Privacy Policy
We take your privacy seriously. Here's a clear breakdown of what data we collect, why, and how we protect it.
1. What Data We Collect
We only collect what's needed to run the service and improve your experience:
- Account info: Your email address and an encrypted password when you sign up. Optionally, your name and display name.
- Practice data: Your test results, scores, and progress — so you can track how you're improving.
- Community content: Posts and comments you write in the forum.
- Usage data: We use Google Analytics to understand how people use the site — pages visited, time spent, device type. IP addresses are anonymised.
2. How We Use Your Data
- • Running the service: Managing your account, saving your progress, and providing your test results.
- • Improving things: Using analytics to understand what's working and what isn't.
- • Keeping it free: Showing ads via Google AdSense to help cover costs.
- • Security: Preventing abuse and keeping the platform safe.
3. Where Your Data Lives
Your account data is stored securely by Supabase, our authentication and database provider. Supabase stores data within the EU and is fully GDPR-compliant.
Google (Analytics & AdSense) processes some data in the US, protected by Standard Contractual Clauses and appropriate safeguards as required by UK GDPR.
We don't sell your data to anyone. Ever.
4. Cookies & Advertising
We use three types of cookies:
- Essential: Required for login and security — can't be turned off.
- Analytics: Help us understand how the site is used (Google Analytics). You can opt out.
- Advertising: Used by Google AdSense to show relevant ads. You can opt out of personalised ads at Google Ads Settings.
Opting out of ad personalisation won't remove ads — you'll just see generic ones instead. You can also manage cookies through your browser settings.
Learn more at Google's ad privacy info.
5. How We Protect Your Data
- • All data is encrypted in transit (HTTPS/TLS). Passwords are hashed and never stored in plain text.
- • Access to personal data is strictly limited.
- • Supabase provides enterprise-grade infrastructure security including encryption at rest.
- • In the unlikely event of a data breach, we'll notify affected users and the ICO within 72 hours.
While we take security seriously, no online service can guarantee 100% security. We do our absolute best.
6. Your Rights
Under UK GDPR, you have the right to:
- • Access — see what data we hold about you
- • Correct — fix any inaccurate information
- • Delete — request removal of your personal data (you can also do this directly from your profile settings)
- • Export — get a copy of your data in a portable format
- • Object — opt out of certain types of processing
- • Withdraw consent — for cookies and personalised ads, at any time
To exercise any of these rights, reach out on the Community Forum or use the contact page. We'll respond within 30 days.
Not happy with our response? You can complain to the Information Commissioner's Office (ICO).
7. How Long We Keep Data
- • Account & practice data: Kept while your account is active. Deleted within 30 days of account deletion.
- • Community posts: May be retained (anonymised) after account deletion for community continuity.
- • Analytics: Google Analytics data is automatically deleted after 26 months.
- • Ad cookies: Follow Google's standard cookie lifespans (max 13 months).
8. Under 16s
This service is aimed at adults (train driver roles require you to be 18+). We don't knowingly collect data from anyone under 16. If we find we have, we'll delete it promptly.
9. Changes to This Policy
We may update this policy occasionally. When we do, we'll update the date at the top and let you know about any significant changes. Your continued use after changes means you accept the updated policy.
10. Any Questions?
If you have questions about this policy or want to exercise your data rights, visit the Community Forum or contact page.
We'll get back to you within 30 days. If you're not satisfied, you can raise a complaint with the ICO.