority.
9. Security
We use industry-standard security practices including encrypted connections (HTTPS), token-based authentication, and role-based database access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify active users of material changes by email. The "last updated" date at the top of this page reflects the most recent revision.
11. California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information.
We do not sell or share your personal information for cross-context behavioral advertising.
California residents have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Correct inaccurate personal information
- Non-discrimination for exercising your CCPA rights
To exercise these rights, email us at support@checkmatepilot.com. We will respond within 45 days as required by law.
12. Contact
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at support@checkmatepilot.com.