This Privacy Policy explains how Triturio, LLC (“Triturio,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Triturio web application and related services (collectively, the “Service”). By creating an account or using the Service, you agree to the practices described in this policy.

Triturio is intended for use by adults (18+) in the United States who are preparing for the Multistate Pharmacist Jurisprudence Examination (MPJE®) or the Uniform Multistate Pharmacist Jurisprudence Examination (UMPJE). We do not knowingly market to or collect data from individuals outside the United States.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use the Service, you provide us with:

• Account information: your email address and password (stored in hashed form). We do not collect your legal name unless you choose to provide it.
• Payment information: billing details collected and processed by our third-party payment processor (Stripe). Triturio does not store your full credit card number, CVV, or bank account details.
• Communications: any messages you send us via email or support requests.

1.2 Information We Collect Automatically

When you use the Service, we automatically collect:

• Study and performance data: questions you attempt, answers you select, whether answers were correct, time spent per question, session duration, competency scores, and mastery progress. This data is core to the Service's adaptive engine.
• Usage data: pages and features accessed, navigation patterns, and in-app events (e.g., starting a session, completing a quiz). Collected via PostHog, our analytics provider.
• Device and technical data: IP address, browser type and version, operating system, referring URLs, and general geographic location (city/state level, derived from IP). Collected via PostHog and Vercel (our hosting provider).
• Session data: authentication tokens and session identifiers managed by Supabase Auth. These are stored in your browser as secure cookies or local storage.

1.3 Information We Do Not Collect

We do not collect Social Security numbers, government IDs, precise geolocation, biometric data, financial account numbers, or sensitive health information. We do not purchase data about you from third-party data brokers.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including delivering personalized practice questions and tracking your mastery progress.
• Process your payment and manage your account and access period.
• Send transactional emails, including account confirmation, password reset, and email change notifications (via Resend).
• Improve the Service by analyzing usage patterns, identifying content gaps, and improving question quality and the adaptive engine.
• Detect and prevent fraud, abuse, unauthorized account sharing, and security incidents.
• Respond to your support requests and communicate with you about your account.
• Comply with applicable legal obligations.

We do not use your data to serve third-party advertising. We do not sell your personal information.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

3.1 Service Providers

We share data with third-party vendors who help us operate the Service. These providers are contractually bound to use your data only to perform services for us:

• Supabase (supabase.com) — Database, authentication, and backend infrastructure. Hosts your account data, study progress, and session tokens. Data processed in the United States.
• PostHog (posthog.com) — Product analytics. Collects usage events and device/technical data. PostHog acts as a service provider and does not sell your data. Data processed in the United States.
• Resend (resend.com) — Transactional email delivery. Receives your email address to send account-related emails.
• Stripe (stripe.com) — Payment processing. Receives billing details to process your purchase. Stripe is PCI-DSS Level 1 certified. Triturio does not receive or store your full card details.
• Vercel (vercel.com) — Web hosting and infrastructure. Processes request logs that may include your IP address.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Triturio, our users, or others.

3.3 Business Transfers

If Triturio is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a notice on the Service before your information is transferred and becomes subject to a different privacy policy.

3.4 Aggregated or Anonymized Data

We may share aggregated, de-identified data (e.g., “users answered question X correctly 72% of the time”) that cannot reasonably identify you, for purposes including product improvement and research.

4. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Strictly necessary cookies: session and authentication cookies set by Supabase to keep you logged in. These are required for the Service to function and cannot be disabled.
• Analytics cookies: set by PostHog to collect usage events and help us understand how the Service is used. PostHog uses first-party cookies by default.

We do not use advertising cookies or allow third-party advertising networks to set cookies on our site.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in to the Service.

5. Data Retention

We retain your data for the following periods:

• Account and study data: retained for 24 months after your last access period expires, to facilitate renewal and preserve your study progress. You may request earlier deletion at any time (see Section 7).
• Payment records: retained for 7 years to comply with tax and financial recordkeeping obligations. Stripe retains payment card data in accordance with its own policies.
• Analytics data: PostHog usage events are retained for 12 months by default.
• Support communications: retained for 2 years after resolution.
• Anonymized/aggregated data: may be retained indefinitely as it cannot be linked back to you.

6. Your Rights and Choices

Regardless of where you live, you have the following choices:

• Access and correction: you can review and update the email address associated with your account at any time within the Service. Contact us to request a copy of your personal data.
• Deletion: you may request deletion of your account and personal data by emailing support@triturio.com. We will process deletion requests within 30 days, subject to retention obligations described in Section 5. Deletion is irreversible and will terminate your access to the Service without a refund.
• Opt out of analytics: you may opt out of PostHog analytics tracking. PostHog respects the Global Privacy Control (GPC) browser signal. You may also contact us to request opt-out.
• Marketing emails: Triturio does not send marketing or promotional emails at this time. All emails we send are transactional (account-related). If this changes, we will provide an unsubscribe mechanism.

7. California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with additional rights. Triturio does not sell or share your personal information for cross-context behavioral advertising.

California residents may have the right to:

• Know what personal information we collect, use, disclose, or sell about you.
• Delete personal information we have collected from you, subject to certain exceptions.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information (we do not sell or share personal information).
• Non-discrimination for exercising your privacy rights.

To submit a request, email support@triturio.com with the subject line “California Privacy Request.” We will respond within 45 days. We may need to verify your identity before processing your request.

Note: CCPA's full requirements apply to businesses meeting specific revenue or data-volume thresholds. Triturio provides these rights as a matter of good practice regardless of whether those thresholds currently apply.

8. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at support@triturio.com and we will promptly delete it.

9. Security

We implement reasonable technical and organizational measures to protect your personal information, including encrypted data transmission (HTTPS/TLS), hashed password storage, row-level security on our database, and access controls limiting who within Triturio can access your data.

No method of transmission over the Internet or electronic storage is 100% secure. While we take data security seriously, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

10. Third-Party Links

The Service may contain links to third-party websites or resources. These links are provided for convenience only. Triturio is not responsible for the privacy practices or content of those third-party sites and encourages you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page and, where feasible, notify you by email or through a notice within the Service. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Triturio
support@triturio.com
https://triturio.com