Privacy Policy

Last updated: September 7, 2025

1. Introduction

StudentNotes.co.uk ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational platform.

We are the data controller for the personal information we collect about you. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Key Point: We prioritize your privacy and never sell your personal data. We only use your information to provide educational services and improve our platform.

2. Information We Collect

Personal Information You Provide

  • Account Information: Email address, name, profile picture
  • Authentication Data: Password, OAuth tokens from Google/Microsoft
  • Profile Data: Study preferences, gamification progress (points, streaks)
  • Communication: Messages you send us for support

Content You Upload

  • Documents: PDFs, Word files, text files you upload for processing
  • YouTube Links: Video URLs for transcript extraction
  • Generated Content: AI-created summaries, flashcards, and questions
  • Library Content: Notes you choose to publish publicly

Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Technical Data: IP address, browser type, device information
  • Performance Data: Error logs, loading times, system performance
  • Analytics: Google Analytics data (only with your consent)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

Contract:
To provide our educational services, process uploads, and manage your account
Consent:
For analytics, marketing cookies, and non-essential features
Legitimate Interest:
To improve our service, prevent fraud, and ensure platform security
Legal Obligation:
To comply with legal requirements and respond to lawful requests

4. How We Use Your Information

Core Service Functions

  • Process uploaded documents and YouTube videos with AI
  • Generate summaries, flashcards, and practice questions
  • Store and manage your study materials
  • Provide interactive study tools and quizzes
  • Enable public library features and content sharing
  • Track gamification progress (points, streaks)

Platform Improvement

  • Analyze usage patterns to improve features
  • Monitor system performance and reliability
  • Conduct A/B testing for user experience
  • Develop new educational tools and features

Communication & Support

  • Send service-related notifications
  • Provide customer support
  • Notify about important policy changes
  • Respond to inquiries and feedback

5. Third-Party Services

We work with trusted third-party services to provide our platform:

3rd Party AI Providers (AI Processing)

Purpose: Process your uploaded content to generate summaries, flashcards, and questions

Data Shared: Text extracted from your documents (not the original files)

Privacy: Our AI providers do not store or train on your data per their API terms

NextAuth.js (Authentication)

Purpose: Secure authentication with Google and Microsoft

Data Shared: Only necessary OAuth tokens and profile information

Google Analytics (Optional)

Purpose: Understand usage patterns and improve user experience

Consent Required: Only activated if you accept analytics cookies

Vercel (Hosting)

Purpose: Host our application and serve content

Data Access: Standard hosting logs and performance data

6. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our service. Here's what we use:

Essential Cookies (No Consent Required)

  • Authentication: Keep you logged in securely
  • Security: Prevent cross-site attacks and fraud
  • Functionality: Remember your preferences and settings

Analytics Cookies (Consent Required)

  • Google Analytics: Understand how you use our platform
  • Performance Monitoring: Track loading times and errors
  • Usage Statistics: Anonymous data about feature usage

Managing Cookie Preferences

You can manage cookie preferences through our cookie banner or browser settings. Disabling essential cookies may affect platform functionality.

7. Data Retention

Account Data

We retain your account information and uploaded content while your account is active and for 30 days after account deletion to allow for recovery.

Usage Data

Anonymous usage statistics may be retained for up to 2 years for platform improvement purposes.

Legal Requirements

We may retain certain data longer if required by law, for legal proceedings, or to protect our rights.

8. Your Privacy Rights (UK GDPR)

Under UK GDPR, you have the following rights:

Right of Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of your personal data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Receive your data in a structured format

Right to Object

Object to processing for marketing/legitimate interests

How to Exercise Your Rights: Contact us at privacy@studentnotes.co.uk or use the privacy controls in your account dashboard. We'll respond within 30 days.

9. Data Security

We implement comprehensive security measures to protect your data:

Technical Safeguards

  • HTTPS encryption for all data transmission
  • Secure database storage with encryption at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for all systems

Organizational Measures

  • Staff training on data protection principles
  • Incident response procedures for data breaches
  • Regular review and updating of security policies
  • Limited access to personal data on need-to-know basis

Data Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by law.

10. International Transfers

Some of our service providers (like our AI providers) may be located outside the UK. When we transfer your data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses approved by UK authorities
  • Adequacy decisions for countries with equivalent protection
  • Additional safeguards as required by UK GDPR

11. Children's Privacy

Our service is designed for students aged 13 and above. We take special care with younger users:

  • Users under 18 should have parental awareness of their use
  • We do not knowingly collect data from children under 13
  • Limited data collection and processing for underage users
  • Enhanced privacy protections for younger students

If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the "Last updated" date at the top of this policy
  • Displaying prominent notices on our platform
  • Sending email notifications for material changes
  • Requesting renewed consent where required

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

13. Contact Us & Complaints

Contact Information

Privacy Questions: privacy@studentnotes.co.uk

Data Protection Officer: dpo@studentnotes.co.uk

General Support: support@studentnotes.co.uk

Postal Address: StudentNotes.co.uk, United Kingdom

Complaints

If you're not satisfied with how we handle your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority:

ICO Website: ico.org.uk

ICO Helpline: 0303 123 1113