Privacy Policy

Last updated: 30 March 2026

Scholar privacy promise: we collect only what we need to run your revision loop, we explain why, and we give you control — including deleting your account and asking us to erase data.

1. Who we are

StudyVector ("we", "us") is the data controller for personal data processed through the Service. The operator is StudyVector Ltd (UK). For privacy requests, contact privacy@studyvector.co.uk. Our Data Protection Officer (DPO) function is currently handled by the same team — email privacy@studyvector.co.ukand mark the subject "DPO".

2. What we collect

Account data: email, name, password hash (handled by our auth provider), account type (e.g. student or parent), and preferences you set.
Study and progress data: subjects, topics, answers, mistakes, mastery signals, Battle Mode activity, and similar usage needed for the Mastery Map and recommendations.
Targets and goals: where you add them (for example UCAS targets or university choices), used to personalise your experience and Evidence Engine prompts.
Research Nexus — PDFs and documents: files you upload are processed so we can build your knowledge graph and support revision. Processing may use server-side and API-based steps (including AI providers where enabled). We use uploads only to provide the Service to you — not to train public models for other users or for advertising. Retention follows your account lifecycle and the settings we describe below.
Evidence Engine: drafts, lines, and summaries you generate or store for UCAS-style work stay associated with your account for as long as you keep them.
Technical and security data: IP address, device/browser metadata, logs, and cookies as described in our cookie notice and consent banner where applicable.
Payment data: processed by Stripe; we do not store full card numbers on our servers.

3. Why we use your data (UK GDPR)

Contract: to provide StudyVector, including personalisation, Nexus processing, and Evidence Engine features you ask for.
Legitimate interests: security, fraud prevention, product improvement, and analytics in a way that respects your rights.
Consent: where required (for example non-essential cookies or marketing emails) — you can withdraw consent at any time.
Legal obligation: where we must retain or disclose information by law.

4. Research Nexus and PDFs

When you upload PDFs or other documents to the Research Nexus, we process them so we can extract structure and text relevant to your knowledge graph and revision support. Processing may involve third-party infrastructure and AI services under contract. We do not use your uploads to advertise to you or to sell your data.

We use trusted processors (hosting, authentication, email, analytics where consented, AI providers, payment). We do not sell your personal data. International transfers outside the UK/EEA use appropriate safeguards (e.g. UK IDTA or standard contractual clauses) where applicable.

6. Retention

We keep data while your account is active and for a short period afterwards where needed for security or legal claims, unless you ask us to erase it sooner. Nexus-derived content is tied to your account; delete your account to remove associated personal data subject to legal exceptions.

7. Your rights (including erasure)

You have rights under UK GDPR, including to access, rectify, erase, restrict, port, and object in certain cases.

Right to erasure ("right to be forgotten"): you may request deletion of your personal data. The fastest way to delete your StudyVector account and associated personal data is to use Account → Delete account (sometimes labelled as wiping your data) in your settings. That triggers our secure deletion flow. You can also email privacy@studyvector.co.uk if you need help or cannot access the app.

We typically respond within 30 days. Some information may be retained where the law requires (for example limited billing records).

8. Children and teens

The Service is intended for users aged 13+ who create their own accounts. We explain our practices in plain language. If you are a parent and believe we have data from a child under 13 without proper consent, contact us.

9. Security

We use industry-standard measures (encryption in transit, access controls, and monitoring). No online service is perfectly secure; please use a strong, unique password.

10. Cookies

We use essential cookies for login and session. Optional analytics or marketing cookies are used only with consent where required. See our cookie banner and Cookie Policy for more detail.

11. Complaints

12. Changes

We may update this policy; the date at the top will change. Material changes may be notified by email or in-app.

Last updated: 30 March 2026

Scholar privacy promise: we collect only what we need to run your revision loop, we explain why, and we give you control — including deleting your account and asking us to erase data.

1. Who we are

2. What we collect

Account data: email, name, password hash (handled by our auth provider), account type (e.g. student or parent), and preferences you set.
Study and progress data: subjects, topics, answers, mistakes, mastery signals, Battle Mode activity, and similar usage needed for the Mastery Map and recommendations.
Targets and goals: where you add them (for example UCAS targets or university choices), used to personalise your experience and Evidence Engine prompts.
Research Nexus — PDFs and documents: files you upload are processed so we can build your knowledge graph and support revision. Processing may use server-side and API-based steps (including AI providers where enabled). We use uploads only to provide the Service to you — not to train public models for other users or for advertising. Retention follows your account lifecycle and the settings we describe below.
Evidence Engine: drafts, lines, and summaries you generate or store for UCAS-style work stay associated with your account for as long as you keep them.
Technical and security data: IP address, device/browser metadata, logs, and cookies as described in our cookie notice and consent banner where applicable.
Payment data: processed by Stripe; we do not store full card numbers on our servers.

3. Why we use your data (UK GDPR)

Contract: to provide StudyVector, including personalisation, Nexus processing, and Evidence Engine features you ask for.
Legitimate interests: security, fraud prevention, product improvement, and analytics in a way that respects your rights.
Consent: where required (for example non-essential cookies or marketing emails) — you can withdraw consent at any time.
Legal obligation: where we must retain or disclose information by law.

4. Research Nexus and PDFs

6. Retention

7. Your rights (including erasure)

You have rights under UK GDPR, including to access, rectify, erase, restrict, port, and object in certain cases.

We typically respond within 30 days. Some information may be retained where the law requires (for example limited billing records).

8. Children and teens

9. Security

We use industry-standard measures (encryption in transit, access controls, and monitoring). No online service is perfectly secure; please use a strong, unique password.

10. Cookies

We use essential cookies for login and session. Optional analytics or marketing cookies are used only with consent where required. See our cookie banner and Cookie Policy for more detail.

11. Complaints

12. Changes

We may update this policy; the date at the top will change. Material changes may be notified by email or in-app.

1. Who we are

2. What we collect

3. Why we use your data (UK GDPR)

4. Research Nexus and PDFs

5. Who we share with

6. Retention

7. Your rights (including erasure)

8. Children and teens

9. Security

10. Cookies

11. Complaints

12. Changes

Privacy Policy

1. Who we are

2. What we collect

3. Why we use your data (UK GDPR)

4. Research Nexus and PDFs

5. Who we share with

6. Retention

7. Your rights (including erasure)

8. Children and teens

9. Security

10. Cookies

11. Complaints

12. Changes