Privacy Policy

Last updated: March 2026

This Privacy Policy outlines how occhealthrevision.co.uk ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our website at occhealthrevision.co.uk ("the Website"). By using the Website, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

When you register for an account or use our services, we may collect:

Your name and email address (provided during registration)
Display name and profile picture (if you choose to upload one)
Password (stored in encrypted form — we never have access to your plain-text password)
Account information provided during registration

1.2 Information Collected Automatically

When you use the Website, we automatically collect:

Your question response history, quiz session data, scores, and progress information
Flagged questions and "marked as understood" status
Login timestamps and session information
IP address and general location data
Browser type, device information, and operating system
Pages visited and features used on the Website

1.3 Payment Information

All payments are processed securely through Stripe. We do not have access to, collect, or store any credit or debit card details on our servers. Stripe handles all payment processing in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements. We do store a record of your transaction (amount paid, product purchased, date) for receipt purposes.

2. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Website and its services
Create and manage your account
Track your quiz progress, scores, and performance analytics
Process payments and manage subscriptions
Provide payment receipts and transaction history
Send you important service-related communications (e.g., subscription expiry reminders, account notifications)
Respond to your enquiries and provide customer support
Analyse usage patterns to improve the Website and user experience
Prevent fraud, abuse, and unauthorised access
Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Service providers: We use third-party services (Supabase for data hosting, Stripe for payments, Vercel for website hosting) that process data on our behalf in accordance with their own privacy policies and appropriate data processing agreements.
Legal requirements: We may disclose your information if required by law, regulation, legal process, or enforceable governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Enforcement: We reserve the right to disclose information if we believe that use of the Website is being conducted unlawfully or in a manner harmful to other users, or to investigate potential violations of our Terms and Conditions.

4. Data Storage and Security

Your data is stored securely using Supabase infrastructure with industry-standard encryption at rest and in transit. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Cookies and Tracking

We use cookies and similar technologies to maintain your login session, remember your preferences (such as theme settings), and gather anonymous usage analytics to improve the Website. Essential cookies are required for the Website to function and cannot be disabled. You can manage cookie preferences through your browser settings, though disabling certain cookies may affect your experience.

6. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide you with our services. If you delete your account, we will delete or anonymise your personal data within a reasonable timeframe, except where we are required to retain certain information for legal, accounting, or regulatory purposes. Payment transaction records may be retained for up to 7 years in accordance with financial regulations.

7. Your Rights

Under applicable data protection laws (including UK GDPR), you have the right to:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete personal data
Erasure: Request deletion of your personal data (subject to legal retention requirements)
Restriction: Request restriction of processing of your personal data in certain circumstances
Data portability: Request a copy of your data in a structured, commonly used, machine-readable format
Objection: Object to the processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at admin@occhealthrevision.co.uk. We will respond to your request within 30 days.

8. Children's Privacy

The Website is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be processed and stored in countries outside the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

10. Third-Party Links

The Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Website with a revised "last updated" date. Your continued use of the Website after such changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: admin@occhealthrevision.co.uk