AI-powered NPTE prep for student physical therapists.
Effective Date: May 13, 2026 Last Updated: May 13, 2026
This Privacy Policy (“Policy”) describes how Kelvin Lam Physical Therapy Inc., a California corporation that has elected to be taxed under Subchapter S of the United States Internal Revenue Code, doing business as PT Board Prep (“PT Board Prep,” “Company,” “we,” “us,” or “our”), collects, uses, discloses, retains, and protects personal information when you (“you” or “User”) access or use the PT Board Prep mobile application for iOS (the “App”) and any related services, websites, or features that link to this Policy (collectively, the “Services”). The Company is owned and operated by Kelvin Lam.
By creating an account, downloading, installing, or otherwise using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, do not use the Services.
This Policy is incorporated by reference into our Terms of Service.
| Operator (Data Controller) | Kelvin Lam Physical Therapy Inc., a California S-corporation d/b/a PT Board Prep (owned and operated by Kelvin Lam) |
| Business Address | 1882 N Cornet Pl, Anaheim, CA 92807, United States |
| Email (Privacy Inquiries) | support@ptprepexam.online |
| Website | https://ptprepexam.online |
| App | PT Board Prep (iOS), bundle identifier com.kelvinlam.ptprepexam |
For purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR, the Company is the data controller. For purposes of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), the Company is the business.
This Policy applies to personal information we collect through the Services. It does not apply to:
We collect the following categories of personal information. The exact information we receive depends on how you use the Services.
| Category | Examples | Source |
|---|---|---|
| Account credentials | Email address, password, display name, role (instructor or student) | You, at sign-up or when an instructor provisions your account |
| Cohort identifiers | Invite codes, cohort name, instructor-student associations | You, your instructor, or generated by the Services |
| Communications | Information you send to support, feedback, bug reports | You |
| Category | Examples |
|---|---|
| Study data | Quiz attempts, item-level responses, time spent, scores, accuracy, content-area performance, bookmarks, flagged items |
| Progress and history | Streaks, attempt timestamps, mock-exam attempts and results, study-guide and concept-drill activity |
| Roster activity (instructors) | Cohort rosters, assigned quizzes, student progress aggregates, comp/promo-code issuances |
| Entitlements | Records of in-app purchases unlocked on your account |
| Category | Examples | Purpose |
|---|---|---|
| Device identifiers | The vendor-scoped identifier for advertisers/analytics (IDFV) and similar identifiers that iOS assigns to the App | Required for normal App functioning; we do not engage in cross-app tracking |
| App diagnostics | Crash logs, error reports, performance traces (if and when implemented) | To diagnose failures and improve reliability |
| Network metadata | IP address, request timestamps, user-agent string, model selection, request volume | Recorded by our infrastructure providers for security, rate-limiting, and fraud prevention |
We do not track you across other apps or websites for advertising or marketing purposes. Our privacy manifest declares NSPrivacyTracking = false and NSPrivacyTrackingDomains is empty.
When you use AI-powered features (for example, quiz generation, study guides, concept drills, mock-exam generation, or AI-assisted explanations), the App transmits the content of the relevant academic prompt and context (such as content area, difficulty tier, blueprint mix, item style preferences, and prior performance signals derived from your study data) to our hosted AI proxy and, in turn, to our AI subprocessor. These prompts are pedagogical and do not include your email address, display name, password, payment information, or other direct identifiers. See Section 7 (“Artificial-Intelligence Processing”) for additional detail.
All in-app purchases are processed by Apple through the App Store. We do not collect, receive, or store your credit-card number, expiration, CVV, billing address, or other payment-instrument information. Apple provides us only with anonymized transaction receipts that establish your entitlement to purchased content. Refunds, billing disputes, and subscription management (if applicable) are handled by Apple under Apple’s own terms.
We do not intentionally collect any categories of “sensitive personal information” as defined under the CCPA or “special categories of personal data” as defined under Article 9 of the GDPR (such as racial or ethnic origin, religious beliefs, political opinions, trade-union membership, genetic data, biometric data, health information, sexual orientation, or precise geolocation). Please do not submit such information through the Services, including within free-text feedback or support communications.
