Legal

Privacy Policy

How CutScore collects, uses, and protects your personal information — including how voluntary exam score reports are handled.

Last updated: June 11, 2026

CutScore — Privacy Policy

Effective: June 11, 2026

This Privacy Policy explains how CutScore ("we," "us," or "the Service") collects, uses, and protects your personal information. By using CutScore, you agree to the practices described here.

1. Who we are (Data Controller)

The data controller responsible for your personal information is:

주식회사 더플레인웍스 (The Plain Works Co., Ltd.)
Cheonan, Republic of Korea
Privacy contact: legal@cutscore.dev

If you have any questions about this policy or how we handle your data, contact us at the address above.

2. Information we collect

We collect the following categories of information:

Account data. When you create an account, we collect your email address (required for authentication and account recovery), an optional display name (which defaults to the prefix of your email if not set), and your plan tier. If you subscribe to a paid plan, payment is processed by our Merchant of Record, Paddle (see §6). We never store your full card number or payment credentials — these are handled entirely by Paddle.

Practice data. As you use the Service, we collect data about your study activity: the questions you attempt, the answers you select, whether they were correct, time spent, your per-concept mastery estimates, and the entries in your notebook. This is the core data that powers the Service's adaptive features and your readiness estimate.

Exam score reports. If you choose to submit a real certification exam result (for example, to verify a pass-guarantee claim or to help improve our readiness estimates), we collect the outcome (pass or fail), the scaled score, the exam date, and any proof you upload. Submitting a score report is entirely voluntary — see §4 for how this sensitive data is handled.

Technical data. We collect standard technical information such as your IP address, browser/device type, and usage events, used for security, debugging, and product analytics (see §7).

We use your information to:

  • Provide the Service (operate your account, deliver practice content, compute your readiness estimate) — legal basis: performance of our contract with you.
  • Improve the Service (refine question quality and calibrate our readiness model) — legal basis: our legitimate interests, and, for score reports, your explicit consent (§4).
  • Process payments and provide support — legal basis: performance of contract.
  • Communicate with you (transactional emails such as receipts, account notices) — legal basis: performance of contract and legitimate interests.
  • Protect the Service (fraud prevention, security, enforcing our Terms) — legal basis: legitimate interests and legal obligation.

We do not sell your personal information, and we do not use your data for third-party advertising.

4. Exam score reports (sensitive data)

Because exam results are personal performance information, we treat score reports with additional care:

  • Voluntary and consent-based. You are never required to submit a score report to use the Service. When you submit one, we ask for your explicit consent at the point of submission.
  • Purpose limitation. We use score reports only for: (a) calibrating and improving the accuracy of our readiness estimates, and (b) verifying pass-guarantee claims where applicable. We do not use them for any other purpose.
  • No resale or advertising. We never sell, rent, or share score reports for advertising or marketing.
  • Aggregation. Where score-report data informs our readiness model, we use it in aggregated and de-identified form for model calibration wherever possible.
  • Withdrawal. You may request deletion of a submitted score report at any time (§8), subject to any record we are legally required to retain to administer a pass-guarantee claim you have made.

5. Data retention

We retain your information for as long as your account is active and as needed to provide the Service.

  • Account and practice data: retained while your account is active; deleted or anonymized within 30 days after account closure.
  • Score reports: retained only as long as needed for calibration and for the duration of any related pass-guarantee claim, then deleted or anonymized.
  • Billing records: retained as required by applicable tax and accounting law (handled in part by Paddle as Merchant of Record).

You can request deletion of your data at any time (§8).

6. Third-party processors

We work with the following service providers ("subprocessors") who process data on our behalf. Each is bound by appropriate data-protection obligations.

ProcessorPurposePrivacy policy
SupabaseDatabase and authentication (us-east-1)supabase.com/privacy
VercelApplication hosting (iad1)vercel.com/legal/privacy-policy
UpstashQueue and cacheupstash.com/trust/privacy.pdf
PaddleMerchant of Record — billing, payments, taxpaddle.com/legal/privacy
ResendTransactional emailresend.com/legal/privacy-policy
SentryError monitoringsentry.io/privacy
CloudflareCDN and securitycloudflare.com/privacypolicy
PostHogProduct analyticsposthog.com/privacy
AnthropicAI inference for content generationanthropic.com/legal/privacy

Note on Paddle: Paddle acts as our Merchant of Record, meaning Paddle is the seller of record for transactions and processes all payment data directly. We never receive or store your full payment details.

Note on Anthropic: We use AI inference to generate study content. We do not send your personal practice data or score reports to generate content — content generation operates on exam blueprints and public documentation, not your personal data.

7. Cookies and analytics

We use a minimal set of cookies necessary to operate the Service (such as keeping you logged in) and lightweight product analytics (PostHog) to understand usage and improve the product. We do not use cookies for third-party advertising. You can control cookies through your browser settings; disabling essential cookies may affect the Service's functionality.

8. Your rights

Depending on your location, you have rights over your personal information, including the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten"), subject to legal retention requirements.
  • Export your data in a portable format.
  • Withdraw consent (including for score reports) at any time.
  • Object to or restrict certain processing.

To exercise any of these, contact legal@cutscore.dev. We will respond within the timeframe required by applicable law. Korean residents have rights under the Personal Information Protection Act (PIPA); residents of other jurisdictions have rights under their local laws.

9. International data transfers

We are based in the Republic of Korea and use processors located in the United States and elsewhere (§6). Where your data is transferred internationally, we rely on appropriate safeguards as required by applicable law.

10. Children

The Service is not directed to children. You must be at least 16 years old to use CutScore. We do not knowingly collect personal information from anyone under 16; if you believe a child has provided us personal information, contact legal@cutscore.dev and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Effective" date above and, for material changes, notify you through the Service or by email. Continued use of the Service after a change constitutes acceptance of the updated policy.

12. Contact

Questions about this policy or your data: legal@cutscore.dev
Data controller: 주식회사 더플레인웍스 (The Plain Works Co., Ltd.), Cheonan, Republic of Korea

CutScore

The exam-readiness instrument. Know if you’re ready before you book.

Product
PricingBlog
Legal
PrivacyTermsRefund policy
Company
Contact
© 2026 The Plain Works Co.AWS and AWS Certified AI Practitioner are trademarks of Amazon.com, Inc. or its affiliates. CutScore is independent and not affiliated with, endorsed by, or sponsored by Amazon Web Services.