Privacy Policy

1. Introduction and Data Controller

Reviseasy ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our revision tracking platform (the "Service").

Data Controller:
Reviseasy Ltd
United Kingdom
Email: support@reviseasy.com

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

Information provided when you create an account:

• Email address
• First and last name
• Authentication data (managed by Clerk)
• Timezone preference

2.2 Revision Data

Data you create while using the Service:

• Revision trackers and schedules
• Topic completion status and ratings
• Past paper records and scores
• Notes and feedback on topics
• Resource links you save
• Streak and progress data

2.3 Usage Data

Information collected automatically:

• Login times and session duration
• Features accessed and actions taken
• Device type and browser information
• IP address (for security purposes)

2.4 Payment Data

Payment processing is handled entirely by Stripe. We do not store your card details. We only receive and store:

• Subscription status (active, cancelled, etc.)
• Subscription plan type
• Billing period dates
• Stripe customer ID (for subscription management)

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Service: To create and manage your account, generate revision schedules, track your progress, and deliver the core functionality of Reviseasy
• Transactional Communications: To send essential emails including subscription confirmations, payment receipts, and account notifications
• Service Emails: To send daily revision reminders, streak notifications, and grace period warnings (you can opt out of these in settings)
• Product Improvement: To analyse usage patterns and improve the Service (using aggregated, anonymised data where possible)
• Customer Support: To respond to your enquiries and provide technical assistance
• Legal Compliance: To comply with applicable laws and legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you have subscribed to, including account management, revision tracking, and subscription billing
• Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms
• Consent (Article 6(1)(a)): Where you have given explicit consent, such as for optional marketing communications. You can withdraw consent at any time
• Legal Obligation (Article 6(1)(c)): Processing required to comply with legal requirements, such as tax and accounting obligations

5. Third-Party Services

We use trusted third-party services to operate Reviseasy. These providers process your data on our behalf under data processing agreements that ensure appropriate safeguards:

• Clerk - Authentication and user management
  Processes: Email, name, authentication tokens
  Clerk Privacy Policy
• Stripe - Payment processing
  Processes: Payment card details, billing information
  Stripe Privacy Policy
• Resend - Email delivery
  Processes: Email address, email content
  Resend Privacy Policy
• Neon - Database hosting
  Stores: All revision data and account information
  Neon Privacy Policy
• Vercel - Application hosting
  Processes: Access logs, performance data
  Vercel Privacy Policy

6. Data Retention

We retain your data according to the following schedule:

• Active Users: Your data is retained for as long as your subscription is active
• Cancelled Subscriptions: After cancellation, your data is retained in read-only mode for 90 days to allow you to resubscribe and recover your data
• After Grace Period: Your data is permanently and irreversibly deleted after the 90-day grace period
• Account Deletion: If you request account deletion, your data will be deleted within 30 days

You may request earlier deletion of your data at any time by contacting us at support@reviseasy.com.

7. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Request your data in a machine-readable format to transfer to another service
• Right to Restrict Processing: Request limitation of how we process your data in certain circumstances
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at support@reviseasy.com. We will respond to your request within one month.

Right to Complain: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

8. Cookies

We use only essential cookies necessary for the Service to function:

• Authentication Cookies: Managed by Clerk to keep you logged in securely
• Session Cookies: To maintain your session state while using the Service

We do not use:

• Advertising or tracking cookies
• Third-party analytics cookies
• Social media cookies

Essential cookies cannot be disabled as they are necessary for the Service to work properly.

9. Children's Privacy

Age Requirement: Reviseasy is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13.

If you are between 13 and 18 years old, you should review this Privacy Policy with your parent or guardian and obtain their consent before using the Service.

If we discover that we have collected data from a child under 13 without parental consent, we will delete that data immediately. If you believe we have collected such data, please contact us at support@reviseasy.com.

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit using TLS/HTTPS
• Encryption of data at rest in our database
• Secure authentication through Clerk
• Regular security updates and monitoring
• Access controls limiting who can access your data
• Secure payment processing through PCI-compliant Stripe

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security of your data.

11. International Data Transfers

Some of our third-party service providers may process your data outside the UK. Where this occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions where the destination country has been deemed to provide adequate data protection
• Data processing agreements with appropriate security measures

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by:

• Email to the address associated with your account
• A prominent notice on our website
• Updating the "Last updated" date at the top of this policy

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@reviseasy.com

Data Protection Enquiries: privacy@reviseasy.com

Reviseasy Ltd
United Kingdom