DMV Practice Test

Privacy Policy

Last updated · June 2026

Contents
  1. Controller and Contact
  2. Definitions and Principles
  3. Provision of the Website and Server Log Files
  4. Hosting and Web Analytics by Vercel
  5. Database by Supabase
  6. Cookies and Comparable Technologies
  7. Google Analytics 4
  8. Microsoft Clarity
  9. Meta Pixel (Facebook Pixel)
  10. Payment Processing via Stripe
  11. Practice Questions, Learning Progress and Study Plan
  12. Withdrawal and Cancellation of the Membership
  13. Contacting Us via Contact Form and Email
  14. Data Transfers to Third Countries
  15. Your Rights as a Data Subject
  16. Withdrawal of Consent Given
  17. Data Security
  18. Changes to This Privacy Policy

01 Controller and Contact

The controller within the meaning of Art. 4 (7) GDPR (DSGVO) and other national data protection laws of the member states, as well as further data protection provisions, is:

Controller
Digital App Group GmbH
Address
Ferdinand-Koch-Str. 31
26133 Oldenburg
Germany
Represented by
Managing Director: Joshua van Vliet
Register
Oldenburg Local Court (Amtsgericht Oldenburg), HRB 219130
Email
support@dmvpracticetest.app
Contact form
dmvpracticetest.app/kontakt

If you have any questions regarding the processing of your personal data, the exercise of your data subject rights, or any other data protection matters, please feel free to contact us at any time using the contact details above. We generally process requests within the statutory period of one month (Art. 12 (3) GDPR).

The appointment of a data protection officer is not legally required.

02 Definitions and Principles

This Privacy Policy uses the terms defined in the GDPR. According to Art. 4 (1) GDPR, "personal data" means any information relating to an identified or identifiable natural person. This includes in particular name, address, email address, IP address, online identifiers, as well as content that you transmit to us.

Legal Bases for Processing

Where we obtain consent from the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which you are a party, Art. 6 (1) (b) GDPR applies. This also applies to processing operations that are necessary to carry out pre-contractual measures. Where processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis.

Storage Period and Erasure

We process and store personal data only for the period necessary to achieve the purpose of storage, or where this is provided for by European or national laws to which we are subject. If the purpose of storage no longer applies or a prescribed storage period expires, the personal data is routinely blocked or erased in accordance with statutory provisions. For commercial and tax records, statutory retention periods of generally six or ten years apply (Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)).

03 Provision of the Website and Server Log Files

Each time our website is accessed, our system, or the system of our hosting provider (see Section 4), automatically collects data and information from the computer system of the accessing device. This data is technically necessary to display the website to you, to ensure its stability and security, and to detect and trace abuse. The following categories of data are collected in this context:

  • IP address of the requesting device (truncated or anonymized where technically possible)
  • Date and time of access
  • URL accessed or resource requested
  • HTTP status code and amount of data transferred
  • Referrer URL from which the access originated
  • Browser used, browser version and operating system
  • Language and version of the browser software

The processing is carried out on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest is to ensure the functionality, stability and security of our online offering, to detect malfunctions, and to be able to take appropriate measures in the event of attacks or abuse. The log files are generally erased after 14 days, unless, in an individual case, longer storage is necessary to clarify a specific security-relevant incident. In that case, the affected log files are stored until the matter is conclusively resolved and are then erased.

04 Hosting and Web Analytics by Vercel

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA (hereinafter "Vercel"). When the website is accessed, technically necessary connection data (in particular IP address, time of the request, browser and device information, URL accessed) is processed by Vercel to enable the delivery of the content and secure operation. Vercel provides the content delivery network and the server infrastructure and protects our website against unauthorized access, load peaks and attacks.

We have concluded a data processing agreement with Vercel in accordance with Art. 28 GDPR. This agreement ensures that Vercel processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. A transfer of data to the USA takes place. Vercel is certified under the EU-U.S. Data Privacy Framework. This certification is recognized by the adequacy decision of the EU Commission of July 10, 2023; the transfer is therefore carried out at a level of protection comparable to the European data protection level. In addition, EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR as well as technical and organizational protective measures apply.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in a high-performance, fail-safe provision of our online offering that is protected against attacks. For more information on how the transferred data is handled, please refer to Vercel's Privacy Policy: vercel.com/legal/privacy-policy.

