BTT FTT SG Privacy Policy
Support Privacy Delete Account Terms
Legal

Privacy Policy

This Privacy Policy explains how crankycactus collects, uses, discloses, retains, and protects personal data in connection with the BTT FTT SG mobile app. This policy is written with reference to the Singapore Personal Data Protection Act 2012.

Last updated: 9 April 2026
Contact: grumps@crankycactus.com

1. Who this policy applies to

This policy applies to users of the BTT FTT SG mobile app. The app is a mobile study tool for Singapore learner drivers preparing for the Basic Theory Test and Final Theory Test.

2. Personal data we may collect

Depending on how you use the app, we may collect or receive the following categories of data:

  • Account data, such as your email address and account identifier when you sign up or log in.
  • Authentication data, such as login session information needed to keep you signed in securely. On iPhone, this may include Apple Sign In identity data passed through Supabase authentication.
  • Profile and preference data, such as preferred language and active exam track.
  • Progress and test data, such as attempts, answers, scores, duration, draft session state, readiness-related calculations, and ranking-related attempt data.
  • Purchase and entitlement data, such as store product ownership, purchase event metadata, and access grants linked to your account. We do not receive or store your full payment card details.
  • Technical and diagnostic data, such as app version, device and operating system details, error events, and crash diagnostics.
  • Product analytics data, such as events relating to onboarding, test behaviour, paywall exposure, purchase flows, and feature usage.
  • Support communications, such as the information you include when you contact us by email.

3. How we collect data

  • Directly from you when you sign up, log in, use the app, make a purchase, or contact support.
  • Automatically from your device and app session when you use the app.
  • From service providers that help us run the app, such as authentication, database, crash reporting, analytics, and purchase infrastructure providers.

4. Purposes for collection, use, and disclosure

We collect, use, and where necessary disclose personal data for purposes including:

  • creating and managing your account
  • authenticating you and maintaining secure sessions
  • providing the app's test, review, ranking, history, and resume features
  • syncing paid access and restoring purchases after server-side verification
  • measuring app quality, diagnosing bugs, and improving stability and performance
  • understanding how users interact with the app so the product can be improved
  • responding to support, privacy, or account requests
  • maintaining internal records, preventing abuse, and protecting the app and its users
  • complying with legal or regulatory obligations

5. Legal basis and PDPA consent position

Where required, we rely on your consent to collect, use, and disclose personal data for the purposes described in this policy. In some cases, collection, use, or disclosure may also be permitted or required under applicable law. By creating an account, using the app, making a purchase, or contacting support, you acknowledge that relevant personal data may be processed as described here.

6. Third-party service providers

We use third-party service providers to operate the app. These may process personal data on our behalf or as independent service providers, depending on the context. Key providers currently include:

  • Supabase for authentication, database, storage, and server-side functions.
  • RevenueCat for purchase and entitlement infrastructure.
  • Apple App Store / Google Play for mobile in-app purchase processing.
  • Sentry for crash and error monitoring.
  • PostHog for product analytics.
  • AWS Amplify Hosting or similar static hosting for public support and legal pages, if used.

We may update providers from time to time where reasonably necessary to operate or improve the service.

7. What we do not intentionally collect

  • We do not intentionally collect full payment card details.
  • The app does not currently implement in-app email messaging or in-app push notification features.
  • The default mobile Sentry setup keeps automatic personally identifiable information capture off.

8. How long we retain data

We retain personal data only for as long as it is reasonably needed for the purposes described in this policy, or as required or permitted by law.

  • Account-scoped data is generally retained while your account remains active.
  • If you delete your account, account-linked rows such as your profile, access grants, purchase events, and draft sessions are removed through backend account deletion logic.
  • Some completed attempt history may remain in anonymized form after account deletion, because user identity is removed while historical attempt records are preserved without the account link.
  • Diagnostic and analytics data may be retained for operational review, security, debugging, and service improvement purposes, subject to reasonable retention practices.

9. Data security

We take reasonable security measures to protect personal data from unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. These measures include account authentication controls, encrypted transport where applicable, server-side purchase verification, and access restrictions on backend data paths. No system can be guaranteed completely secure.

10. International transfers

Your data may be stored or processed outside Singapore by our service providers. Where this happens, we expect service providers to implement reasonable protections appropriate to the data and processing involved.

11. Your PDPA rights

Subject to applicable law and operational constraints, you may have rights to:

  • request access to personal data we hold about you
  • request correction of inaccurate or incomplete personal data
  • withdraw consent where consent is the basis of processing
  • request deletion of your account and associated personal data
  • ask questions about how your data is handled

To make a request, contact grumps@crankycactus.com. We may need to verify your identity before acting on a request.

12. Children

The app is intended for learner drivers and general users preparing for theory tests. It is not specifically directed to children. If you believe personal data has been provided to us inappropriately by a child, contact us and we will review the matter.

13. Changes to this policy

We may revise this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective or last updated date.

14. Contact

For privacy requests, data access or correction requests, or other questions about this policy, contact:

crankycactus
Email: grumps@crankycactus.com

© crankycactus. Contact: grumps@crankycactus.com