Privacy Policy

1. Data Controller Information

Semblancy Ltd is the data controller responsible for your personal data. We are a UK-based educational technology company committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect only the minimum personal data necessary to provide our educational services effectively. The types of information we collect include:

• Account Information: Name, email address, encrypted password
• Educational Profile: Year of study, subjects, educational institution (optional)
• Learning Data: Study progress, flashcard performance, practice test results
• Technical Data: IP address, browser type, device information, cookies
• Usage Data: How you interact with our platform, features used, time spent
• Communication Data: Support queries, feedback, survey responses

3. Legal Basis for Processing

We process your personal data only when we have a legal basis to do so under UK GDPR:

• Contract: Processing necessary to provide our services under our Terms of Service
• Legitimate Interests: Improving our services, preventing fraud, ensuring security
• Consent: Where you have given explicit consent for specific processing
• Legal Obligation: When required by law or court order
• Vital Interests: In rare cases where processing is necessary to protect someone's life

4. How We Use Your Information

We use your personal data solely for the following purposes:

• Providing Educational Services: Delivering personalised learning experiences and study tools
• Account Management: Creating and managing your account, authentication
• Service Improvement: Analysing usage patterns to enhance platform features
• Communication: Sending service updates, responding to enquiries, technical support
• Legal Compliance: Meeting our legal and regulatory obligations
• Security: Protecting against unauthorised access, fraud, and abuse

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share information only in these limited circumstances:

• Service Providers: Carefully vetted third parties who help operate our service (hosting, analytics)
• Legal Requirements: When required by law, court order, or governmental request
• Vital Interests: To protect the vital interests of you or another person
• Business Transfer: In the event of merger, acquisition, or sale of assets
• With Consent: When you explicitly authorise us to share information

6. Data Security Measures

We implement robust technical and organisational measures to protect your personal data:

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ('right to be forgotten')
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Active Accounts: Data retained while account is active and you use our services
• Inactive Accounts: Accounts inactive for 2 years may be deleted after notification
• After Deletion: Some data may be retained for legal compliance (maximum 7 years)
• Learning Analytics: Anonymised aggregate data may be retained for research purposes
• Marketing: Unsubscribe requests processed immediately, suppression list maintained

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for platform functionality and security
• Performance Cookies: Help us understand how users interact with our service
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Used to improve our service (can be disabled)
• Cookie Control: You can manage cookies through your browser settings

10. Children's Privacy

We take special care with children's data in compliance with UK data protection laws. Users under 13 require parental consent. For users aged 13-18, we implement additional safeguards including limited data collection, enhanced privacy settings, and no targeted advertising. Parents can request access to their child's data and request deletion.

11. International Data Transfers

As a UK-based service, we primarily process data within the UK. Any international transfers are conducted with appropriate safeguards:

• Adequacy Decisions: Transfers to countries deemed adequate by the UK government
• Standard Contractual Clauses: UK-approved contractual protections for data transfers
• Your Rights: You can request information about transfer safeguards at any time

12. Automated Decision-Making

We use automated processing to personalise your learning experience (e.g., recommending study materials based on performance). This processing does not produce legal effects or similarly significantly affect you. You have the right to request human review of any automated decisions.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via email or prominent notice on our platform at least 30 days before taking effect. Your continued use after changes constitutes acceptance.

14. Contact Us

For any privacy concerns, questions, or to exercise your rights, please contact us: