Privacy Policy
This policy explains what information we collect, why we collect it, and what we do with it. We’ve written it in plain language because we know many of our users are 16–18 years old, and everyone deserves to understand how their data is handled.
Last updated: 27 March 2026
1. Who we are
ClearConcept is a trading name of Custom Growth Solutions Ltd, a company registered in England and Wales (company number 16967253). Our registered address is 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE.
ClearConcept is operated by Postino, which is also a trading name of Custom Growth Solutions Ltd.
Data Protection Officer contact: martin@postino.cc
ICO registration number: C1897388
2. What information we collect
We collect different information depending on how you use ClearConcept:
If you browse without an account
- Pages you visit and how long you spend on them (via privacy-respecting analytics)
- Your device type and browser (so we can make the site work properly)
- No personal information that identifies you
If you create a free account
- Your email address
- A display name you choose
- Which subjects and spec points you look at
- When you signed up
If you purchase access
- Everything above, plus:
- Your payment details (processed by Stripe — we never see or store your card number)
- Which subjects you’ve unlocked
- Your purchase history and amounts paid
- Device information for managing your 3-device limit
If you’re under 18
We do not collect any more information from users under 18 than from adult users. We do not use your data for profiling or automated decision-making. We do not share your data with advertisers.
3. Why we collect your information
We use your information for the following purposes, and we’ve listed the legal basis for each:
| Purpose | What we use | Legal basis |
|---|---|---|
| Providing the service (showing you revision content, tracking your progress) | Email, display name, subject selections, usage data | Contract (you signed up to use the service) |
| Processing payments | Email, payment intent data via Stripe | Contract |
| Enforcing device limits | Device tokens stored in your browser | Legitimate interest (preventing account sharing beyond fair use) |
| Preventing fraud and abuse | Account activity, purchase patterns | Legitimate interest |
| Improving ClearConcept | Anonymised usage patterns (which subjects are popular, where users get stuck) | Legitimate interest |
| Sending essential service emails (purchase confirmations, expiry warnings) | Email address | Contract |
We will never sell your data. We will never share your data with advertisers. We will never use your data to build advertising profiles.
4. Who we share your information with
We only share your data with the following third parties, and only as much as necessary:
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Authentication and database | Email, display name, usage data | West EU (Ireland) |
| Stripe | Payment processing | Email, payment amounts | EU/US (covered by SCCs) |
| Netlify | Website hosting | IP address, pages visited | EU/US (covered by SCCs) |
If any of these providers are based outside the UK, we ensure appropriate safeguards are in place (Standard Contractual Clauses) as required by UK GDPR.
5. How long we keep your information
- Account data (email, display name): kept while your account is active, deleted within 90 days of account deletion
- Purchase records: kept for 6 years after purchase (required by UK tax law)
- Usage analytics: anonymised after 12 months
- Device tokens: deleted when you remove the device, or automatically after 6 months of inactivity
- Gift codes: kept for the lifetime of the associated purchase
6. Your rights
Under UK GDPR, you have the right to:
- Access: ask us for a copy of all data we hold about you
- Rectification: ask us to correct any inaccurate data
- Erasure: ask us to delete your data (subject to legal obligations like tax records)
- Portability: receive your data in a machine-readable format
- Object: object to processing based on legitimate interest
- Withdraw consent: where we rely on consent, you can withdraw it at any time
To exercise any of these rights, email martin@postino.cc. We will respond within one month.
If you’re not happy with how we’ve handled your data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
7. Children’s data and the Age Appropriate Design Code
ClearConcept is designed to be used by A-level students, many of whom are 16 or 17 years old. We take this seriously:
- We comply with the ICO’s Age Appropriate Design Code (Children’s Code)
- Privacy settings are set to high by default — we don’t ask you to lower them
- We don’t use nudge techniques, dark patterns, or psychological tricks to get you to share more data or weaken your privacy
- We don’t profile users under 18
- We don’t serve advertising to any user
- We don’t share data with social media platforms
- Users aged 13 and over can create an account and consent to this policy under UK law
8. Cookies
We use the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Supabase auth token | Keeps you logged in | Essential (no consent needed) | Session |
| Device token | Identifies this device for the 3-device limit | Essential | Persistent (6 months) |
| Cookie consent preference | Remembers your cookie choice | Essential | 12 months |
If we add analytics cookies in the future, we will ask for your consent before setting them.
9. How we protect your information
- All data is transmitted over HTTPS (encrypted in transit)
- Database access is controlled by Row Level Security policies — users can only access their own data
- Payment data is handled entirely by Stripe (PCI DSS compliant) — we never see or store card numbers
- Content IDs use non-sequential UUIDs to prevent URL guessing
- All API endpoints verify authentication and authorisation before returning data
10. Changes to this policy
If we make significant changes to this policy, we will notify you by email (if you have an account) and display a notice on the website. We will never reduce your rights without giving you clear notice and the opportunity to delete your account.
11. Contact us
If you have any questions about this policy or your data:
- Email: martin@postino.cc
- Post: Custom Growth Solutions Ltd, 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE
We aim to respond to all data protection queries within 5 working days.