← Back to Sapienu

Privacy Policy

Effective date: 1 January 2025

This Privacy Policy explains how Sapienu ("we", "us", "our"), operated by Sapienu Ltd, collects, uses, discloses, and protects personal information when you use our website, applications, and services (the "Service").

Important: If you are under 18, please review this with a parent or guardian.

1. Who We Are

Controller: Sapienu Ltd (trading as Sapienu)

Registered address: Office address to be provided, United Kingdom

Email: privacy@Sapienu.com

Data Protection Officer: To be appointed

ICO Registration: Pending registration

2. Scope

This Policy applies to:

  • Students (typically ages 13-18) using our revision tools
  • Parents/guardians accessing progress dashboards
  • Website visitors and free planner users
  • Schools or educators using our Service (additional terms may apply)

3. Children and Parental Consent

Age Requirements

Under 13:

You must have verifiable parental consent before creating an account

Ages 13-15 (UK):

We recommend parental oversight; consent is required for marketing

Ages 16-17:

You can consent yourself for most purposes; parental oversight recommended

18+:

You can use the Service independently

How We Obtain Parental Consent

For users under 13:

  • Parent/guardian email verification required
  • Parent receives explanation of data use and rights
  • Parent can access, review, and delete child's data anytime

If You Are a Parent

  • You can request access to your child's data at any time
  • You can request deletion of your child's account
  • The Parent Dashboard shows study progress but not AI Tutor conversations (to respect student privacy while maintaining safety)

4. Information We Collect

A. Account & Profile

  • Name, email address, password (encrypted)
  • Date of birth or age range
  • Role (student, parent, teacher)
  • School name (optional)

B. Study & Planner Data

  • Subjects, exam board, tier (Foundation/Higher)
  • Target grades, exam dates, hours available
  • Generated study schedules and timetables
  • Readiness Scores, weak topics, task completions

C. Learning Activity

  • Topics viewed, notes read, videos watched
  • Quiz attempts, scores, and time spent
  • Past paper and predicted question attempts
  • Badge achievements and streaks

D. AI Tutor Interactions

  • Questions you ask the AI Tutor
  • AI-generated responses
  • Context from the topic you're studying
  • Moderation flags (if triggered)

Note: We do not routinely read your AI conversations. However, we may review them for:

  • Safety concerns (flagged harmful content)
  • Technical troubleshooting
  • Quality improvement (anonymized/aggregated)
  • Legal obligations

E. Purchase & Payment Data

  • Products purchased (Subject Packs, Season Pass)
  • Transaction amount, date, currency
  • Payment processing via Stripe (we don't store full card numbers)
  • Billing address for VAT compliance

F. Communications

  • Emails and messages you send us
  • Survey responses and feedback
  • Support tickets

G. Device & Usage Data

  • Device type, operating system, browser
  • IP address, approximate location (country/city)
  • Pages visited, features used, session duration
  • Referral source (how you found us)

H. Cookies & Similar Technologies

See our Cookie Policy for details.

I. Parent Dashboard Data

When a student links a parent account:

Parent CAN view:

  • Readiness Score
  • Weak topics
  • Schedule adherence
  • Overall progress

Parent CANNOT view:

  • Individual AI Tutor conversations
  • Quiz answers
  • Notes content

5. How We Use Your Information

We process personal data only when we have a lawful basis:

A. Provide the Service (Contract Performance / Legitimate Interest)

  • Create and manage your account
  • Generate personalized study schedules
  • Calculate Readiness Scores and identify weak topics
  • Deliver Subject Pack content
  • Enable AI Tutor functionality
  • Process purchases and manage subscriptions

B. Improve & Personalize (Legitimate Interest)

  • Analyze usage patterns (anonymized/aggregated)
  • Improve content recommendations
  • Develop new features
  • A/B test interface changes

C. Communications (Contract / Consent / Legitimate Interest)

  • Transactional emails (plan ready, purchase confirmations, password resets) — cannot opt out
  • Service updates (new features, maintenance) — legitimate interest
  • Marketing emails (tips, offers) — consent required for under-16s; you can unsubscribe anytime

D. Safety & Security (Legitimate Interest / Legal Obligation)

  • Moderate AI Tutor content for harmful material
  • Detect and prevent fraud, abuse, or Terms violations
  • Respond to legal requests (court orders, safeguarding concerns)

E. Legal Compliance (Legal Obligation)

  • Tax and accounting records
  • Respond to data subject requests
  • Comply with lawful requests from authorities

6. Lawful Bases (Summary Table)

PurposeUnder 13Ages 13-15 (UK)Ages 16+
Account creationParental consentParental consent / ContractContract
Study schedulingParental consentContractContract
AI TutorParental consentParental consent / ContractContract / Consent
Marketing emailsParental consentParental consentConsent
Analytics (anonymized)Legitimate interestLegitimate interestLegitimate interest

7. AI and Your Data

What We Send to AI Providers

  • Your question/prompt
  • Current subject and topic context
  • Relevant notes/formulas (excerpts only)
  • Previous messages in the conversation (for context)

What We Don't Send

  • Your name or email
  • Detailed account information
  • Unrelated study history

AI Training

We configure our AI provider (OpenAI) to not use your data to train or improve foundation models (where opt-out is available). If provider policies change, we will update this notice.

Human Review of AI Conversations

We do not routinely read your AI chats. We may review if:

  • Automatic moderation flags concerning content (self-harm, abuse)
  • You report a problem or request support
  • Required by law or safeguarding duty

8. Sharing Your Information

We do NOT sell your personal data.

