Effective 9 May 2026 · Version 1.0

Privacy Policy

1. Overview

WoWPrep Academy is a digital exam preparation service operated under the ASIC-registered business name WOWPREP. This Privacy Policy explains how WoWPrep Academy ("WoWPrep", "we", "us", or "our") collects, uses, stores, shares, and protects personal information when users visit our website, create an account, use our learning tools, purchase access, contact support, or interact with our services.

We do not sell personal information. We collect information to provide and improve the service, support users, process payments, protect the platform, and comply with legal obligations.

2. Information we collect

We may collect the following types of information.

Account information

This may include email address, display name, optional name, password credentials or login identifiers, country or market route, age band, selected exam or subject, time-to-exam band, account status, and acceptance records for our Terms and Privacy Policy.

Learning information

This may include diagnostic answers, practice answers, mock exam answers, selected and eliminated options, scores, response timing, progress, mastery estimates, learning history, and content issue reports.

We use this information to operate the learning service, personalise practice, generate progress insights, improve question quality, and help users prepare more effectively.

Payment and entitlement information

If a user or parent purchases a paid pass, we may receive transaction references, payment status, amount, currency, plan purchased, pass start and end dates, promo code information, refund status, and dispute records.

WoWPrep does not collect, store, or see full card numbers, card verification codes, or bank account credentials. Payments are handled by our payment provider, currently expected to be MyFatoorah for Kuwait payments.

Parent-child linking information

If a parent and student account are linked, we may store the parent email, child email or linking code, link status, consent or acceptance records, and high-level child progress summaries visible to the parent.

Support and communications information

This may include support messages, refund requests, deletion requests, correction requests, access or export requests, complaint records, and internal notes needed to resolve support matters.

Technical, security, and usage information

This may include IP address, device type, browser type, operating system, user agent, login attempts, session identifiers, rate-limit events, fraud or abuse signals, error logs, cookies, analytics identifiers, page views, referral source, and cookie consent choices.

FairMode and timed-test integrity information

For timed mocks, Practice Tests, or FairMode, we may collect limited integrity signals such as attempt start and end time, question timing, fullscreen exits, tab switching, focus loss, copy/paste attempt events, unusual timing patterns, disconnection events, and integrity labels.

We do not use keystroke logging, record the user's screen, record audio or video, or capture clipboard contents.

3. Information we do not intentionally collect

WoWPrep does not intentionally collect passport numbers, national ID numbers, civil ID numbers, biometric data, precise GPS location, health records, religion, ethnicity, political views, union membership, official KUAT results, school records from schools or universities, screen recordings, audio recordings, video recordings, keystroke logs, or full payment card details.

If a user voluntarily sends unnecessary sensitive information to support, we may delete, redact, or ignore it unless it is needed to handle the request or comply with law.

4. How we use information

We use personal information to:

  1. create and manage accounts;
  2. authenticate users;
  3. deliver diagnostics, practice questions, mock exams, FairMode, results, and progress features;
  4. personalise learning and recommendations;
  5. enforce plans, caps, credits, and entitlements;
  6. process payments, refunds, and disputes;
  7. provide support;
  8. send account, security, payment, service, and educational communications;
  9. send marketing only where permitted and consented where required;
  10. protect the platform from fraud, scraping, misuse, and security threats;
  11. improve the product, content, analytics, and reliability;
  12. maintain audit, accounting, tax, payment, and legal records;
  13. enforce our Terms of Service and protect our legal rights.

Where a legal basis is required, we rely on contract, consent, legitimate interests, legal obligations, and safety or security reasons, depending on the context.

For Australian-law processing, we handle personal information in a way designed to align with the Privacy Act 1988 (Cth), the Australian Privacy Principles where they apply to us, and relevant marketing consent rules. If we become required to comply with the Privacy Act, or if we formally opt in, we will treat those obligations as binding on WoWPrep.

For Kuwait users, we design our privacy practices to take account of applicable Kuwait privacy, electronic transactions, cybersecurity, telecommunications, information-technology, cloud, payment, and child-protection requirements to the extent those requirements apply to WoWPrep.

5. Minors and parent access

WoWPrep is designed for students, including students who may be under 18. We apply extra safeguards for under-18 learner accounts.

