ProntoTest Privacy Policy

Introduction

Welcome to ProntoTest, a mobile application designed to help users in Spain prepare for the theoretical driving exam. ProntoTest is provided by DevArch OÜ ("DevArch", "we", "us" or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect from you, how we use and share it, and your rights regarding that information. By using ProntoTest, you agree to the collection and use of your information in accordance with this Policy.

Data Controller

The data controller responsible for your personal data is DevArch OÜ, a company registered in Estonia with registration code 17162592 and VAT number EE102825594. Our registered address is Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10120, Estonia. If you have any questions or concerns about this Privacy Policy or your personal data, you can contact us by mail at the above address or by email at info@prontotest.net.

Personal Data We Collect

We collect and process several categories of personal data when you use ProntoTest:

• Account Information: If you choose to sign in, we collect information from your third-party login provider (either Google or Apple). This may include your name, email address, and a unique user ID associated with your Google or Apple account. If you use ProntoTest as a guest (without signing in), we create a unique user identifier (UUID) for you and store it on your device's local storage to recognize you on return visits. This UUID helps us save your progress and preferences as a guest user.
• Device Information: We automatically collect information about the mobile device you use to access ProntoTest. This includes the device name (model), operating system and version, device screen resolution, and other device identifiers. This data helps ensure the app functions correctly across different hardware.
• Usage Data: We collect data about how you use the app and interact with its features. This includes your app navigation and interactions such as screen views, button clicks, test answers and results, time spent on different sections, and other engagement metrics. This behavioral information is collected via analytics tools (described below) to help us understand usage patterns and improve the user experience.
• Crash and Diagnostics Data: If the app encounters a crash or error, we collect diagnostic information through our crash reporting service. This may include device state information at the time of the crash (e.g. device model, OS version, memory usage) and an anonymized crash log or error report. Performance logs may also be collected to monitor app speed and responsiveness. These data help us identify and fix technical issues to improve ProntoTest's stability.
• Subscription and Payment Information: ProntoTest offers subscription plans for premium features. All subscription purchases are processed securely via Apple's App Store or Google Play billing systems (using Apple Pay or Google Pay on your device). We do not collect or store any credit card or direct payment information in our systems. When you make a purchase, your payment details (such as credit card numbers or banking information) are transmitted directly to Apple or Google and are not shared with us. We only receive limited information about the transaction from Apple or Google – for example, confirmation that a purchase took place, the type of subscription, and possibly an anonymized transaction or receipt ID. This information is used to activate your subscription but does not include your sensitive payment details.

We do not collect any special categories of personal data (such as racial or ethnic origin, political opinions, health information, etc.) as ProntoTest is focused solely on driving exam preparation. We also do not knowingly collect any more personal data than is necessary for the purposes explained in this Policy.

How We Use Your Data

We use your personal data for the following purposes:

• Providing and Improving the Service: We process data such as your account information, test answers and progress, and device details to operate ProntoTest and provide you with its core features. This includes enabling you to take practice tests, saving your results, delivering the planned video course content, and ensuring the app displays correctly on your device. We also use usage and performance data to understand how our app is used and to improve its content, features, and reliability over time.
• Account Management: If you create a ProntoTest account via Google or Apple sign-in, we use your login data to authenticate you and personalize your experience. Your account information allows you to sync your progress across devices and access your subscription features. Guest users' UUIDs are used similarly to maintain their in-app progress locally.
• Analytics: We use analytics tools (Google Analytics for Firebase or similar) to collect and analyze behavioral data on how users interact with ProntoTest.
• Crash Reporting and Diagnostics: We use Firebase Crashlytics and related diagnostics tools to automatically collect crash reports and performance logs to identify bugs and crashes.
• Customer Support: If you contact us for support or questions, we use the personal information you provide to assist you and resolve issues.
• Legal and Compliance: Where necessary, we will use or disclose your information to comply with applicable laws or to protect rights and safety.
• Children's Privacy: ProntoTest is intended for users including teenagers under 16; data collected is strictly for providing the educational service and app functionality.

We do not sell your personal data or share it with advertisers. All data we collect is used solely for providing and improving ProntoTest.

Legal Bases for Processing (GDPR)

If you are in the EEA or UK, we rely on: (a) Contract performance (Art. 6(1)(b)); (b) Legitimate interests (Art. 6(1)(f)) for analytics, stability, fraud prevention; (c) Legal obligation (Art. 6(1)(c)); (d) Consent (Art. 6(1)(a)) for optional features. Where we rely on legitimate interests, you may object; where we rely on consent, you may withdraw it.

Analytics and Crash Reporting Tools

We use Google Analytics for Firebase (no advertising features, aggregated usage) and Firebase Crashlytics (crash reports, typically retained ~90 days) and may use Firebase Performance Monitoring (aggregated performance metrics). Data may be processed outside the EU with GDPR safeguards. You may object to analytics; disabling may impact our ability to improve the app.

AI-Generated Content and Automated Processing

We may use AI to improve explanations or visuals. Prompts may include non-personal context, study context, and limited text you provide. We avoid direct identifiers. Legal bases: legitimate interests and, where needed, contract performance or consent for optional features. Providers act as processors with safeguards (e.g., SCCs) and we do not allow training of public models. We minimize retention; you can opt out by emailing us.

Data Sharing and Disclosure

We share data only with processors providing services: Google Firebase, AI providers, RevenueCat, Apple/Google for auth and payments, and ancillary vendors. Within DevArch, access is limited to authorized personnel. We may disclose data to comply with law, in business transfers, or with your consent. We do not sell or share your data with advertisers, and other users cannot see your data.

International Data Transfers

We store and process data in the EU when possible. Some providers (e.g., Google) may process outside the EEA; we use SCCs and safeguards such as minimization and encryption, and prefer EU data centers when available.

Data Retention

We retain data only as long as needed: account data while active (deleted or anonymized within a reasonable period, typically 30 days, after deletion); guest data stays on-device; analytics up to ~14 months; crash reports ~90 days; transaction records up to 7 years for accounting; support communications as needed; longer only if legally required.

Data Security

We use encryption in transit (HTTPS/TLS) and, where applicable, at rest; access controls; firewalls and patching; reviews and audits; staff training; and breach procedures consistent with GDPR. No system is 100% secure—please secure your device and credentials and notify us of issues.

Your Rights (GDPR and Data Protection)

You may exercise: access, rectification, erasure, restriction, portability, objection (including analytics based on legitimate interests), withdrawal of consent, and rights related to automated decisions. We respond within one month (extendable two months if needed). You may complain to a supervisory authority (e.g., AEPD in Spain or Estonian Data Protection Inspectorate).

Children's Privacy

ProntoTest is not intended for children under 13. Users under 16 (or 14 in Spain) should use it with parental consent. We do not knowingly collect data from children without authorization; contact us to delete it if discovered. The delete-account feature is available to authenticated users.

In-App Purchases and Payments

Purchases are handled by Apple App Store or Google Play. We do not see or store payment card details. We receive minimal data (e.g., confirmation and receipt ID) to activate subscriptions. Payment data you provide to Apple/Google is governed by their privacy policies.

Changes to This Privacy Policy

We may update this Policy; the effective date will reflect the current version, and significant changes will be noticed. If a change requires consent, we will obtain it.

Contact Us

Email: info@prontotest.net

Postal Mail: DevArch OÜ, Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10120, Estonia

Supervisory Authority Contact: You may contact the Estonian Data Protection Inspectorate (lead authority) or the AEPD in Spain. We welcome the chance to address concerns directly first.