Privacy policy
This policy explains what personal data the platform processes, for what purposes, for how long, and what rights you can exercise.
Last updated: 2026-04-02
1. Data controller
- Controller: José Luis Alegre Llopis
- Contact: soporte@testcelador.com
2. What data we process
- Account and contact data: email, optional name, language, time zone, role, and account status.
- Authentication and security data: encrypted passwords, email verification, 2FA codes, sessions, device identifiers, IP, logs, and security events.
- Academic usage data: visible topics, attempts, answers, progress, statistics, metrics, and quiz or exam drafts.
- Billing and subscription data: customer or subscription identifiers in the payment gateway and the status of the purchased plan. We do not store the full card number.
- Academy relationship data: memberships, invitations, linked students, and teacher metrics when the user participates in an academy.
- Support, incident, and necessary communication data related to the account or the purchase.
- Technical preferences and, where applicable, consent regarding cookies or similar technologies.
3. Purposes and legal bases
| Purpose | Main legal basis | Examples |
|---|---|---|
| Registration, access, and account management | Performance of the contract or pre-contractual steps | Registration, login, password recovery, profile management, and delivery of contracted features. |
| Delivery of the academic service | Performance of the contract | Quizzes, exams, drafts, statistics, history, data export, and academy features. |
| Security, fraud prevention, and protection of the platform | Legitimate interest and, where applicable, compliance with legal obligations | Logs, device control, abuse limitation, auditing, security alerts, and risky-access analysis. |
| Billing and charging for plans | Performance of the contract and accounting or tax legal obligations | Subscription setup, renewal, cancellation, payment reconciliation, and record retention. |
| Anti-abuse protection in forms | Legitimate interest in service security | Prevention of automated signups, attacks, or abusive submissions in login, registration, or recovery. |
We do not make exclusively automated decisions with legal or similarly significant effects on the user without meaningful human involvement.
4. Data retention
- Account data: while the account remains active and for the periods necessary to handle later responsibilities.
- Academic data, metrics, and history: while needed to provide the service, allow historical consultation, and handle user requests, unless earlier deletion applies.
- Security and audit data: for the time reasonably necessary to prevent abuse, investigate incidents, and comply with legal or security obligations.
- Billing and subscription data: for the periods legally required under accounting, tax, and contractual rules.
- Consent data for optional cookies: until withdrawal, renewal, or technical expiration.
- If you request account closure or deletion, we may retain blocked or minimized data where necessary to comply with legal obligations, resolve disputes, or protect our rights.
5. Recipients, internal access, and processors
- Internal access to data is limited to the owner and to authorized staff or collaborators strictly necessary for support, security, billing, or administration.
- If you belong to an academy, that academy's teaching staff may access the information necessary to manage students, invitations, and metrics linked to that relationship.
- Infrastructure hosted in UE/EEE.
- Payment and subscription provider: Stripe, in the context of purchasing and managing the paid plan.
- Anti-abuse service: Google reCAPTCHA or the configured equivalent provider, only in protected forms.
When any of these providers implies international data transfers, the safeguards required by the GDPR will apply, such as standard contractual clauses or adequacy decisions where applicable.
6. User rights
You can exercise the rights of access, rectification, erasure, objection, restriction of processing, and portability, as well as withdraw your consent when processing is based on it.
To exercise them, write to soporte@testcelador.com clearly indicating your request and the contact method with which you registered.
If you believe the processing does not comply with the law, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).
7. Security and confidentiality
We apply reasonable technical and organizational measures to protect personal data against loss, unauthorized access, alteration, or improper disclosure.
- Access controls, password hashing, session protection, and security policies.
- Monitoring and audit logs to detect abuse or risky activity.
- Form and access protection measures when required by the environment.
- Internal procedures for review, traceability, and data minimization.
8. Minors and proper use
The platform is not aimed at children under 14. If we detect an account created in breach of this rule or using third-party data without sufficient authorization, we may limit or cancel it.
Users must use the platform in line with its study and academic-management purpose, without providing unnecessary or unauthorized personal data about third parties.
9. Changes to this policy
We may update this policy to reflect legal, technical, or functional changes in the service. The version in force will always be the one published on this page with its update date.