Privacy Policy
Privacy Policy
Last updated: [TODO — set on publication]
We know why you are here. You are preparing for the Life in the UK Test, and that means you are going through the UK immigration process. That context is sensitive. So our rule is simple: we collect the minimum, we never sell your data, and your data stays here.
This policy explains what we collect, why, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).
1. Who is responsible for your data (the "controller")
[TODO: company legal name] [TODO: company number] [TODO: registered address] Email: [email protected] ICO registration number: [TODO — register with the ICO before launch]
2. What we collect and why
We only collect what the product needs. We never ask for your nationality, immigration status, visa type, or application details. We do not want them.
| Data | Why we collect it | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Email address | Your account login; receipts; service emails (e.g. plan reminders, rule-change alerts you asked for) | Contract (account and purchase); consent (optional alerts) |
| Optional test date | To build your study plan and countdown | Contract (it powers a core feature you asked for) |
| Chosen explanation language | To show explanations in your language | Contract |
| Study activity (answers, scores, mock results, review history) | To run your study plan, spaced repetition, and readiness gauge; to check pass-guarantee eligibility | Contract |
| Purchase records (amount, date, payment status — not your card number) | To grant access, handle refunds, and meet tax and accounting law | Contract; legal obligation |
| Self-declared real test result (only if you claim the guarantee) | To process your refund claim | Contract |
| Basic technical data (IP address at request time, browser type) | Security, fraud and abuse prevention, keeping the service running | Legitimate interests (protecting the service and users) |
| Anonymous product analytics (page views, feature usage) | To improve the product. Collected without cookies and without building a profile of you | Legitimate interests (improving the service) |
| Error reports | To fix bugs | Legitimate interests |
We never see or store your full card or PayPal details. Stripe and PayPal handle payment directly.
A note for the lawyer: we deliberately avoid collecting any Article 9 special category data. Test-prep usage could indirectly suggest immigration context; we treat the whole dataset as sensitive in practice (minimisation, no sale, no ads, EU/UK hosting) even where the law does not strictly require it.
3. Who processes data for us
We use a small number of service providers ("processors"). Each one only gets the data it needs.
| Processor | What it does | What it sees | Where |
|---|---|---|---|
| Railway (EU region) [TODO: confirm chosen region] | Hosts our application and database | All service data | EU |
| Clerk | Sign-in and account security | Email, sign-in metadata | [TODO: confirm region/transfer mechanism — likely US with UK IDTA/SCCs] |
| Stripe | Card, Apple Pay, Google Pay payments; VAT calculation | Payment details, email | Global; UK/EU safeguards (Stripe's DPA) |
| PayPal | PayPal payments | Payment details, email | Global; PayPal's own controller/processor terms [TODO: lawyer to confirm PayPal acts as independent controller for its side] |
| PostHog (EU Cloud) | Product analytics — cookieless, memory-only persistence | Anonymous usage events | EU |
| Resend | Sends transactional email (receipts, reminders) | Email address, email content | [TODO: confirm region/transfer mechanism] |
| Sentry | Error monitoring | Technical error data; incidental request data | [TODO: confirm EU data residency option] |
We do not use advertising networks, data brokers, or social media pixels. There is no Facebook pixel, no Google Ads tag, nothing of that kind.
4. International transfers
Our application and database are hosted in the EU. Some processors (see table above) may process data outside the UK/EU. Where that happens, we rely on UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses. [TODO: lawyer to verify per processor.]
5. How long we keep data
| Data | Retention |
|---|---|
| Account and study data | While your account is active, then deleted [TODO: propose 24 months after last activity] |
| Purchase and refund records | 6 years (UK tax and accounting law) |
| Email marketing consents and opt-outs | Until you withdraw, plus a suppression record so we do not email you again |
| Anonymous analytics | [TODO: confirm PostHog retention setting, propose 12 months] |
| Error logs | 90 days |
You can delete your account at any time (see section 7). Deletion removes your personal data except records we must keep by law (e.g. purchase records for tax).
6. Cookies
We use essential cookies only (sign-in session, payment security). Our analytics is cookieless — PostHog runs in memory-only mode and stores nothing on your device.
Because we set no advertising or tracking cookies, we do not show a cookie consent banner.
PECR reasoning for the lawyer: essential cookies (Clerk session, Stripe fraud/payment) fall within the "strictly necessary" exemption in PECR reg. 6(4). PostHog is configured with persistence: "memory" — no cookie, no localStorage identifier — so no information is stored on, or read from, the user's device beyond what is strictly necessary to deliver the page; on our reading, PECR consent is not triggered for the analytics either. Please confirm this position and the wording of [cookies.md](./cookies.md).
7. Your rights
Under UK GDPR you can:
- Access your data (get a copy);
- Correct it;
- Delete it ("right to erasure");
- Export it (data portability);
- Object to or restrict certain processing;
- Withdraw consent at any time (e.g. unsubscribe from alerts — every email has an unsubscribe link).
How to use these rights (DSAR procedure):
- In the app: Settings → Privacy has one-click Export my data and Delete my account. No email needed.
- By email: write to [email protected] from your account email. We respond within one month, as the law requires. We may ask you to confirm you control the account email — nothing more.
There is no charge. We will not make it difficult.
8. Our commitments to you
- We never sell your data. Not to anyone, not ever.
- We never share your data with advertisers or ad networks.
- We never share your data with government bodies unless we are legally compelled to, and then only the minimum required.
- We collect the minimum. If a feature does not need a piece of data, we do not ask for it.
- Your data stays here. It is used to help you pass your test. That is all.
9. Children
The service is for people aged 16 and over. We do not knowingly collect data from children.
10. Complaints
If you are unhappy with how we handle your data, please contact us first: [email protected]. See our [Complaints Procedure](./complaints.md).
You also have the right to complain to the UK regulator at any time:
Information Commissioner's Office (ICO) ico.org.uk/make-a-complaint — Helpline: 0303 123 1113
11. Changes to this policy
If we change this policy in a way that matters, we will email you and post a notice in the app before the change takes effect.