In addition, we use Vercel Web Analytics, a reach measurement service from Vercel that is integrated into the hosting platform. This service collects aggregated usage statistics such as pages accessed, referrers, approximate geographic origin (country/region) as well as device and browser type, in order to measure the reach of our offering and to improve it technically. Vercel Web Analytics works without cookies and without any other access to information on your device; no cross-device or persistent user identifier is created, and individual page views are not combined into a profile that extends beyond the respective session. We are therefore not able to identify individual visitors through this.

Since neither cookies are set nor information is read from your device in this process, no consent under Section 25 TDDDG (German Telecommunications-Telemedia Data Protection Act) is required. The legal basis for processing the data arising in this context is Art. 6 (1) (f) GDPR; our legitimate interest lies in the statistical evaluation of reach and the continuous improvement of our offering. Further information can be found at vercel.com/docs/analytics/privacy-policy.

05 Database by Supabase

To store your answers to the practice questions, your learning progress and, where provided, your contact details, we use the service Supabase, operated by Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992 (hereinafter "Supabase"). Supabase is a backend platform that provides database services, authentication services and file storage. The data processing takes place in the region we have selected; where available, we select a region within the European Union.

We have concluded a data processing agreement with Supabase in accordance with Art. 28 GDPR. Insofar as data is transferred to third countries outside the EU/EEA, this is carried out on the basis of EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR as well as under the application of further appropriate safeguards. The data stored in the database includes in particular: pseudonymous session or user identifiers, submitted answers to the practice questions, information on learning progress (questions answered correctly or incorrectly per topic area), timestamps, and, in the event of booking the paid membership, email address, first and last name and payment reference.

The legal basis for the data processing is Art. 6 (1) (b) GDPR (performance of a contract) as well as Art. 6 (1) (f) GDPR (legitimate interest in operating the application as well as in the ongoing improvement of our offering). Further information can be found in Supabase's Privacy Policy: supabase.com/privacy.

06 Cookies and Comparable Technologies

We use cookies as well as comparable storage technologies such as local storage and session storage on our website. Cookies are small text files that are stored on your device and contain certain information that we or our service providers can read. The storage of information on your device or access to information already stored there is carried out in accordance with Section 25 TDDDG.

Technically Necessary Storage

Certain information is strictly necessary for our website to function properly. This includes in particular the storage of your consent preferences in the cookie banner, the maintenance of your login and learning session, the retention of your language setting, and security-relevant information for defending against attacks. This storage is carried out without consent on the basis of Section 25 (2) No. 2 TDDDG, as it is strictly necessary for us to be able to provide the telemedia service expressly requested by the user.

Storage with Consent

We use optional cookies and comparable technologies (in particular for statistics and marketing, see Sections 7 and 8) only if you have actively consented via our consent banner. The legal basis in this respect is Section 25 (1) TDDDG as well as Art. 6 (1) (a) GDPR. Your consent is voluntary and can be withdrawn at any time with effect for the future, without this affecting the lawfulness of the processing carried out up to the point of withdrawal.

Storage Location of the Consent Decision

We store your selection in the consent banner locally in your browser (local storage) under the key dmv-consent-v1. This information is not transmitted to our servers. The storage is unlimited in duration, but can be changed or deleted by you at any time via your browser settings or by accessing the cookie settings again.

Managing Your Settings

You can update your consent at any time via the Change cookie settings button available in the footer of this website. In addition, you can use your browser settings to refuse cookies in general, delete individual cookies, or activate a notification when cookies are stored. Please note that if cookies are completely disabled, it may no longer be possible to use all functions of our website.

07 Google Analytics 4

Provided that you have actively consented via our consent banner, we use Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). Google Analytics uses cookies and similar technologies to collect information about your use of the website, transmit it to Google's servers, store it there and evaluate it. The information helps us better understand the use of our offering, measure reach, and continuously improve our content and functions.

The categories of data processed are in particular: truncated IP address, device and browser information, technical identifier, referrer URL, pages accessed, time spent on the pages, interactions with content, anonymized geographic information (country/region) as well as a randomly generated usage identifier.

We use what is known as Google Consent Mode v2. As long as you have not granted consent, we do not transmit any personal data to Google. Only non-personal, aggregated modeling signals (so-called "cookieless pings" without device or user identifier) may be transmitted to Google without consent in order to create statistical projections about aggregated user behavior. After you have granted your consent, data is transmitted to Google's servers, which may also be located in the USA. Google is certified under the EU-U.S. Data Privacy Framework; the transfer is therefore carried out at a level of protection comparable to the European data protection level (Art. 45 GDPR in conjunction with Implementing Decision EU 2023/1795).

