Legal

Privacy Policy

How Tokenizer handles personal information across the parent brand site, MasteryExamPrep.com, Tokenizer-operated portfolio properties, and related support, consulting, institutional access, and business workflows.

Last updated: April 24, 2026

1) Scope

Tokenizer Inc. ("Tokenizer", "we", "our") operates Tokenizer.ca as the parent brand site, MasteryExamPrep.com as the product hub, and a portfolio of Tokenizer-operated educational properties including exam-prep guide sites and reference sites.

This Policy covers

  • Tokenizer parent-brand pages, support pages, and contact workflows.
  • Mastery exam-prep products, account flows, and related study features.
  • Tokenizer-operated educational sites, including exam-prep guides and reference properties such as finance, accounting, software, real-estate, and legal-literacy sites.
  • Support, consulting, institutional access, team, and partnership inquiries handled by Tokenizer or routed to Mastery.

This Policy explains what we collect, how we use it, when we share it, and what choices you have. Some institutional, team, or custom engagements may also be governed by a separate agreement, order form, or data-processing addendum.

2) Data We Collect

Account & Profile Data

Name or alias, email address, exam selections, region, study preferences, and account identifiers needed to provide access and sync progress.

Study, Support & Inquiry Data

Progress data, notes, flags, feedback, support messages, team or institutional access responses, and information you choose to send in consulting, business, or partnership inquiries.

Billing, Usage & Device Data

Plan or purchase records, receipts, country or tax metadata, browser or app version, device or OS context, crash logs, and feature-usage analytics. We do not run third-party ad networks.

Children's Privacy

Our services are not intended for children under 13, or under 16 where local law sets a higher threshold. We do not knowingly collect personal data from children in those age ranges.

3) How We Use Data

  • Provide and improve Tokenizer sites, Mastery products, progress syncing, analytics, and institutional access workflows.
  • Respond to support tickets, consulting inquiries, partnership inquiries, and institutional or business requests.
  • Process purchases, invoices, subscriptions, and account administration.
  • Maintain service integrity, detect abuse, investigate errors, and monitor performance.
  • Improve editorial quality, product decisions, and operational reporting across the Tokenizer portfolio.
  • Meet legal, tax, accounting, and compliance obligations.

Legal bases where applicable: consent, performance of a contract, legitimate interests such as security and product improvement, and compliance with legal obligations.

4) Sharing & Processors

  • Service providers: hosting, analytics, crash reporting, email delivery, billing, and related infrastructure providers that process data on our behalf.
  • Institutional customers: where your school, employer, training provider, or other organization provides your access, we may share progress, usage, and assessment results with authorized administrators under the applicable agreement.
  • Legal and safety reasons: where required to comply with law, enforce agreements, or protect rights, security, or safety.
  • Business transfers: data may transfer as part of a merger, acquisition, financing, or asset sale, subject to applicable law.
No sale of personal data: We do not sell personal information and we do not use third-party advertising networks.

5) Retention

  • Account and study data: retained while your account is active and then deleted, anonymized, or archived according to internal retention schedules.
  • Support, consulting, and inquiry records: typically retained for up to 24 months unless a longer period is needed for an active relationship or legal recordkeeping.
  • Billing and tax records: retained for at least 7 years where required for accounting or tax compliance.
  • Logs, diagnostics, and security records: typically retained for 12 to 24 months.
  • Backups: rolling backups are purged on an operational schedule, commonly within 30 to 90 days.

6) Security

We use administrative, technical, and physical safeguards appropriate to the nature of the data and the risks involved, including access controls, encryption in transit, environment separation, logging, and monitoring. No system is perfectly secure, so please contact us promptly if you believe your account or data has been compromised.

7) Cookies & Analytics

We use a limited set of first-party cookies and similar technologies to operate our websites, remember basic preferences, and understand aggregate usage. We do not use third-party ad networks or cross-site advertising profiles.