For under-18 users, we aim to:

  1. collect minimal information;
  2. use age-band information to apply appropriate protections;
  3. avoid unnecessary marketing to learner accounts;
  4. keep billing information out of learner channels where a parent account is linked;
  5. limit parent visibility to high-level progress summaries;
  6. avoid showing parents individual question responses, detailed mistakes, private support messages, or detailed behavioural patterns;
  7. allow parent-child links to be revoked;
  8. delete or anonymise information sooner where practical and legally permitted.

WoWPrep is designed to align with Australian privacy law, the Australian Privacy Principles where applicable, and the developing Australian Children's Online Privacy Code framework. We will update this Policy if final child privacy rules become legally binding and applicable to WoWPrep.

6. Who we share information with

We share information only where needed to run, protect, improve, or legally operate WoWPrep.

We may share information with:

  1. hosting, database, authentication, and cloud providers;
  2. payment providers;
  3. email and notification providers;
  4. analytics, crash reporting, and error monitoring providers;
  5. security, rate-limiting, and anti-abuse providers;
  6. OAuth login providers such as Google or Apple;
  7. advertising and campaign measurement tools, where enabled and consented where required;
  8. professional advisers such as lawyers, accountants, tax advisers, and compliance advisers;
  9. regulators, courts, payment schemes, law enforcement, or authorities where required or permitted by law;
  10. a buyer, successor, or related entity if WoWPrep is sold, transferred, incorporated, reorganised, or merged.

Third-party providers may process data in different countries depending on their infrastructure, sub-processors, and configuration. We do not authorise service providers to use personal information for unrelated purposes, but some providers may process information under their own terms, privacy policies, legal obligations, fraud-prevention rules, or payment network rules.

7. International processing

WoWPrep is operated from Australia for users in Kuwait and may use international service providers. Personal information may be processed, stored, or accessed in Australia, Kuwait, the United States, the European Union, Singapore, Japan, or other countries where our providers, sub-processors, support operations, or infrastructure operate.

We do not promise that all information will be stored in one country. A provider may be headquartered in one country while storing or processing information in another.

When we use overseas providers, we take reasonable steps appropriate for an online education business, including choosing reputable providers, limiting information shared, using provider data-processing terms where available, applying access controls, using encryption in transit, and avoiding unnecessary sensitive data collection.

8. Cookies and tracking

WoWPrep uses essential cookies and similar technologies to keep the service secure and functional. These may be used for login, account security, routing, checkout, CSRF protection, and remembering privacy choices.

We also use analytics tools to understand site usage and measure marketing performance. We currently use Google Analytics 4 (provided by Google LLC) to record page views and high-level events such as waitlist signups. We may also enable Meta Pixel (provided by Meta Platforms, Inc.) to measure the effectiveness of advertising campaigns we run on Facebook and Instagram. Analytics events do not include email addresses, passwords, payment details, learning answers, or other identifying personal information. Events typically include the page URL, the referring source, country segment, the form a user signed up through, and a randomly-generated browser identifier maintained by the analytics provider.

Browser-level opt-out

Users can opt out of analytics and pixel tracking through browser-level controls:

  1. Google Analytics opt-out browser add-on — available at tools.google.com/dlpage/gaoptout; prevents Google Analytics from collecting data on every site the user visits.
  2. Browser Do Not Track or Global Privacy Control (GPC) signals — modern browsers offer a setting that signals to websites the user does not consent to tracking; some analytics providers honor it.
  3. Tracker-blocking extensions such as uBlock Origin, Privacy Badger, or Ghostery block analytics and advertising scripts from loading.
  4. Browser cookie controls — users can block third-party cookies, clear analytics cookies, or use private/incognito browsing to prevent persistent tracking identifiers.
  5. Mobile device controls — iOS App Tracking Transparency, Android Limit Ad Tracking, and platform-level privacy settings restrict cross-app and cross-site tracking.

Essential cookies (login, security, routing) are not affected by analytics opt-out. If essential cookies are disabled, parts of the service may not work properly.

9. Marketing communications

We may send account, security, payment, support, and educational messages where needed to provide the service.

We send marketing communications only where permitted by law. Marketing emails identify WoWPrep and include an unsubscribe method where required. Under-18 learner accounts are excluded from unnecessary marketing by default.

10. Retention and deletion

We keep personal information only for as long as reasonably needed for the purposes described in this Policy, including providing the service, supporting users, maintaining security, resolving disputes, complying with payment, accounting, tax, audit, and legal obligations, and improving the service using anonymised or aggregated data.

