N4
N-400 PrepBack to home

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how ZTNA Labs LLC, doing business as N-400 Prep (“we,” “our,” or “us”), collects, uses, and protects information when you visit ztnalabs.io or use our services (collectively, the “Service”).

Important: N-400 Prep is an independent educational tool. We are not affiliated with, endorsed by, or connected to U.S. Citizenship and Immigration Services (USCIS), the Department of Homeland Security, or any other government agency. Use of the Service does not guarantee any outcome with USCIS.

1. Information We Collect

Account information

When you create an account, we collect your email address, your chosen password, and any name you provide. Passwords are never stored in plaintext — they are hashed and managed by Supabase Auth, our authentication provider.

Usage and progress data

We store your study progress, quiz attempts, bookmarks, study session timing, mock-interview history (see below), and selected preferences so we can present accurate readiness scores and weak-area insights.

Mock interview transcripts

During an AI mock interview, your spoken answers are transcribed in real time. The transcribed text of each turn (yours and the AI officer’s), the phase, score, and timestamps are stored in your account so you can review past sessions. We do not store voice audio; only the transcribed text is retained.

Voice audio (transient)

Voice audio is streamed in real time through LiveKit for transport, and through Deepgram for speech-to-text. We do not record, archive, or retain raw audio on our servers. ElevenLabs returns synthesized speech for the AI officer’s voice; that audio is also transient. Sub-processors may retain processing data briefly per their own privacy policies (see “Sub-processors” below).

Technical data

We log standard server-side request data (timestamp, route, response status, IP address, user-agent) for security, abuse prevention, and debugging. We do not use third-party advertising or behavioral tracking cookies. The Supabase session token is stored in your browser’s localStorage to keep you signed in across visits.

Payment information

If you subscribe to a paid plan, billing is handled by our payment processor. We never see, store, or transmit your full card number. We retain only the last four digits, the card brand, and the billing zip code as returned by the processor for receipt and chargeback purposes.

2. How We Use Information

  • To provide, operate, and improve the Service
  • To track your study progress and generate readiness scores
  • To power AI mock interviews (text-based prompting of large language models)
  • To send transactional emails (password reset, billing receipts)
  • To detect, prevent, and respond to abuse, fraud, or security incidents
  • To comply with legal obligations

We do not sell your personal information. We do not use your data to train third-party AI models. We do not share your data with advertisers.

3. Sub-processors

We rely on the following sub-processors to operate the Service. Each has its own privacy policy and security commitments:

  • Supabase — authentication and Postgres database (United States region)
  • Vercel — web hosting and edge delivery
  • Fly.io — hosting for the voice agent service
  • Anthropic — large-language-model inference (Claude) for mock interviews
  • LiveKit Cloud — real-time voice transport
  • Deepgram — speech-to-text transcription
  • ElevenLabs — text-to-speech synthesis

4. Data Retention

  • Account data (profile, progress, bookmarks): kept for as long as your account is active.
  • Mock interview transcripts: retained for up to 90 days after the session, then automatically deleted. You can delete your interview history at any time from the Profile page.
  • Server logs: retained for up to 30 days for security and debugging.
  • Billing records: retained for at least 7 years to meet U.S. tax and accounting requirements.

On account deletion (see Section 6), we delete your profile, progress, bookmarks, and interview transcripts within 30 days, except where we are required by law to retain billing records.

5. Security

We protect personal data using industry-standard measures, including:

  • HTTPS / TLS for all traffic
  • HSTS, CSP, X-Frame-Options, and other browser security headers
  • Postgres Row-Level Security — you can only access rows owned by your account
  • Bcrypt password hashing via Supabase Auth
  • Required re-authentication before sensitive actions like password changes
  • API rate limiting and abuse detection
  • Restricted access to production data; secrets stored in encrypted provider vaults

No system is perfectly secure. If we ever discover a breach affecting your personal information, we will notify affected users without undue delay and within the timeframes required by applicable law.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export a copy of your data in a portable format
  • Withdraw consent at any time where we rely on consent
  • Object to or restrict certain processing

To exercise any of these rights, email ztnalabs@gmail.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

For California residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, request deletion, opt out of the sale of personal information (we do not sell), and not be discriminated against for exercising these rights.

For European residents (GDPR / UK GDPR)

We process your personal data on the legal bases of contract performance (to deliver the Service), legitimate interests (security, product improvement), and consent (for optional features). You may lodge a complaint with your local supervisory authority.

7. International Data Transfers

Our services and most sub-processors operate in the United States. If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the United States, which may have different data-protection rules than your country.

8. Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact ztnalabs@gmail.com and we will delete it.

9. Cookies

We use only essential storage (cookies and localStorage) to keep you signed in and remember your locale preference. We do not use advertising, behavioral, or cross-site tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date and notify registered users by email or in-app notice. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

ZTNA Labs LLC (d/b/a N-400 Prep)
Illinois, United States
Email: ztnalabs@gmail.com

N-400 Prep is not affiliated with, endorsed by, or connected to USCIS or the U.S. government.