PL CSCS

Legal / Prawne

Privacy policy

Privacy version 3.0 (UK) · last updated 13 July 2026.

This privacy policy explains how "PL CSCS" processes your personal data and your rights under the UK GDPR and Data Protection Act 2018.

1. Data controller

The data controller is —, address: —. Data protection contact: —.

2. What data we process

  • Email address, account identifiers, verification status, authentication events, and the legal-document versions, language, and timestamp accepted when the account is created. Firebase Authentication handles the password credential; the service application does not receive or store the password in readable form.
  • Payment-provider customer identifier and payment status - to handle purchases and billing.
  • Session results and attempt history - to show your progress.
  • Support-ticket contact details, category, subject, message history, status, timestamps, and linked account identifier where you are signed in - to investigate and answer your request.
  • Technical and security data, including observed sign-in IP addresses, recent successful authentication history, IP-derived quota identifiers, browser/device information, automated anti-abuse verification signals, timestamps, and server logs where necessary to operate and protect the service.

3. Purposes and legal bases

  • Contract performance - account creation, access sale, and session history.
  • Legal obligations - issuing and storing accounting documents.
  • Legitimate interests - fraud and scraping prevention, service security, aggregate visit statistics, product improvement, and support handling.

4. Who receives data

Data is processed by trusted providers:

  • Google Firebase and Google Cloud - authentication, Firestore database, hosting, server functions, abuse protection, and operational logging. Processing locations depend on the configured service and may involve approved international transfers. Firebase privacy policy.
  • Our transactional email provider - delivery of ticket receipts and support notifications.
  • Our payment provider - card payments and receipts. Payment provider privacy policy.
  • Cloudflare - automated abuse prevention during account registration, sign-in, and support requests. Cloudflare privacy policy.
  • Plausible Analytics (EU) - anonymous visit statistics without cookies. Plausible privacy policy.

5. How long we store data

  • Account, entitlement, and study history - while the account is active and afterwards only as long as reasonably required for support, disputes, security, or legal obligations. You may request deletion where the law allows.
  • Payment and accounting records - for the retention period required by applicable tax and accounting law.
  • Support tickets and replies - for as long as reasonably needed to answer the request, maintain service history, handle complaints or legal claims, and meet legal obligations, then deleted or anonymised where appropriate.
  • Account-linked sign-in security history is limited to the 10 most recent successful events and kept only while reasonably needed to protect the account, handle support, or establish legal claims. Other security and technical records are kept for the shortest practical period, then deleted or aggregated.

6. Your rights

You have the right to access, rectify, erase, restrict processing, transfer your data, object, and lodge a complaint with a supervisory authority.

To exercise your rights, write to —. You may also complain to the UK Information Commissioner's Office (ICO) or, where applicable, the data-protection authority where you live.

7. Cookies

The service does not use advertising cookies. It uses necessary browser storage for authentication and study progress, an HTTP-only server session cookie, and automated security checks. Cookie-less aggregate analytics may run only when the administrator configures it.

8. Security

We use HTTPS, Firebase Authentication, email verification, optional multi-factor authentication, server-side access checks, Firestore rules, quotas, and abuse signals. No online service can guarantee absolute security, but access is restricted according to role and need.

9. Policy changes

Changes to this policy are published on this page. The last update date is shown above.