As a general approach:

  1. active account data is kept while the account is active;
  2. inactive account data may be deleted or anonymised after a period of inactivity, subject to the inactivity definition below;
  3. payment, refund, dispute, tax, accounting, policy acceptance, and audit records may be kept longer where needed;
  4. anonymised learning statistics may be kept indefinitely if individuals are not reasonably identifiable;
  5. security and error logs are usually kept for a shorter period unless needed for investigation, fraud prevention, legal compliance, or dispute handling;
  6. integrity events are usually kept only as long as needed for trust, dispute, security, or legal purposes.

Inactivity definition

An account becomes inactive when all of the following conditions are met:

  1. no login for 6 months
  2. no active paid pass or Season Pass
  3. no open dispute or chargeback
  4. no unresolved support case that would block deletion

Once an account is marked inactive, we may send a deletion notice approximately 30 days before scheduled deletion or anonymisation, allowing the user to reactivate or request retention.

Users may request deletion at any time by contacting support@wowprepacademy.com. We may need to verify identity before completing a request.

When a valid deletion request is completed, we generally delete or anonymise account profile information, identifiable learning history, parent-child links, support content where practical, and other personal information no longer needed.

We may retain information where required or reasonably needed for legal, accounting, tax, payment, fraud-prevention, security, dispute, audit, or enforcement purposes.

11. User rights and choices

Depending on applicable law, users may request to:

  1. access personal information we hold about them;
  2. correct inaccurate information;
  3. delete or anonymise account information;
  4. export key account or learning information;
  5. object to marketing;
  6. withdraw marketing consent;
  7. withdraw non-essential cookie consent;
  8. complain about our handling of personal information.

To make a request, email support@wowprepacademy.com.

We may need to verify identity before acting on a request. If a parent makes a request about a child account, we may verify the parent-child link or request additional evidence.

We aim to respond within a reasonable time and complete valid access, correction, export, or deletion requests within 30 days where practical, unless the request is complex, legally restricted, abusive, technically infeasible, or requires more time.

12. Security

We use reasonable administrative, technical, and organisational measures to protect personal information. These may include secure authentication, password hashing, HTTPS/TLS, provider-managed encryption where available, access controls, rate limiting, audit logs, webhook verification, monitoring, and limiting production data access.

No online service can guarantee perfect security. Users are responsible for keeping their login details confidential, using secure devices, and notifying us if they suspect unauthorised access.

13. Data incidents

If we become aware of a serious data incident, we will take reasonable steps to investigate, contain the issue, assess likely harm, preserve evidence, notify affected users or regulators where required, and improve controls to reduce repeat risk.

14. KUAT and institution non-affiliation

WoWPrep Academy is not affiliated with, endorsed by, authorised by, or partnered with Kuwait University. KUAT is referenced only to identify the exam that WoWPrep helps students prepare for.

We do not currently share user data with Kuwait University, schools, universities, official exam bodies, or academic institutions unless the user requests it, we are legally required to do so, it is necessary for payment, legal, safety, or fraud reasons, or this Policy is updated and an appropriate legal basis exists.

15. Automated learning insights

WoWPrep may use algorithms, statistical models, rules, and automated systems to recommend practice questions, estimate mastery, identify pacing patterns, detect repeated mistakes, generate study insights, calibrate item difficulty, and improve content quality.

These tools are for educational support only. They do not determine official exam results, university admission, government benefits, employment, credit, insurance, or legal rights.

We may use anonymised or aggregated information to improve content and learning models. We will not intentionally use identifiable student data to train external public AI models unless we update this Policy and obtain any required consent.

16. Complaints

Users may contact us at support@wowprepacademy.com with the subject line "Privacy Complaint". The message should describe the issue, the account involved, and the outcome requested.

We will investigate and respond within a reasonable time. If the user is not satisfied, they may be able to contact a relevant privacy, consumer, communications, or data protection regulator in their jurisdiction, including the Office of the Australian Information Commissioner where Australian privacy law applies.

17. Changes to this Policy

We may update this Policy from time to time. We will update the effective date and version number when we do.

For material changes, we may email users, show an in-app notice, require re-acceptance, or provide a summary of changes. Continued use after the updated Policy takes effect means the user accepts the updated Policy.

18. Contact

WoWPrep Academy Privacy Contact Email: support@wowprepacademy.com Website: wowprepacademy.com