We use personal information for the following purposes:
For Users in the European Economic Area, the United Kingdom, or Switzerland, we process personal information on one or more of the following legal bases:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation, authentication, delivering the App’s core study features | Performance of a contract (Art. 6(1)(b)) |
| Processing in-app purchases | Performance of a contract (Art. 6(1)(b)) |
| Maintaining security, preventing fraud, enforcing terms | Legitimate interests (Art. 6(1)(f)) |
| Responding to your requests for support | Performance of a contract / legitimate interests |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Sending optional marketing or product announcements (if any) | Consent (Art. 6(1)(a)), which you may withdraw at any time |
You may object to processing based on our legitimate interests at any time by contacting us at support@ptprepexam.online.
PT Board Prep supports two roles: Student and Instructor. If you join a cohort using an instructor-provided invite code (or your instructor provisions an account for you), please understand that:
If you do not wish to participate in a cohort, do not enter an invite code at sign-up. You may also leave a cohort at any time by contacting us at support@ptprepexam.online.
The Services use generative-AI models provided by Google LLC (“Google”) via the Google Gemini API. AI requests are routed through our self-hosted proxy and load-shaped according to the feature in use. We have configured the following safeguards:
gemini-2.5-pro, gemini-2.5-flash, and gemini-2.5-flash-lite.For details about our hosting subprocessor (Render), see Section 9 (“Sub-processors”).
We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising (as those terms are defined under the CCPA).
We disclose personal information only as follows:
| Recipient | Purpose | Categories Disclosed |
|---|---|---|
| Apple Inc. | Processing in-app purchases, app distribution, App Store services | Apple ID-scoped purchase information; we receive only entitlement receipts |
| Google LLC (Gemini API) | AI generation for quizzes, study guides, mock exams, drills | Pedagogical prompt content (see Section 7) |
| Render Services, Inc. | Hosting our API proxy and any related backend infrastructure | Network metadata (IP, timestamps), request/response payloads in transit |
| Google Cloud / Firebase (when activated) | Authentication, database, serverless functions (planned/staged; see Section 21) | Account data, cohort data, study data; only when these subsystems are activated and disclosed in an update to this Policy |
| Instructors within your cohort | Facilitating instruction (see Section 6) | Identity within the cohort, study data, performance |
| Professional advisors | Legal, accounting, or compliance counsel under confidentiality | As reasonably necessary |
| Successors | A buyer or successor in a merger, acquisition, reorganization, sale of assets, or insolvency | Personal information transferred as a business asset, subject to this Policy |
| Authorities | When required by law, legal process, or to protect rights, property, or safety | As required by the applicable demand |
We require recipients to maintain reasonable safeguards and use the information only for the purposes for which it was disclosed.
Our material sub-processors as of the Effective Date are:
| Sub-processor | Function | Location |
|---|---|---|
| Apple Inc. | App distribution, IAP | United States |
| Google LLC (Gemini API) | AI generation | United States |
| Render Services, Inc. | API proxy hosting | United States |
We may add, replace, or remove sub-processors from time to time. Material changes will be reflected in an update to this Policy.
The Services are operated from the United States. If you access the Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States and in other countries in which our sub-processors operate. The data-protection laws of those countries may differ from the laws of your country of residence.
Where we transfer personal information of EEA, UK, or Swiss Users to the United States or another country that has not been deemed by the European Commission (or the UK Information Commissioner’s Office, as applicable) to provide an adequate level of protection, we rely on the European Commission’s Standard Contractual Clauses or other lawful transfer mechanisms with our sub-processors. You may request a copy of the relevant mechanism by contacting us at support@ptprepexam.online.
We retain personal information for as long as your account is active or as needed to provide the Services, and thereafter for the periods required to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain reasonable business records.
| Category | Retention Period |
|---|---|
| Account credentials and profile data | Duration of the account, plus up to 30 days after deletion request to complete removal across systems |
| Study data and quiz attempts | Duration of the account; deleted with the account |
| In-app purchase entitlements | Retained per Apple’s transaction records; entitlements remain restorable from Apple |
| Support communications | Up to 24 months after the last communication, unless retained longer for legal reasons |
| Network and security logs | Up to 90 days, except where retained longer for incident investigation |
When we delete personal information, we either remove it from our active systems or de-identify it such that it cannot reasonably be linked back to you.
You may delete your account at any time from Settings → Delete my account within the App, or by emailing support@ptprepexam.online. Account deletion will:
Account deletion does not automatically refund prior in-app purchases. Refunds, where available, are handled by Apple under Apple’s policies.
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include encryption of data in transit using industry-standard TLS, authenticated communication between the App and our backend, rate-limiting and shared-secret checks on our AI proxy, and access controls on administrative interfaces.
