Powskill is best on a tablet or laptop - some screens have more room to work there.

Privacy Policy

Last updated: [EFFECTIVE DATE]

Draft for review by qualified counsel. Placeholders in [BRACKETS] still need to be filled in.

This Privacy Policy explains how [LEGAL ENTITY NAME & TYPE](“Powskill”, “we”, “us”, “our”) collects, uses, shares and protects your personal data when you use the Powskill website and app at powskill.com (and currently also powskill-v5.vercel.app) (the “Service”).

We’ve written this in plain English because most of our users are students. Where the law uses specific terms (like “lawful basis” or “data controller”), we’ve kept them but tried to explain them simply.

We are the data controllerfor the personal data described here, which means we decide how and why it’s processed. You can reach us using the details in section 13.

1. A quick summary

We collect what we need to run a practice platform: your account details, your education profile, and the answers and activity you create while practicing.
When you submit an answer for AI marking, the text is sent to a third-party AI provider to generate a mark and feedback. This may involve transferring your answer outside your country.
We use a small set of trusted service providers (listed in section 6) to host the app, run the database, send emails, and process payments.
We do not sell your personal data.
Marketing emails are off by default — you only get them if you opt in, and you can opt out anytime.
You have rights over your data (access, correction, deletion, export, and more) — see section 10.

2. Who this applies to, and children’s data

Powskill is used by students, many of whom are minors(typically around 15–18, sometimes younger). We take this seriously and design the Service with younger users in mind — for example, marketing is off by default, and we try to collect only what we need.

Minimum age. You must be at least 13 to use Powskill. The Service is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If we discover we have collected information from an under-13 without proper consent, we will delete it.

Younger users / guardian consent.Where the law requires it, users below a certain age need a parent or guardian to consent on their behalf before they use the Service or before we rely on their consent to process their data. The exact age depends on the country (under the EU/UK GDPR it can range from 13 to 16). If you are below that age in your country, you may only use Powskill with your parent’s or guardian’s agreement.

If we learn we’ve collected data from a child below the permitted age without the required consent, we’ll delete it. If you’re a parent or guardian and believe your child has given us data they shouldn’t have, contact us (section 13) and we’ll help.

3. What we collect

a. Account information

Display name and email address.
A password, which is hashed (scrambled) by our authentication provider — we don’t see or store it in plain text.
If you sign in with Google, basic Google profile information (such as name and email) that Google shares with us.
The fact that, and time when, you verified your email.

b. Education profile

Subjects you study, your level (e.g. SL/HL), your target exam session/date, and your year in the course.

c. Usage and content

The answers you write to practice questions (free text, sometimes long).
Your attempts, marks awarded, accuracy, performance by topic/command term, study activity, progress, and your plan tier (free or Pro).

d. Consent and preference records

Whether you’ve opted in to marketing emails (off by default), and the timestamp of your acceptance of our Terms.

e. Technical and log data

Standard data such as IP address and device/browser information, collected via our hosting and authentication providers, used to run and secure the Service.

f. Payment information (Pro users)

We don’t store your full card details. Your payment is handled by Stripe, which processes your payment data under its own privacy policy. We receive limited information such as whether a payment succeeded and your plan status.

Please don’t include unnecessary sensitive information in your answers.Your free-text answers could unintentionally reveal sensitive details (for example about your health, beliefs, or background — what the law calls “special category data”). We don’t ask for this and don’t want it. We process whatever is in your answers only to provide marking and the Service, and we ask you to avoid putting sensitive personal information about yourself or others into your answers where you don’t need to.

4. Why we use your data, and our lawful bases (GDPR)

If you’re in the EU/UK, the GDPR requires us to have a “lawful basis” for each use of your data. Here’s the breakdown:

What we do	Why	Lawful basis (GDPR)
Create and run your account; provide free and Pro features; mark your answers and show your progress	To deliver the Service you asked for	Performance of a contract (Art. 6(1)(b))
Verify your email; keep the Service secure; prevent fraud and abuse; debug and improve reliability	Our legitimate interest in a safe, working Service	Legitimate interests (Art. 6(1)(f))
Send marketing / weekly study emails	Only if you opt in	Consent (Art. 6(1)(a)), withdrawable anytime
Process payments for Pro	To take payment for a service you bought	Performance of a contract (Art. 6(1)(b))
Keep records and meet legal obligations (e.g. tax, responding to lawful requests)	Because the law requires it	Legal obligation (Art. 6(1)(c))
Use aggregated/de-identified data to understand and improve Powskill	Our legitimate interest in improving the Service	Legitimate interests (Art. 6(1)(f))

Where we rely on consent (such as marketing), you can withdraw it at any time without affecting anything we did before you withdrew it.

5. AI marking — how your answers are processed

This is the most important part to understand.

When you submit an answer for marking, the text of your answer is sent to a third-party AI provider (currently DeepSeek) which generates a mark and feedback that we return to you.