The legal basis for the data processing is Art. 6 (1) (a) GDPR as well as Section 25 (1) TDDDG. The storage period at the user level is configured to 14 months; after that, the data is automatically erased. In addition, we may use aggregated and anonymized reports for our statistical evaluations.

You can withdraw your consent at any time with effect for the future by opening the cookie settings and deactivating the "Statistics" category. In addition, you can prevent collection by Google Analytics by downloading and installing the browser add-on for deactivating Google Analytics at tools.google.com/dlpage/gaoptout. Further information on data protection at Google can be found at policies.google.com/privacy.

07b Microsoft Clarity

Provided that you have actively consented via our consent banner, we use Microsoft Clarity, an analytics and session recording service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA; hereinafter "Microsoft"). Clarity helps us understand how our website is actually used, in order to improve usability and detect errors.

For this purpose, Clarity records your interactions with the website and presents them in the form of pseudonymous session replays as well as aggregated heatmaps. The categories of data processed are in particular: mouse and pointer movements, clicks and tapping actions, scrolling behavior, pages accessed and navigation paths, time spent, device, browser and operating system information, screen resolution, approximate geographic origin (country/region) as well as a pseudonymous usage identifier. Entries in form fields are masked by Clarity by default and are not recorded in plain text.

So that a coherent session across multiple page views can be assigned to a single visit, we pass a pseudonymous identifier stored in your browser to Clarity. If you are logged in to your account, we use your pseudonymous user identifier for this; otherwise a randomly generated identifier. This identifier on its own does not allow any conclusions to be drawn about your identity.

The legal basis for the data processing is Art. 6 (1) (a) GDPR as well as Section 25 (1) TDDDG. A transfer of data to the USA takes place. Microsoft is certified under the EU-U.S. Data Privacy Framework; in addition, EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR apply. Microsoft generally stores the data collected via Clarity for a period of one year.

You can withdraw your consent at any time with effect for the future by opening the cookie settings and deactivating the "Statistics" category. Further information can be found in Microsoft's privacy notices at privacy.microsoft.com/de-de/privacystatement.

08 Meta Pixel (Facebook Pixel)

Provided that you have actively consented via our consent banner, we use the so-called Meta Pixel of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (parent company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; hereinafter "Meta"). With the Meta Pixel, we can track the behavior of users after they have been redirected to our website by clicking on a Meta advertisement. This enables us to measure the success of our advertisements (conversion tracking) as well as to collect statistical and market research data. Based on the data collected, we can better target future advertising campaigns.

The categories of data processed include in particular: device and browser information, IP address, referrer URL, pages accessed as well as actions performed (for example, starting a practice session, starting a practice exam, booking the paid membership). We use advanced matching only after you have granted your consent.

In addition to collection in the browser, when you grant your consent we also transmit certain events, in particular the completion of a booking, server-side via Meta's Conversions API. In this process, personal identifiers such as your email address are cryptographically encrypted (using SHA-256 hashing) on our server before transmission. We also transmit your IP address, browser information as well as the cookie identifiers set by Meta. The server-side transmission serves the same purpose as the Meta Pixel, namely the more reliable measurement of the effectiveness of our advertisements, and is matched with the event triggered in the browser via a shared event identifier, so that a booking is only counted once.

With regard to the collection of data on our website and the transmission to Meta, we are joint controllers with Meta within the meaning of Art. 26 GDPR. For this purpose, we have concluded an agreement with Meta on the respective responsibilities, which is available at facebook.com/legal/controller_addendum. According to this, we are responsible for fulfilling the information obligations under Art. 13 and 14 GDPR; Meta is responsible for the further processing of the collected data and for handling data subject rights.

A transfer of data to the USA takes place. Meta is certified under the EU-U.S. Data Privacy Framework; in addition, EU Standard Contractual Clauses apply. The legal basis is Art. 6 (1) (a) GDPR as well as Section 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future by opening the cookie settings and deactivating the "Marketing" category. Further information can be found in Meta's Data Policy at facebook.com/policy.php.

09 Payment Processing via Stripe

For processing the paid membership, we use the payment service Stripe of Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (parent company: Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA; hereinafter "Stripe"). Stripe handles the technical processing of card payments, SEPA direct debits and other payment methods for us, depending on the options offered during the order process. If the membership is selected as a recurring subscription, Stripe also handles the recurring payments for the respective billing periods.