However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password and for all activities under your account.
If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities to the extent required by applicable law.
The Services are intended for individuals who are at least eighteen (18) years of age and who are studying for the National Physical Therapy Examination (NPTE®) or related professional examinations. The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen in violation of the Children’s Online Privacy Protection Act (“COPPA”). If you become aware that a child under thirteen has provided personal information to us, please contact support@ptprepexam.online and we will take steps to delete that information.
For Users in the EEA, the UK, or other jurisdictions with elevated age thresholds for consent to data processing, individuals under sixteen (16) (or the applicable national age) must have a parent’s or legal guardian’s verifiable consent before using the Services.
Subject to applicable law and verification of your identity, you have the following rights with respect to personal information we hold about you.
To exercise these rights, contact us at support@ptprepexam.online. We will respond within the timeframe required by applicable law.
If you are a California resident, you have the following additional rights, subject to verification:
Notice of categories collected in the preceding 12 months: identifiers (email, account UID, IP address); commercial information (records of purchases); internet/network activity (App usage, error logs); inferences drawn from study performance for the purpose of personalizing the App.
Categories of sources: directly from you, your instructor (if you joined a cohort), and automatically through your use of the App.
Categories of recipients: as set out in Sections 8 and 9.
To submit a verifiable consumer request, email support@ptprepexam.online with the subject line “California Privacy Request.” We will verify your identity by matching the request to information associated with your account.
In addition to the rights listed in Section 15.1, you have the right to:
If you reside in another U.S. state or non-U.S. jurisdiction with comprehensive privacy legislation (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as those laws come into effect), you may have similar rights of access, correction, deletion, and opt-out. We will honor verifiable requests from residents of those jurisdictions to the extent required by the applicable law.
The App is a native iOS application and does not use HTTP cookies. The App stores small amounts of data locally on your device using Apple’s standard UserDefaults mechanism for purposes such as keeping you signed in, remembering display preferences, and caching state between launches. This data is contained within the App’s sandbox and is removed if you delete the App from your device.
Because the App is a native iOS application and does not engage in cross-app or cross-site tracking, we do not currently respond to “Do Not Track” browser headers or Global Privacy Control signals. The App’s privacy manifest declares NSPrivacyTracking = false.
The Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the content, privacy policies, or practices of those third parties. We encourage you to review the privacy policies of any third-party services you choose to use.
PT Board Prep is an independent study tool and is not affiliated with, endorsed by, or sponsored by the Federation of State Boards of Physical Therapy (“FSBPT”). The “NPTE®” mark is a registered trademark of the FSBPT and is used in this App and in this Policy only for descriptive, nominative purposes. Practice scores, readiness indicators, and any other metrics surfaced by the Services are heuristics; they do not predict or guarantee performance on the actual NPTE® or any other professional examination.
We may update this Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will:
Your continued use of the Services after the revised Policy becomes effective constitutes your acceptance of the revised Policy. If you do not agree with the changes, you must stop using the Services and may delete your account as described in Section 12.
Certain backend components (including Google Cloud Firebase Authentication, Cloud Firestore, and Cloud Functions) are scaffolded but not yet activated for the production iOS App as of the Effective Date. When we activate those components, we will update this Policy and the privacy nutrition labels we provide to Apple in the App Store. You should review this Policy periodically for changes.
This Policy is governed by the laws of the State of California, United States, without regard to its conflict-of-laws principles. Any disputes arising out of or relating to this Policy or the Services shall be resolved as set forth in our Terms of Service.
This Policy does not limit any non-waivable rights you may have under the mandatory laws of your jurisdiction of residence.
If you have questions, concerns, or requests relating to this Policy or your personal information, please contact us at:
Kelvin Lam Physical Therapy Inc.
d/b/a PT Board Prep
Attn: Kelvin Lam
1882 N Cornet Pl
Anaheim, CA 92807
United States
Email: support@ptprepexam.online
Website: https://ptprepexam.online
We aim to respond to all privacy inquiries within thirty (30) days of receipt, or such shorter period as is required by applicable law.
PT Board Prep is operated by Kelvin Lam Physical Therapy Inc., a California corporation taxed as an S-corporation under Subchapter S of the United States Internal Revenue Code, owned and operated by Kelvin Lam. NPTE® is a registered trademark of the Federation of State Boards of Physical Therapy and is used in this Policy only for descriptive, nominative purposes.