Privacy Policy
Last updated: 5 July 2026
Controller: CIPLYIO SRL, Romania ("we"). Contact: support@ciply.io. We collect the minimum needed to sell and deliver study materials.
What we collect and why
- Account data (email, name if provided) — to operate your account and deliver purchases. Legal basis: contract.
- Purchase and entitlement records (what you bought, when, your access period, and the time you first accessed each product — the fact our Refund Policy turns on) — to provide access and support, apply the refund policy, and for our legal bookkeeping. Legal basis: contract, legal obligation. Payment details are handled by Paddle as merchant of record; we never see your card number.
- Content watermarking — every copy of purchased content we deliver (question banks, PDFs) embeds an identifier linked to your account, so that leaked copies can be traced to their source. This is disclosed in the Terms as well. Legal basis: legitimate interest — protecting our content and our honest customers against unlawful redistribution.
- Email subscriptions (address, topic) — only when you explicitly ask to be notified. Legal basis: consent; unsubscribe any time.
- Usage analytics — via Plausible, which is cookieless and does not track you across sites; we see aggregate page and event counts, not persistent personal profiles. Legal basis: legitimate interest.
- Practice progress — your attempt history is stored locally in your browser (IndexedDB), not on our servers, in the current version.
Cookies
We use only strictly-necessary cookies (authentication/session, set by Clerk). Our analytics (Plausible) uses no cookies. There is no advertising or cross-site tracking on ciply.io — which is why you don't see a cookie banner.
Processors
| Service | Purpose | Region |
|---|---|---|
| Clerk | Authentication (account, email, sign-in) | USA (SCCs) |
| Neon | Database (purchases, entitlements, progress) | EU — Frankfurt |
| Paddle | Merchant of record (payment, billing, tax, receipts) | UK/EU |
| Vercel | Hosting and content delivery | EU functions (Frankfurt) |
| Plausible | Privacy-friendly, cookieless analytics | EU |
| Resend | Transactional and requested emails | USA (SCCs) |
Retention & deletion
Delete your account at any time from your account menu: your identity data is erased at our authentication provider, our user record is marked deleted, and your email subscriptions are removed. Purchase records are retained as required for tax and accounting law. Notification subscriptions are deleted on unsubscribe.
Your rights
Under the GDPR you have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority (in Romania: ANSPDCP). Write to support@ciply.io and we'll act on it.