Question Bank Hub

red seal practice

Privacy

Last updated: 2026-07-01 · Question Bank Hub

This is a practice tool for Red Seal exam preparation — anonymous by default. We built it so you don't have to hand over personal information to use it — and this page tells you exactly what does and doesn't happen when you do.

1. What we collect

From you directly

Your email — only if you choose to give it

You can optionally leave your email to hear from us when there's something genuinely worth your attention for your Red Seal — a new feature, something for your trade, or anything that helps you pass. This is entirely your choice: you never need an email to practise, and giving one unlocks nothing extra. If you opt in, we store your email, your trade (if known), and the time you consented. We never sell or share it; we only email about Red Seal–related updates; and every email has a one-click unsubscribe — or write to info@questionbankhub.com to be removed at any time.

Automatically — analytics (only if you consent)

If you click "Yes, help improve it" on the consent bar, two third-party tools load:

If you click "No thanks," neither tool loads. Nothing from Google or Microsoft runs.

First-party event log (always, anonymous)

We keep a small server-side log of anonymous usage signals (e.g. "a mock exam was started," "consent choice recorded") tied only to an internal session id — never to a name or email. This helps us understand aggregate usage without any third-party cookie.

Payment information — only if you buy an unlock

If you purchase a trade unlock, payment is handled by Stripe. You enter your card details directly on Stripe's hosted checkoutQBH never receives or stores your full card number. From the transaction we receive a confirmation that you paid, the amount, the trade you unlocked, and a Stripe customer/charge reference; if you provide an email or billing name at checkout, Stripe processes it to send your receipt and prevent fraud. We use this only to grant your unlock, provide receipts and refunds, and keep records.

2. Why we collect it

3. Consent and how to withdraw it

Analytics are opt-in. Nothing loads until you say yes. You can change or withdraw your choice at any time:

Withdrawing consent does not affect your practice progress, which is stored separately under your account.

4. Third-party processors

ProcessorWhat they receiveTheir privacy policy
Google (Analytics) Anonymised usage events, approximate location, device/browser info. IP anonymised before processing. Google Privacy Policy
Microsoft (Clarity) Session recordings (input fields masked), heatmap data, click/scroll patterns, approximate location, device/browser info. Microsoft Privacy Statement
Vercel (hosting) Serves the app and its functions. Receives standard web-request data (IP address, device/browser) needed to deliver pages. Always active — it runs the site. Vercel Privacy Policy
Neon (database) Stores your account (username + one-way-hashed passphrase, and — only if you choose passwordless sign-in — your verified email), practice progress, and — only if you give it — your email opt-in. No analytics data. Neon Privacy Policy
Resend (email) Sends our emails — your passwordless sign-in links (if you choose that) and any updates you opt in to. Receives your email address and message content. Not used unless you give an email. Resend Privacy Policy
Stripe (payments) Processes your payment. Receives your card details directly (never via QBH), plus the amount, currency, and a customer/transaction reference — and a billing email/name if you provide them. Used only if you buy an unlock. Stripe Privacy Policy

Google and Microsoft load only with your analytics consent. Vercel, Neon, and Resend are infrastructure needed to run the app and your account — Vercel always (it serves the site), Neon only if you create an account, Resend only if you opt in to email. We do not use any advertising networks, social-media pixels, or data brokers.

5. International data transfers

Google and Microsoft operate servers primarily in the United States. When you accept analytics, data is transferred to and processed in the US. Under Quebec Law 25 and PIPEDA (Canada's federal privacy law), we are required to tell you this. Google and Microsoft participate in the EU–US Data Privacy Framework for transfers from the European Economic Area.

Our infrastructure providers — Vercel (hosting), Neon (database), and Resend (email) — also operate primarily in the United States, so the app, your account data (if you create one), and any email you opt into are processed in the US.

Payments (Stripe). If you make a purchase, your payment information is processed by Stripe, primarily in the United States. Before relying on Stripe, we conducted an assessment of this cross-border transfer as required under Quebec Law 25, and we rely on Stripe's contractual safeguards.

The EU–US Data Privacy Framework referenced above (for Google and Microsoft analytics) covers transfers from the European Economic Area; it does not cover Canada→US transfers, which we address through our own transfer assessment and our providers' contractual safeguards.

6. How long data is kept

DataRetention
Microsoft Clarity session recordings~13 months (Microsoft default)
Google Analytics data14 months (GA4 default; data-deletion requests honoured)
Your practice progress (server)Kept until you delete your account or we shut the service down
First-party anonymous event logRolled at 90 days

7. Your rights

Under PIPEDA and Quebec Law 25 (Law 25), you have the right to:

EU/EEA visitors also have rights under the GDPR: data portability, erasure, restriction of processing, and the right to lodge a complaint with a supervisory authority.

Automated processing in payments. To prevent fraud, our payment processor (Stripe Radar) may use automated processing to assess the risk of a transaction. If a decision affecting you is made solely by automated means, you may contact us to request information about it and to ask that it be reviewed by a person.

To exercise any of these rights, email info@questionbankhub.com. We respond within 30 days.

8. Cookies and tracking technologies used

Name / typePurposeSet byHow to block
qbh-cookie-consent localStorage Stores your consent choice so the bar doesn't reappear every visit. Question Bank Hub Clear site data in your browser.
GA4 cookies (_ga, _ga_*) Anonymous session tracking for usage analytics. Google (consent-gated) Decline on the consent bar, clear cookies, or use a content blocker.
Clarity cookies (_clck, _clsk, MUID) Session recording and heatmap analytics. Microsoft (consent-gated) Decline on the consent bar, clear cookies, or use a content blocker.
qbh_mock_inprogress_v1 localStorage Saves your in-progress mock exam so you can resume it. Question Bank Hub Clear site data. Clearing this loses your current mock exam.
Microsoft Clarity disclosure: This site uses Microsoft Clarity to understand how people use the app — including behavioural metrics, heatmaps, and session replay. All input fields (username, passphrase, any text you type) are masked and never captured. See the Microsoft Privacy Statement.

9. Contact

Privacy questions or requests: info@questionbankhub.com

This service is operated by Barron Systems Engineering Inc. (operating as Question Bank Hub), a Canadian corporation. We operate from Canada and follow PIPEDA and Quebec Law 25.

10. Who's responsible & breach response

Person in charge (Privacy Officer). The person accountable for QBH's handling of personal information is our Privacy Officer, reachable at info@questionbankhub.com (subject: "Privacy").

Breach response. We maintain a process to detect and respond to security incidents. If a breach of security safeguards creates a real risk of significant harm to you, we will report it to the Office of the Privacy Commissioner of Canada (and, for Quebec residents, to the Commission d'accès à l'information), notify you, and keep a record of the breach as required.