<div class="row g-3">
  <div class="col-12 col-lg-6">
    <div class="p-3 border rounded-3 h-100">
      <h3 class="h6 mb-2">Essential Site Functions</h3>
      <p class="small text-body-secondary mb-0">Security, session handling, load balancing, and basic site preferences needed to deliver the service.</p>
    </div>
  </div>
  <div class="col-12 col-lg-6">
    <div class="p-3 border rounded-3 h-100">
      <h3 class="h6 mb-2">Analytics</h3>
      <p class="small text-body-secondary mb-2">We use Google Analytics 4 in a minimal configuration to understand traffic patterns and improve site quality.</p>
      <ul class="small text-body-secondary mb-0">
        <li>Google Signals: <strong>disabled</strong></li>
        <li>Ads personalization / remarketing: <strong>disabled</strong></li>
        <li>IP anonymization: <strong>enabled</strong> by GA4</li>
      </ul>
    </div>
  </div>
</div>

<div class="alert alert-secondary mt-3 mb-2">
  <strong>Regional consent:</strong> In the EU and UK we request consent before setting analytics cookies. In Canada and some other jurisdictions, we may rely on legitimate interests for basic measurement, subject to your opt-out choices.
</div>

<div class="d-flex flex-wrap gap-2 mt-2">
  <a class="btn btn-outline-primary btn-sm" href="#" id="cookie-prefs-link">Cookie Preferences</a>
  <a class="btn btn-outline-secondary btn-sm" href="https://tools.google.com/dlpage/gaoptout" target="_blank" rel="noopener">GA Opt-out Add-on</a>
</div>

<p class="small text-body-secondary mt-3 mb-0">Where product apps or web tools use analytics, that telemetry is used to improve stability, quality, and product decisions, not to run third-party advertising.</p>

8) Your Rights

Access, Correction & Deletion

You may request access to your personal data, ask us to correct inaccuracies, or request deletion of your account, subject to identity verification and legal retention requirements.

Opt-outs & Preferences

You can opt out of non-essential emails and, where available, manage analytics and cookie preferences. We do not sell personal data.

<div class="p-3 bg-body-tertiary rounded-3 mt-3">
  <h3 class="h6 mb-2">Jurisdictional notes</h3>
  <ul class="mb-0">
    <li><strong>Canada (PIPEDA):</strong> you can request access to and correction of personal information we hold about you.</li>
    <li><strong>EU/EEA and UK:</strong> rights may include access, rectification, erasure, restriction, portability, and objection, subject to applicable law.</li>
    <li><strong>California (CCPA/CPRA):</strong> rights may include the right to know, delete, and correct personal information, subject to statutory limits.</li>
  </ul>
</div>

<div class="mt-3">
  <a class="btn btn-outline-primary btn-sm" href="mailto:privacy@tokenizer.ca?subject=Privacy%20Request">Submit a Privacy Request</a>
  <a class="btn btn-outline-secondary btn-sm ms-2" href="mailto:support@tokenizer.ca?subject=Delete%20my%20account">Request Account Deletion</a>
</div>

9) International Transfers

We may process or store data in Canada, the United States, and other countries where our service providers operate. Where required, we rely on appropriate legal safeguards for cross-border transfers, including contractual protections.

10) Institutional, Business & Consulting

For institutional access, team deployments, custom work, or consulting engagements, Tokenizer may act as a processor for customer-controlled data and as a controller for account, billing, operational, and business-development data. The exact allocation depends on the engagement structure.

Where appropriate, we can provide a Data Processing Addendum, security information, and role-specific access controls as part of the commercial process.

11) Changes & Contact

We may update this Policy to reflect changes in products, operations, vendors, or legal requirements. When we do, we will update the "Last updated" date and provide additional notice where required.

Contact Us

Questions, concerns, or rights requests:

privacy@tokenizer.ca support@tokenizer.ca

Mailing Address

Tokenizer Inc. - Privacy
137 Ellins Ave, York, ON, M6N 2B2
Canada

If you have an unresolved privacy concern, you may have the right to contact your local privacy or data-protection authority.