Privacy Policy

1. Introduction

This privacy policy explains how revisecs ("we", "us", or "our") collects, uses, and protects your personal information when you use our educational platform. This policy complies with the Data Protection Act 2018 (DPA 2018) and UK GDPR.

Data Controller: Mr James Dylan Chadwick

Contact: For any questions about this policy or your data, please contact the administrator through your school or educational institution.

2. What Information We Collect

We collect and process the following personal data:

• Registration Information: Username, email address, and password (securely hashed)
• Educational Information: Course selection (GCSE or A-Level), class code (if assigned by your teacher)
• Learning Activity Data:
  • Topics and flashcards you have studied
  • Quiz attempts, scores, and completion times
  • Self-assessment ratings (Red/Amber/Green)
  • Exam question answers and self-marked scores
• Technical Information: Session data and login timestamps for security purposes

3. Why We Collect Your Information (Legal Basis)

We process your personal data for the following purposes:

• Educational Purposes: To provide you with flashcards, quizzes, and learning materials tailored to your chosen course
• Progress Tracking: To save your learning progress and show you areas for improvement
• Teacher Oversight: To allow your teacher (admin users) to monitor class performance and provide targeted support
• Account Management: To maintain your account security and enable login functionality

Legal Basis: We process your data based on:

• Consent: You provide consent when you register for an account
• Legitimate Interests: Providing educational services and improving learning outcomes

4. International Data Transfers

Important Notice: Your data is stored on servers located in the United States (Kansas, US)

While the majority of our users are based in the United Kingdom, the data is transferred to and stored in the United States. We ensure that appropriate safeguards are in place:

• Data is encrypted in transit using HTTPS/TLS protocols
• Database access is restricted and password-protected
• Our hosting provider (Replit) implements industry-standard security measures

By using this service, you consent to the transfer of your data to the United States for the purposes outlined in this policy.

5. How We Protect Your Information

We implement robust security measures to protect your data:

• Password Security: Passwords are hashed using Werkzeug's secure hashing algorithms and are never stored in plain text
• SQL Injection Protection: All database queries use SQLAlchemy ORM with parameterized queries
• CSRF Protection: All forms are protected against Cross-Site Request Forgery attacks
• Secure Sessions: Session cookies are HTTP-only, secure, and configured with SameSite protection
• Access Controls: Role-based access ensures students can only view their own data and course materials
• Security Headers: We implement X-Frame-Options, X-Content-Type-Options, and Strict-Transport-Security headers

6. Who Can Access Your Information

• You: Full access to your own learning data and progress
• Your Teacher (Admin Users): Can view progress reports for students in their assigned classes
• Platform Administrator: Jamie Chadwick has technical access for maintenance and support purposes
• No Third Parties: We do not share, sell, or rent your personal data to any third parties

7. How Long We Keep Your Information

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: Data is retained while your account remains active
• Account Deletion: When you delete your account, all associated personal data (progress, quiz results, exam answers, self-assessments) is permanently deleted
• Inactive Accounts: Accounts inactive for more than 2 years may be deleted after notification

8. Your Rights Under DPA 2018

Under the Data Protection Act 2018 and UK GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your account and all associated data (admins can delete student accounts via User Management)
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time by deleting your account

To exercise any of these rights, please contact your teacher or the platform administrator.

9. Children's Privacy

This service is primarily intended for students aged 14-18 studying GCSE and A-Level Computer Science.

• Under 13: We do not knowingly collect data from children under 13 without parental consent. If you believe we have collected data from a child under 13, please contact us immediately
• Ages 13-18: Students in this age range may use the service with awareness that their teacher (admin) can view their progress
• Parental Rights: Parents/guardians can request access to or deletion of their child's data by contacting the school or administrator

10. Cookies and Tracking

We use essential session cookies to:

• Keep you logged in to your account
• Remember your course selection
• Protect against CSRF attacks

No Analytics or Advertising: We do not use cookies for tracking, analytics, or advertising purposes. We do not use third-party tracking tools.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page will be revised accordingly. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Complaints and Contact

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

For questions about this privacy policy or to exercise your data rights, please contact the platform administrator through your school or educational institution.