We share data only as follows:

A. Service Providers (Processors)

Under contract, limited to what's necessary:

Provider TypeExamplesPurpose
Hosting/PlatformFirebase/Google Cloud PlatformApp infrastructure
PaymentsStripePayment processing
AIOpenAIAI Tutor responses
AnalyticsGoogle AnalyticsUsage insights
Email/SMSTo be determinedCommunications
Support ToolsTo be determinedCustomer support

B. Parent/Guardian Accounts

When a student links a parent:

  • Parent sees: overall progress, Readiness Scores, schedule summary, weak topics
  • Parent does NOT see: detailed quiz answers, AI conversations, personal notes

C. Schools/Institutions (if applicable)

If your school provides access:

  • The school may see class-level or individual progress per their agreement with us
  • The school is a joint controller for certain processing

D. Legal & Safety

  • Law enforcement or regulators (when required by law)
  • To protect rights, safety, or prevent fraud/abuse
  • In safeguarding situations (under-18 welfare concerns)

E. Business Transfers

If we merge, are acquired, or sell assets:

  • Your data may transfer to the new entity
  • This Policy (or equivalent protections) will continue to apply
  • We will notify you of significant changes

9. International Transfers

If we transfer data outside the UK/EEA, we use:

  • Adequacy decisions (where applicable)
  • Standard Contractual Clauses (SCCs) or International Data Transfer Addendum (IDTA)
  • Additional technical safeguards (encryption, access controls)

Specific transfers (OpenAI, Firebase/Google Cloud Platform) include appropriate safeguards. Contact us for details.

10. Data Retention

We keep personal data only as long as necessary:

Data TypeRetention Period
Account dataWhile active + 24 months after inactivity, then deleted
Study schedules & quiz results24 months after last activity
AI Tutor messages12 months (for context and quality)
Purchase records6-10 years (tax/accounting law)
Support tickets24 months
Marketing preferencesUntil you opt out or request deletion
Anonymized analyticsIndefinitely

You can request deletion anytime — see "Your Rights" below.

11. Your Rights

Under UK GDPR, you have the right to:

A. Access

Request a copy of your personal data

B. Rectification

Correct inaccurate or incomplete information

C. Erasure ("Right to be Forgotten")

Request deletion of your data

D. Restrict Processing

Pause certain uses of your data

E. Data Portability

Receive your data in a machine-readable format

F. Object

Object to processing based on legitimate interests or direct marketing

G. Withdraw Consent

Where processing relies on consent

H. Automated Decision-Making

Request manual review or adjustment

How to Exercise Rights

  • Email: privacy@Sapienu.com
  • Response time: Within 1 month (we may extend by 2 months for complex requests; we'll tell you)
  • We may need to verify your identity
  • For under-18s: Parents/guardians can exercise rights on the child's behalf

Right to Complain

If you're unhappy with how we handle your data:

  • UK: Contact the Information Commissioner's Office (ICO) at ico.org.uk
  • EEA: Contact your local Data Protection Authority

12. Security

We protect your data with:

  • Encryption in transit (TLS) and at rest (where feasible)
  • Password hashing (bcrypt or equivalent)
  • Role-based access controls
  • Regular security audits and updates
  • Vendor due diligence and contracts

No system is 100% secure. If you suspect unauthorized access, contact security@Sapienu.com immediately.

13. Moderation & Safety

To keep the Service safe:

  • Automated moderation flags harmful AI Tutor content
  • Human review for serious concerns (self-harm, abuse)
  • We may restrict accounts or contact parents/guardians/authorities for safety reasons
  • We surface support resources where appropriate

14. Third-Party Links

Our Service may link to:

  • Official exam board sites (for past papers, specs)
  • Educational resources
  • Social media

We are not responsible for their privacy practices. Review their policies.

15. School/Institutional Use

Where a school provides access:

  • The school may be a joint controller
  • We process data per a Data Processing Agreement (DPA) with the school
  • Some rights requests should be directed to the school
  • School staff may see class/student progress per the agreement

16. Marketing & Communications

Transactional Messages

Essential emails (plan ready, receipts, security alerts) — cannot opt out

Marketing Messages

  • Consent required for under-16s (parental consent if under 13)
  • You can unsubscribe anytime via the email link or account settings
  • We may still send service updates (non-marketing)

How We Use Marketing Data

  • Personalize email content based on subjects studied
  • Track email opens/clicks (anonymized)
  • Measure campaign effectiveness

17. Automated Decision-Making

We use automated processing for:

  • Study schedule generation (based on your inputs and assessment)
  • Adaptive quiz difficulty (based on performance)
  • Readiness Score calculation (algorithm-based)

You have the right to:

  • Request human review or override
  • Receive an explanation of how decisions are made
  • Contact support@Sapienu.com for adjustments

18. Changes to This Policy

  • We may update this Policy to reflect legal or service changes
  • We'll post the new "Effective date"
  • For material changes, we'll notify you via email or in-app notice (30 days' notice where feasible)
  • Continued use after updates constitutes acceptance

19. Contact & Questions

Privacy Requests or Questions

Email: privacy@Sapienu.com

Address: Office address to be provided, United Kingdom

DPO: To be appointed

Other Inquiries

General support: support@Sapienu.com

Security issues: security@Sapienu.com

Appendix: Processor List

ProcessorServiceData SharedLocation
Firebase/Google Cloud PlatformApp hostingAccount, study dataUS/EU (adequate safeguards)
StripePaymentsName, email, payment infoUS (adequate safeguards)
OpenAIAI TutorPrompts, contextUS (adequate safeguards)
Google AnalyticsAnalyticsUsage data (anonymized)US (adequate safeguards)
To be determinedEmail/SMSName, email, phoneTBD
To be determinedSupportName, email, messagesTBD

Full Data Processing Agreements available on request.

Last updated: 1 January 2025

Terms of ServiceNoticeCookie Policy