When a payment method is selected, the data required to process the payment is transmitted to Stripe. This includes in particular first and last name, email address, billing address, payment data (for example credit card number, IBAN, depending on the payment method selected) as well as the amount to be paid and the order reference. To carry out and document the payment, Stripe also processes the Stripe customer identifier, the payment status as well as the associated invoice or payment receipt.

In this respect, Stripe acts partly as an independent controller (in particular for fraud prevention, compliance with legal obligations and management of the payment methods) and partly as a processor within the meaning of Art. 28 GDPR. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract) as well as Art. 6 (1) (f) GDPR (legitimate interest in smooth, fast and secure payment processing as well as in fraud prevention).

A transfer of data to the USA takes place. Stripe is certified under the EU-U.S. Data Privacy Framework. In addition, EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR are concluded.

The Stripe master data associated with the payment is stored for the applicable statutory retention obligations (in particular Section 257 HGB, Section 147 AO) and generally amounts to up to ten years. Payment data not subject to retention obligations is blocked after completion of the payment; it is erased after the statutory retention periods have expired. Further information on data protection at Stripe can be found at stripe.com/de/privacy.

10 Practice Questions, Learning Progress and Study Plan

Categories of Data Collected

As part of using the app to prepare for the theoretical driver's license exam, we process the following categories of data:

  • Answers to the individual practice questions and selection decisions
  • Information about which questions were answered correctly or incorrectly, as well as the assignment to topic areas
  • Practice sessions and practice exams completed, including the timestamps
  • Optional information on your learning goals (for example, the targeted exam date) for creating a personalized study plan
  • Pseudonymous session or user identifier for assigning the learning progress to your account
  • Calculated learning level, weak point analysis per topic area as well as recommendations in the study plan

Optional information is voluntary and can be omitted. It is processed exclusively to create and adjust your personal study plan and does not constitute a special category of personal data within the meaning of Art. 9 GDPR.

Storage Location and Assignment

This data is stored in our database at Supabase (see Section 5) and is assigned to your device or your account via a pseudonymous session or user identifier. A link to your person only occurs if you voluntarily provide us with further personal data (in particular as part of registration or booking the paid membership).

Paid Membership

If you book the paid membership, we additionally collect your email address to provide access and to send the order confirmation, as well as the information required for payment processing (see Section 9). The legal basis for this is Art. 6 (1) (b) GDPR (performance of a contract). We process this data exclusively for the purpose of providing the agreed service, billing, and fulfilling legal obligations.

Storage Period

We erase anonymous or pseudonymous learning data without a booking of the paid membership at the latest 90 days after the last activity. In addition, we may retain aggregated and fully anonymized evaluation results for statistical purposes. Data from paid orders (name, email, order reference, payment data) is stored within the scope of the statutory retention periods under Section 257 HGB and Section 147 AO for up to ten years. The legal basis for storing anonymous learning data is Art. 6 (1) (f) GDPR; our legitimate interest lies in the ongoing improvement of our practice questions and quality control.

Automated Evaluation and No Decision under Art. 22 GDPR

The determination of your learning level, the weak point analysis and the recommendations in the study plan is carried out fully automatically according to a deterministic procedure defined by us, based on your answers to the practice questions and your previous learning progress. This evaluation serves exclusively to prepare you for the theoretical driver's license exam. It produces neither a legal effect concerning you nor does it significantly affect you in a similar way within the meaning of Art. 22 (1) GDPR. Therefore, no automated decision within the meaning of this provision takes place. Upon request via the contact details mentioned in Section 1, we will be happy to explain the evaluation mechanism and the classification of your personal learning level to you.

We expressly point out that the app we offer constitutes a learning and preparation aid and does not replace the official exam of the responsible licensing authority (DMV). Successfully passing the practice tests does not guarantee any particular result in the official exam.

11 Withdrawal and Cancellation of the Membership

If the membership was concluded as a recurring subscription, you can cancel it at any time effective at the end of the current billing period; once the cancellation takes effect, no further charges will be made. If you exercise your right of withdrawal within the withdrawal period, for example via the electronic withdrawal function at dmvpracticetest.app/widerruf-erklaeren, we process the information you enter (in particular first and last name, email address, order identifier, and, where applicable, the time of withdrawal and a reason optionally provided) exclusively for the purpose of identifying the order concerned, processing your withdrawal or cancellation declaration, and sending the confirmation in text form.

