Preview MVP. TDLR licensing in progress. Always confirm course acceptance with your court before enrolling. Read full disclaimer.

DefensiveDrivingPlus
Back home
Legal

Privacy Policy

Last updated: June 20, 2026

DefensiveDrivingPlus.com (“we”, “us”) operates an online Texas driving safety course and related services. This policy explains what personal information we collect, how we use and protect it, and the rights you have under Texas and federal law.

1. Information we collect

Information you provide directly:

  • Account information: name, email address, hashed password, state of residence.
  • Course enrollment information: any court name and citation date you choose to add for our eligibility tool, your driver license state, and your court appearance date if provided.
  • Identity-verification challenge questions and answers established at enrollment, used to confirm you are the same person taking the course at later sessions. We do not require government ID upload to take the course.
  • Payment information processed by Stripe, our payment processor. We never see or store your card number; we receive only a non-reversible Stripe customer ID and charge ID used for receipt, refund, and dispute purposes.
  • Communications you send to support.

Information collected automatically:

  • Authentication events: timestamped login, logout, and identity-challenge events with IP address and user-agent string.
  • Course-progress events: section views, time-gate completions, formative quiz attempts, summative final-exam attempts, idle pauses and resumes — recorded as an append-only audit log.
  • Page views inside the authenticated experience (path only, no query string).

For DPS driving-record concierge orders, we additionally collect (only with your express consent at order time) the applicant data required by Texas DPS to fulfill the request: name, date of birth, driver license number, last 4 of Social Security number, address, and phone. These fields are stored encrypted at rest in a separate database collection, are accessed only to fulfill the order, and are scheduled for purge after the request is delivered and the refund window has passed. They are not used for any other purpose.

2. How we use your information

  • To deliver the course you purchased and verify your completion.
  • To issue your TDLR-compliant certificate and report completion to your court if you enrolled in court-filing assistance.
  • To order your DPS Type 3A driving record on your behalf if you enrolled in our records concierge service, and to deliver the official PDF when DPS releases it.
  • To communicate with you about your enrollment, course updates, and support requests.
  • To investigate fraud, abuse, and chargebacks.
  • To meet our regulatory obligations under Texas Education Code Ch. 1001 and 16 TAC Ch. 84, including the 10-year retention of certificate records.

We do not sell, lease, or trade your personal information for any third party's marketing purposes. We do not send marketing email outside of your active enrollment. We never share your data with data brokers.

3. Who we share information with

  • TDLR and Texas DPS when required by Texas Education Code Ch. 1001 and 16 TAC Ch. 84 (course completion records and certificate-issuance reporting).
  • Your court if you purchased the optional court-filing assistance add-on, limited to your name, certificate number, and citation reference necessary to file your dismissal.
  • Service providers acting on our behalf under contractual confidentiality: Stripe (payments), Resend (transactional email), Cloudflare (hosting and storage), MongoDB Atlas (database), Railway (application hosting), Vercel (front-end hosting).
  • Law enforcement or regulators if compelled by valid legal process, with notice to you when permitted by law.

4. Where your information is stored

All servers and storage used to deliver the course are located in the United States. Our database, application hosting, and object storage providers are AWS-aligned data centers and Cloudflare facilities in the U.S.

5. How we protect your information

  • All data in transit is encrypted with TLS 1.2 or higher.
  • Passwords are hashed with bcrypt at a 12-round cost factor.
  • Sensitive identifiers (such as DPS-record applicant fields) are stored encrypted at rest using AES-256-GCM with versioned keys.
  • Access to production systems is restricted to the principal operator; access events are logged.
  • Stripe holds card data; we never see or store full card numbers.

A more detailed account of our security practices is available on request.

6. How long we keep your information

  • Course-completion records (audit log, progress, exam attempts): 10 years from completion (per TDLR rule).
  • Certificate-issuance records: 10 years from issuance.
  • Course-account profile (name, email, login events): while the account is active; deletable on request after final certificate issuance.
  • DPS-record applicant fields: scheduled for purge approximately 30 days after delivery and the refund window has passed.
  • Stripe charge records: per Stripe's retention and tax-record retention requirements.
  • Server access logs: 90 days, then aggregated or deleted.

7. Your rights

You can:

  • Access the personal information we hold about you by emailing privacy@defensivedrivingplus.com.
  • Correct inaccuracies in your account by signing in or contacting us.
  • Request deletion of your account and associated personal information after final certificate issuance, subject to the statutory 10-year retention of completion records (which we may retain as the minimum required to satisfy TDLR rules, in a form that does not include unnecessary personal contact information).
  • Opt out of any non-transactional email at any time.
  • Object to or restrict processing as provided by applicable law.

If you are a Texas resident, you have additional rights under the Texas Data Privacy and Security Act (“TDPSA”) effective July 1, 2024. To exercise those rights, contact privacy@defensivedrivingplus.com.

8. Children's data

The course is intended for drivers age 14 or older. We do not knowingly collect information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will promptly delete it.

9. Cookies and tracking

We use a single HTTP-only session cookie (ddp_session) to keep you signed in and to remember your course progress. We do not use advertising cookies or third-party tracking scripts on the authenticated portion of the site. Our public marketing pages may use a privacy-respecting analytics tool that does not set persistent identifiers.

10. Changes to this policy

We may update this policy as our operations, the law, or our regulators require. Material changes will be highlighted on the course dashboard at least 30 days before they take effect. The date at the top of this page always reflects the current version.

11. Contact

DefensiveDrivingPlus
privacy@defensivedrivingplus.com

For questions or complaints regarding our license or course, you may also contact:

Texas Department of Licensing and Regulation
P.O. Box 12157, Austin, TX 78711
(800) 803-9202
tdlr.texas.gov

Questions?

Email us at support@defensivedrivingplus.com