Privacy Policy

1. Who We Are

TopSet ("we", "our", "us") is a web-based educational platform providing KS3 revision tools for students in Years 7-9. This privacy policy explains how we collect, use and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account information: When you create an account, we collect your name, email address and password. For child profiles, we collect first name, year group, and optionally, school name.

Usage data: We collect information about how the service is used, including questions answered, scores, XP earned, and session timestamps. This data is used to provide progress tracking features.

Payment information: Payments are processed securely by Stripe. We do not store credit card details on our servers. Stripe's privacy policy applies to payment data.

Technical data: We may collect browser type, device type and anonymised analytics to improve the service.

3. How We Use Your Information

• To provide and personalise the TopSet revision experience
• To track learning progress and generate reports for parents
• To process subscription payments
• To send service-related communications (e.g. password resets)
• To improve and develop new features

We will never sell your personal data to third parties. We will never use children's data for advertising or marketing purposes.

4. Children's Privacy

TopSet is designed for use by children aged 11-14 under parental supervision. Child accounts are created by parents/guardians. We collect minimal information about children (first name, year group) and this data is only accessible to the parent/guardian who created the account.

We comply with the ICO's Children's Code (Age Appropriate Design Code). We do not use children's data for profiling, marketing, or any purpose beyond providing the educational service.

5. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS infrastructure in the EU). All data is encrypted in transit (TLS/SSL) and at rest. We implement appropriate technical and organisational measures to protect your information.

For users of the free version without an account, all data is stored locally on your device using browser localStorage and is not transmitted to our servers.

6. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact us at privacy@topsetapp.co.uk.

7. Cookies

TopSet uses essential cookies only — those required for authentication and remembering your session. We do not use advertising or tracking cookies. Analytics, if used, are privacy-respecting and anonymised.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (including child profiles and progress data) will be permanently deleted within 30 days.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the app. Continued use of TopSet after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this privacy policy or how we handle your data, contact us at privacy@topsetapp.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.