The legal basis is Art. 6 (1) (b) GDPR (performance of a contract or reversal) as well as Art. 6 (1) (c) GDPR (fulfillment of legal obligations in connection with the right of withdrawal and cancellation). The withdrawal or cancellation declaration and the confirmation are stored as part of the documentation obligations until the end of the statutory retention periods.

12 Contacting Us via Contact Form and Email

You can send us inquiries and requests of any kind via our contact form as well as by email to support@dmvpracticetest.app. In doing so, we process the information you transmit (in particular name, email address, subject, message text, as well as any further information you provide) exclusively to handle your request and in case follow-up questions arise. The legal basis is Art. 6 (1) (b) GDPR for contract-related inquiries, and otherwise Art. 6 (1) (f) GDPR. Our legitimate interest is to answer your inquiries appropriately and promptly.

Inquiries received via the contact form are technically delivered to us by email through the email and hosting provider Hostinger (Hostinger International Ltd., Švitrigailos g. 34, 03230 Vilnius, Lithuania) and stored in our mailbox there. Hostinger processes the data entered in the form exclusively for the purpose of sending and storing the email. A data processing agreement pursuant to Art. 28 GDPR exists with Hostinger. The processing takes place on servers within the European Union.

The data is erased as soon as it is no longer required to achieve the purpose of its collection and no statutory retention obligations prevent this. For inquiries that lead to a contractual relationship, the commercial and tax retention periods apply.

13 Data Transfers to Third Countries

Insofar as personal data is transferred to recipients outside the European Union or the European Economic Area (EEA) as part of the processing activities described above, this occurs exclusively in compliance with the requirements of Art. 44 et seq. GDPR. For transfers to the USA, where the respective recipient is certified, we rely on the adequacy decision of the EU Commission of July 10, 2023 within the framework of the EU-U.S. Data Privacy Framework. Where such a decision does not apply, the transfer is carried out on the basis of Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR as well as supplementary appropriate safeguards.

You have the option of requesting a copy of the respectively applicable Standard Contractual Clauses from us. In addition, we regularly review whether further protective measures are necessary or appropriate for the respective transfer.

14 Your Rights as a Data Subject

If we process personal data about you, you have in particular the following rights under the GDPR:

  • Right of access (Art. 15 GDPR): You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information from us about the details listed individually in Art. 15 GDPR.
  • Right to rectification (Art. 16 GDPR): You have the right to request that we rectify, without undue delay, inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.
  • Right to erasure (Art. 17 GDPR): You can request that we erase, without undue delay, personal data concerning you, insofar as one of the grounds listed in Art. 17 (1) GDPR applies and the erasure is not precluded by statutory retention obligations or other grounds under Art. 17 (3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data, provided that one of the conditions listed in Art. 18 (1) GDPR is met.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller, insofar as the conditions listed in Art. 20 (1) GDPR are met.
  • Right to objection (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
  • Right to lodge a complaint to a supervisory authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your place of residence, place of work or the place of the alleged infringement.

The supervisory authority with local jurisdiction for us is the State Commissioner for Data Protection of Lower Saxony (Landesbeauftragte für den Datenschutz Niedersachsen), Prinzenstraße 5, 30159 Hannover (lfd.niedersachsen.de).

15 Withdrawal of Consent Given

Insofar as you have consented to the processing of your data, you can withdraw this consent at any time with effect for the future (Art. 7 (3) GDPR). The lawfulness of the processing carried out up to the point of withdrawal remains unaffected by the withdrawal. Withdrawing consent is just as easy for you as giving it.

You can update or completely withdraw your cookie consent at any time via the Change cookie settings button. Consents that you have given us by other means can be withdrawn informally via our contact form or by email to the address mentioned in Section 1.

16 Data Security

We take appropriate technical and organizational measures pursuant to Art. 32 GDPR to protect the personal data transmitted to us against loss, manipulation and unauthorized access by third parties. Our security measures are continuously reviewed and adapted in line with technological developments. Transmission is generally encrypted via the HTTPS protocol using current encryption standards (TLS).

Notwithstanding these measures, the transmission of data over the internet (for example when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible. We therefore ask you not to transmit sensitive information by unencrypted email.

17 Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy so that it always complies with current legal requirements, or in order to implement changes to our services in the Privacy Policy, for example when introducing new services. The new Privacy Policy will then apply to your next visit. The respectively current version is available for retrieval on this page; the date of the last update is indicated at the beginning of the Privacy Policy.