Privacy Policy | GCSEMate

Section 1

Data controller

GCSEMate is the controller of the personal data described in this policy. For privacy questions, rights requests, or concerns about how your information is handled, contact admin@gcsemate.com.

Main contactadmin@gcsemate.com

Primary purposeDelivering GCSEMate's revision platform and account services.

Policy scopeAccount, subscription, usage, and service-operation data.

Section 2

What information we collect

Account information: display name, email address, role, settings, allowed subjects, subscription tier, and related account metadata.
Usage data: app actions such as starred resources, calendar events, settings changes, and timestamps used to operate features.
Technical data: IP address, browser type, device information, and service diagnostics that your browser or platform provides automatically.
Cookies and local storage: essential session handling, preferences, and limited client-side caching needed to make the app work properly.

Section 3

How we use your information

We use personal data to provide and improve the service, authenticate users, save preferences, keep accounts secure, support subscriptions, and communicate important notices.

Operate account features and personalize the app experience.
Maintain security, detect abuse, and troubleshoot technical issues.
Support billing-related account state where subscriptions are involved.
Comply with legal obligations and respond to legitimate requests.

Section 4

Legal bases

Where UK GDPR or EU GDPR applies, our processing is based on one or more of the following: performance of a contract, legitimate interests such as service security and improvement, compliance with legal obligations, and consent where consent is required.

Section 5

Sharing and processors

We use trusted service providers to operate GCSEMate. These providers process data on our behalf under their own terms and security controls.

Firebase: authentication, database, and related application infrastructure.
Stripe: secure payment processing, billing portal access, and subscription-related events.
Google services: integrations or embedded content such as Drive and YouTube where used in the platform.

Section 6

Retention

We keep personal data only for as long as necessary to provide the service, maintain legitimate business records, support account continuity, and comply with legal obligations. You may request deletion through account controls or by contacting us.

Section 7

Security and international transfers

We take reasonable technical and organizational measures to protect your information. No system can guarantee absolute security, but protecting account and service data is treated seriously.

Your information may be processed outside your country when required by the service providers we use. Where applicable, we rely on appropriate safeguards for those transfers.

Section 8

Your rights

Request access to the personal data we hold about you.
Request correction of inaccurate or incomplete information.
Request deletion, portability, restriction, or objection where applicable.
Withdraw consent where processing depends on consent.
Lodge a complaint with the UK ICO or your local supervisory authority.

Section 9

Children and cookies

GCSEMate is built for students. If local law requires parental or guardian consent for younger users, that consent must be obtained before using the service.

We use cookies and similar storage mechanisms that are necessary for session handling, preferences, and service reliability. Blocking them may affect functionality.

Section 10

Contact

If you have privacy questions, want to exercise your data rights, or need clarification on any part of this policy, contact admin@gcsemate.com.