Privacy Policy

Last updated: 5 March 2026

1. Data Controller

The data controller for Day Skipper Revision ("the Service") is:

Richard Moore
6 Farm Lane, Send, Woking, Surrey, GU23 7AT
United Kingdom
support@dayskippertheory.co.uk

2. What Data We Collect

We collect very little personal data. The Service is designed to work without user accounts, logins, or tracking.

Data we process

  • Email address at checkout — When you purchase full access, Stripe collects your email address as part of the payment process. This email is stored by Stripe and is used to verify your purchase if you need to restore access on another device.
  • Email address for access restoration — If you voluntarily enter your email on the "Restore Access" form, it is sent to our server solely to verify your purchase with Stripe. We do not store this email.
  • IP address and server logs — Our hosting provider (Vercel) automatically collects IP addresses and basic request data in server logs for security and operational purposes. These are retained for up to 30 days.

Data we do NOT collect

  • We do not use analytics cookies, tracking pixels, or advertising trackers.
  • We do not collect your name, address, phone number, or any demographic information.
  • We do not store your payment card details — these are handled entirely by Stripe.
  • We do not track your browsing behaviour across other websites.

3. Local Storage

The Service stores certain data locally in your web browser using the browser's localStorage feature. This data never leaves your device and is not transmitted to our servers. It includes:

  • Your access/unlock status
  • Quiz scores and progress data
  • Flashcard review history and spaced repetition state
  • Mock exam score history
  • Your theme preference (light/dark/system)

You can clear this data at any time through your browser settings. Clearing it will not affect your payment status, which can be restored using your checkout email.

4. Cookies

The Service does not set any cookies of its own. No analytics cookies, advertising cookies, or tracking cookies are used. Third-party services (Stripe) may set cookies on their own domains during the checkout process — please refer to Stripe's Privacy Policy for details.

5. Lawful Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process personal data on the following lawful bases:

  • Contract performance (Article 6(1)(b)) — Processing your email address via Stripe is necessary to fulfil your purchase and provide access to the Service.
  • Legitimate interests (Article 6(1)(f)) — Server logs and IP addresses are processed for security, fraud prevention, and operational stability. We have assessed that this processing does not override your rights and freedoms given the minimal and non-sensitive nature of the data.

6. Third-Party Services

The Service uses the following third-party providers who may process personal data on our behalf:

  • Stripe (payment processing) — Handles all payment transactions. Stripe is certified to PCI Service Provider Level 1, the highest level of certification in the payments industry. Stripe Privacy Policy
  • Vercel (hosting) — Hosts the Service and processes server logs. Vercel Privacy Policy

7. Data Retention

  • Payment records — Stripe retains payment data in accordance with their own retention policy and applicable financial regulations.
  • Server logs — Retained by Vercel for up to 30 days.
  • Restore access emails — Not stored. Used only in-memory during the verification request and then discarded.

8. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of access — You can request a copy of any personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate personal data.
  • Right to erasure — You can ask us to delete your personal data where there is no compelling reason to continue processing it.
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing based on legitimate interests.
  • Right to complain — You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at support@dayskippertheory.co.uk. We will respond within one month.

9. International Transfers

Stripe and Vercel may process data outside the United Kingdom. Both providers maintain appropriate safeguards for international data transfers in compliance with UK GDPR requirements, including Standard Contractual Clauses and adequacy decisions where applicable.

10. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child under 13 has provided us with personal data, please contact us and we will take steps to delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.

12. Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at support@dayskippertheory.co.uk.

Richard Moore
6 Farm Lane, Send, Woking, Surrey, GU23 7AT
United Kingdom

Read our Terms & Conditions →