A
ABA Prep

Privacy Notice

Last updated: June 14, 2026

This Privacy Notice explains how Rainbows Behavior Corp ("we", "us", "our") collects, uses, and shares personal data when you use ABA Prep (the "Service"). Rainbows Behavior Corp acts as the data controller for personal data processed about you in connection with the Service.

1. Data we collect

  • Account data: name, email address, password (hashed), authentication provider identifiers (e.g. Google sign-in).
  • Usage data: quiz answers, flashcard progress, exam attempts, feature interactions, language preference.
  • Device & log data: IP address, browser type, device identifiers, timestamps, error logs.
  • Support data: messages you send us.

Payment card data is collected and processed by Paddle, not by us — see "Sharing" below.

2. How we use your data

  • Create and operate your account (legal basis: performance of a contract).
  • Provide, personalize, and improve the Service (legitimate interests).
  • Track your study progress and surface weak areas (performance of a contract).
  • Detect, prevent, and respond to security or fraud risks (legitimate interests / legal obligation).
  • Send service-related communications (performance of a contract).
  • Send marketing communications, where permitted (consent, which you can withdraw at any time).
  • Comply with legal obligations (legal obligation).

3. Sharing

  • Paddle.com — our Merchant of Record. Paddle processes payments, manages subscriptions, calculates and remits taxes, and issues invoices. See Paddle's Privacy Notice.
  • Infrastructure providers — hosting, database, authentication, email delivery, and analytics providers acting as our processors.
  • Professional advisers — legal, accounting, or compliance advisers under confidentiality.
  • Authorities — where required by law, court order, or to protect rights and safety.

4. International transfers

Personal data may be transferred to and processed in countries other than where you live. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep account and study-progress data for as long as your account is active. If you delete your account, we delete or anonymize personal data within a reasonable period, except where we must retain it to comply with legal, tax, or fraud-prevention obligations (typically up to 7 years for billing records held by Paddle).

6. Your rights

Subject to applicable law (including the GDPR for EEA/UK residents and the CCPA/CPRA for California residents), you have the right to:

  • access the personal data we hold about you;
  • request correction or deletion of your data;
  • restrict or object to certain processing;
  • request data portability;
  • withdraw consent at any time (without affecting prior processing);
  • lodge a complaint with your local data protection authority.

We will respond to verifiable requests within the timeframe required by law (typically one month).

7. Security

We use appropriate technical and organizational measures — including encryption in transit, access controls, and row-level authorization — to protect your data. No system is perfectly secure; please notify us immediately if you suspect unauthorized access to your account.

8. Cookies

We use essential cookies and similar technologies to keep you signed in and to operate the Service. We may use limited analytics cookies to understand aggregate usage. You can control cookies through your browser settings.

9. Children

The Service is intended for users of legal age to enter into a contract. We do not knowingly collect personal data from children under 13 (or the equivalent minimum age in your jurisdiction).

10. Changes

We may update this Notice. Material changes will be communicated through the Service or by email. See the "Last updated" date above for the effective version.

11. Contact

To exercise your rights or ask questions about this Notice, contact Rainbows Behavior Corp through the support channel in the app. For billing or payment data held by Paddle, see our Refund Policy and Paddle's Privacy Notice.