Privacy Policy

1. Introduction

First Pass LLC ("First Pass JLPT," "we," "us," or "our") operates the First Pass JLPT platform (firstpassjlpt.com), an online JLPT practice service.

This Privacy Policy describes the personal information we collect, the purposes for which we use it, the third parties we share it with, and the rights you have over it. If you have questions about anything in this policy, contact us at privacy@firstpassjlpt.com.

2. Information We Collect

2.1 Information You Provide

• Account: Email address and password.
• Profile: An optional display name (first name) shown in the interface.
• Billing: When you subscribe, Stripe collects and processes your payment details directly. We receive only a Stripe customer identifier, the subscription status, and the last four digits and expiry of your card for invoice display. We do not collect, receive, or store full card numbers or CVCs.
• Support correspondence: The content of emails you send to support@firstpassjlpt.com or privacy@firstpassjlpt.com, including your email address, any account identifiers you reference, and any information you choose to include in the message.

2.2 Information Collected Automatically

• Usage Data: Exam progress, scores, study preferences, and learning analytics
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, pages viewed, and referring URLs

2.3 Information We Do NOT Collect

• Date of birth or age
• Physical address
• Phone number
• Social media profiles
• Biometric data

2.4 Is This Information Required?

An email address and password are required to create an account. A display name, marketing-email preferences, and support or feedback submissions are optional, and the Service remains available if you decline to provide them.

3. How We Use Your Information

We use your information to:

• Provide and maintain our exam practice service
• Track your learning progress and display your scores
• Process payments and manage your subscription
• Send essential service communications (password resets, subscription updates)
• Respond to your support inquiries
• Improve our service based on usage patterns
• Detect and prevent fraud, abuse, and unauthorized access

We do not sell personal information, use personal information for targeted advertising, or share personal information with third parties for their own marketing.

4. Third-Party Services

We use the following third-party processors to operate the Service. Each processes personal data on our behalf under a data processing agreement and only for the purposes described below:

Personal information is not disclosed to other third parties except in response to a legally binding request or to establish, exercise, or defend legal claims.

5. Data Retention

• Active accounts: Personal data is retained for the duration of the account.
• Deleted Accounts: When you delete your account, we remove your personal data within 30 days
• Backups: Backup copies are automatically deleted after 14 days
• Anonymized Data: We may retain anonymized, aggregated data for analytics indefinitely
• Legal Requirements: We may retain certain data longer if required by law (e.g., financial records for tax purposes)

6. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Delete your account and all associated data
• Export: Download your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request we limit how we use your data
• Withdraw Consent: Where processing is based on consent, withdraw it at any time

How to exercise your rights: Email privacy@firstpassjlpt.com describing your request. We may ask you to verify your identity before processing. We will respond within 30 days — or within 45 days for CCPA requests, as California law permits. Standard requests are free.

6.1 For Users in the European Economic Area (EEA)

Under the General Data Protection Regulation (GDPR), you also have the right to lodge a complaint with your local supervisory authority. You may also request information about whether we transfer your data outside the EEA and what safeguards are in place.

6.2 For Users in Japan

Under the Act on the Protection of Personal Information (APPI), you have the right to request disclosure, correction, addition, deletion, cessation of use, or cessation of third-party provision of your personal information.

Purpose of Use (APPI): We use your personal information for the following specific purposes:

• Provision and operation of the First Pass JLPT exam practice service
• User account management and authentication
• Payment processing and subscription management
• Customer support and inquiry response
• Service improvement and development
• Prevention of unauthorized use and fraud

6.3 For California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific privacy rights:

• Right to Know: Request information about personal data collected, used, or disclosed in the past 12 months
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

You may designate an authorized agent to submit CCPA requests on your behalf.

7. Cookies and Local Storage

We use cookies and local storage for:

• Authentication: Keeping you signed in to your account
• Preferences: Remembering your language and display settings
• Progress: Saving your exam progress locally for faster loading

We do not use advertising or cross-site tracking cookies. Cookies can be disabled in browser settings; parts of the Service that rely on session or preference cookies will not function if they are disabled.

8. International Data Transfers

First Pass LLC is based in the United States. Personal data submitted to the Service is transferred to, stored in, and processed in the United States and in other jurisdictions where our sub-processors operate.

For international transfers, we rely on:

• Data processing agreements with all third-party processors
• Our service providers' compliance certifications and safeguards
• Standard contractual clauses where applicable

9. Data Security

We apply the following technical and organizational security measures:

• All data transmitted over HTTPS (TLS encryption).
• Passwords are hashed and never stored in plain text.
• Database access is restricted to authorized personnel and logged.
• Dependencies are kept on supported versions and patched for known security issues.

No method of internet transmission or electronic storage is completely secure. If you believe your account has been accessed without authorization, contact privacy@firstpassjlpt.com.

9.1 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

10. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Exam scoring is automated but does not have legal or significant effects beyond the educational context of our service.

11. Children's Privacy

The Service is directed to users 13 and older. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. Parents or guardians who believe their child has provided personal information may contact privacy@firstpassjlpt.com.

For users in the European Economic Area, our service is intended for users aged 16 and older, or with parental consent where permitted by local law.

12. Changes to This Policy

We may update this Privacy Policy. Updates are published on this page with a revised "Last updated" date. For material changes, we may also send an email notification to account holders.

Previous versions of this Privacy Policy are available upon request.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: