Privacy Policy

1. Information We Collect

We collect and process the following categories of personal information:

1.1 Information You Provide Directly

Registration Information:

• Email address
• Full name
• Password (stored in encrypted form)

Payment Information:

• Payment details are collected and processed by our payment provider, Stripe
• We do not store your complete credit/debit card details on our servers
• We receive confirmation of successful payments and billing information from Stripe

Communications:

• Any messages, feedback, or support queries you send to us
• Your communication preferences regarding marketing emails

1.2 Information We Collect Automatically

Usage Data:

• Questions you have answered and your responses
• Your progress through the question bank
• Performance statistics and results
• Login history (date, time, and IP address)

Technical Data:

• IP address
• Browser type and version
• Device type and operating system
• Referring website/source
• Pages viewed and features used

Analytics Data:

• We use Cloudflare Web Analytics on our marketing pages, which collects anonymous usage statistics without using cookies or tracking individual users
• This service is privacy-preserving and does not require your consent

1.3 Information We Do Not Collect

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 To Provide Our Service (Legal basis: Contract Performance)

• Create and manage your account
• Process your subscription payments
• Provide access to the question bank and educational content
• Track your progress and performance to personalise your learning experience
• Remember your preferences and settings

2.2 To Communicate With You (Legal basis: Contract Performance & Legitimate Interests)

Service Communications (you cannot opt out):

• Send welcome emails and account setup information
• Send subscription confirmation and payment receipts
• Send password reset requests and security notifications
• Send important service updates or changes to our Terms and Conditions
• Respond to your support queries and feedback

Marketing Communications (opt-in required):

• Send study tips, new question updates, and special offers (only if you have opted in)
• You can opt out of marketing emails at any time using the unsubscribe link in any marketing email

2.3 To Improve Our Service (Legal basis: Legitimate Interests)

• Analyse usage patterns to understand which questions are most useful or difficult
• Identify technical issues and improve website performance
• Develop new features and content based on user needs
• Conduct internal research and statistical analysis

2.4 To Ensure Security and Prevent Fraud (Legal basis: Legitimate Interests)

• Detect and prevent fraudulent activity or unauthorised access
• Monitor for suspicious account behaviour or password sharing
• Comply with legal obligations and respond to lawful requests from authorities
• Enforce our Terms and Conditions

2.5 To Comply With Legal Obligations (Legal basis: Legal Obligation)

• Maintain financial records as required by HMRC and UK tax law
• Respond to valid legal requests from law enforcement or regulatory bodies
• Comply with data protection laws and regulations

3. How We Share Your Information

We do not sell your personal information to third parties. We only share your information in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

Payment Processing:

• Stripe processes all payments on our behalf
• Stripe's privacy policy: https://stripe.com/privacy
• Stripe handles all card details securely and we never see your complete card information

Hosting Services:

• Railway hosts our application on servers located in the European Union
• Railway's privacy policy: https://railway.app/legal/privacy

Analytics:

• Cloudflare Web Analytics collects anonymous, aggregated traffic data on our marketing pages
• No personal data or cookies are used by this service
• Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (court orders, subpoenas, warrants)
• Requests from law enforcement or regulatory authorities
• Protection of our rights, property, or safety, or that of our users

3.3 Business Transfers

If UroPrep Limited is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the new owner. We will notify you via email and/or a prominent notice on our website before your information is transferred.

4. International Data Transfers

Your personal data is primarily stored and processed within the European Union (via Railway's EU servers). However, some of our service providers may process data outside the UK/EU:

• Stripe may process payment data in multiple jurisdictions
• Email service providers may have servers in various locations

When we transfer data outside the UK/EU, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
• Adequacy decisions recognizing equivalent data protection standards
• Other legally approved transfer mechanisms

5. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it:

Security Measures:

• All data transmitted between your device and our servers is encrypted using SSL/TLS
• Passwords are stored using industry-standard encryption (hashing and salting)
• Our servers are hosted in secure, access-controlled data centers
• We implement access controls to limit who can access your data internally
• Regular security updates and monitoring