What this means:

Your answer text is transmitted to and processed by that provider, which may be located outside your country (including, potentially, outside the EEA/UK). See section 7 on international transfers.
This is automated processing: a computer system produces the mark and feedback, without a human reviewing each one.
The mark and feedback are an estimate to help you learn — not an official grade, and possibly wrong (this is also covered in our Terms).
We use this processing to provide you a core feature you’ve asked for. If you don’t want your answers processed this way, don’t submit them for AI marking; some features won’t be available without it.

Your rights around automated processing.You can ask us about how the automated marking works, share your point of view, and ask us to look into a result. Although we don’t consider AI marking to be a decision that has a legal or similarly significant effect on you (it’s a study estimate), we’ll still handle these requests fairly. See section 10.

6. Service providers (sub-processors)

We use a small number of trusted companies to run Powskill. They process personal data on our instructions and only to provide their service to us. Current providers:

Provider	What they do for us	Where / notes
Supabase	Authentication, Postgres database, and storage — this is where your account, education profile, answers and activity live	Project hosted in Singapore (ap-southeast-1)
DeepSeek	AI marking of submitted answers (see section 5)	See international-transfer note in section 7
Resend	Sending transactional emails (e.g. email verification) and — only if you opt in — marketing/weekly emails	Sending domain: powskill.com
Google	Optional “Sign in with Google”	Only if you choose Google sign-in
Vercel	Application hosting and content delivery (CDN)	Serves the app and handles related log data
Stripe	Processing Pro payments	Processes payment data under its own privacy policy

We may add, change, or replace providers as Powskill grows. When we make material changes we’ll update this list. Each provider has its own privacy terms, and we put data-protection agreements in place with them where required.

7. International data transfers

Powskill’s users are international, and some of our providers are based in different countries (for example, Supabase in Singapore, and our AI provider as noted in section 5). This means your data may be transferred to and processed in countries other than your own, which may have different data-protection laws.

When we transfer personal data of EU/UK users to a country that the EU/UK doesn’t consider to provide “adequate” protection, we rely on appropriate safeguards — typically Standard Contractual Clauses (and, for the UK, the UK International Data Transfer Agreement / Addendum) — together with any additional measures needed. You can ask us for more detail (section 13).

8. How long we keep your data (retention)

We keep your personal data only as long as we need it for the purposes in this policy, then delete or anonymise it.

Account and education profile: kept while your account is active.
Your answers, attempts, marks and progress: kept while your account is active so you can see your history and progress.
After you delete your account: we delete or anonymise your personal data within [RETENTION PERIOD], except where we need to keep limited records longer (for example for tax, accounting, fraud-prevention, or to handle a legal claim).
Server/access logs: kept for about [RETENTION PERIOD].
Backups: cycle out within [RETENTION PERIOD].

9. How we protect your data

We take reasonable technical and organisational measures to protect your data, including encryption in transit, hashed passwords, access controls, and using reputable providers. No system is 100% secure, but we work to keep your information safe and to respond quickly if something goes wrong. If a data breach occurs that legally requires it, we’ll notify the relevant authority and affected users as required.

10. Your rights

Depending on where you live, you have rights over your personal data. We honour these for all users where we reasonably can. You can:

Access the personal data we hold about you;
Correct data that’s wrong or out of date (you can edit much of this in your profile);
Delete your account and data (“right to erasure”);
Export your data in a portable format;
Restrict or object to certain processing, including processing based on our legitimate interests;
Withdraw consent at any time where we rely on it (for example, opt out of marketing emails — via the unsubscribe link or your settings);
Object to / ask about automated processing, including AI marking (see section 5); and
Complain to your local data-protection authority (in the EU/UK) if you think we’ve handled your data wrongly — though we’d appreciate the chance to fix it first.

California residents (CCPA/CPRA). You have rights to know what we collect, to access and delete it, to correct it, and to non-discrimination for exercising your rights. We do not sell your personal data, and we do not “share” it for cross-context behavioural advertising, so there’s nothing to opt out of there. You can exercise your rights using the contact details below.

To make a request, contact us at [CONTACT EMAIL]. We may need to verify your identity, and we’ll respond within the timeframe the law requires. Using these rights is free, and we won’t treat you differently for it.

11. Cookies and local storage

We keep cookies to a minimum:

Essential cookies only — for example, to keep you signed in and to make the Service work. These don’t need consent because the Service can’t run without them.
No third-party advertising cookies, and no ad-tracking.
Local storage: some of your practice data is currently stored locally in your browser to make the app work smoothly. This stays on your device and is under your control (clearing your browser data removes it).

If we ever add non-essential cookies (for example, optional analytics), we’ll ask for your consent first and update this section.

12. Changes to this policy

We may update this Privacy Policy as Powskill evolves. If we make material changes, we’ll take reasonable steps to tell you (for example by email or an in-app notice). The “Last updated” date at the top always shows the current version.

13. Contact us and how to make a request

For privacy questions or to exercise your rights, contact us at [CONTACT EMAIL].

Data-protection contact: [DATA-PROTECTION CONTACT / DPO IF ANY]

[LEGAL ENTITY NAME & TYPE]
[COUNTRY OF INCORPORATION / REGISTERED ADDRESS]