At Revision Genie, we prioritise the privacy and protection of all our users, with special consideration for children and young people. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with UK GDPR, the Data Protection Act 2018, and the ICO's Age Appropriate Design Code.
Revision Genie is operated by Revision Genie Ltd, a company registered in England and Wales. Revision Genie Ltd is the data controller for your personal information.
1.1 Account Information: When you register we collect: your name, email address, date of birth or year of birth (to confirm you are old enough to register), school affiliation (if any), the OAuth provider you signed in with (Google or Microsoft) if you used social login, and a password (hashed) if you registered directly. You can also choose to add a username, profile picture and profile banner, all of which are generated within Revision Genie rather than imported from third parties.
1.2 Educational Data: We collect information about your learning activities, including study sessions, quiz responses, exam practice attempts, lesson progress, mistakes, skill ratings, XP, streak data, league position, and notes you save to your study memory. We use this to provide personalised educational support.
1.3 Chat and AI Interactions: Conversations with our AI tutors are not retained by default. We do retain conversations that have been flagged by our safeguarding systems for review (for example, where a message suggests a user may be at risk). Where you upload an image, document or YouTube link to chat, the underlying file or URL is stored in our secure storage for a limited period so that the conversation can continue.
1.4 User-Uploaded Content: If you create custom AI tutors in My Genies and upload documents to them, those documents are stored in our secure storage and processed to enable retrieval-augmented answers. You can delete uploaded files at any time.
1.5 Technical Data: We automatically collect certain technical information when you use our service, such as browser type, device information, IP address (used for security and rate limiting), and basic usage events.
1.6 Payment Information: If you purchase a paid plan, payment processing is handled by Stripe. We do not store full card numbers; we store a Stripe customer reference, subscription or payment reference, and basic billing metadata.
1.7 Age-Appropriate Settings: For users under 18, we apply privacy-protective defaults and collect minimal data by default.
2.1 Educational Support: We use your information to provide personalised learning experiences and track your educational progress.
2.2 Service Improvement: We analyse usage patterns to enhance our educational tools and features.
2.3 Communication: We send essential service updates, account notifications, support replies, and (where you have opted in) practice reminders and newsletters.
2.4 Safety and Safeguarding: We monitor for content and patterns that may indicate a safeguarding concern, and may review flagged conversations to keep users safe.
2.5 Child Safety: For users under 18, we implement additional safeguards and never use data for advertising or commercial profiling.
Under UK GDPR we must have a lawful basis for processing your personal data. The bases we rely on are:
3.1 Contract: We process your account information, learning data and payment information so we can deliver the educational service you have signed up for.
3.2 Legitimate Interests: We process technical data, basic usage analytics, and security-related information for the legitimate interest of keeping the service running, secure and improving over time. Where you are a child, we balance these interests carefully against your rights.
3.3 Legal Obligation: We process and may retain certain data to comply with legal obligations (for example, tax records relating to your payments, or safeguarding disclosures to appropriate authorities).
3.4 Consent: We rely on your consent for optional activities such as marketing emails or newsletters. You can withdraw consent at any time in your account settings.
3.5 Vital Interests: We may process information without consent where we reasonably believe it is necessary to protect someone's life or safety (for example, a serious safeguarding disclosure).
We keep your data only for as long as we need it. Headline retention periods are:
Account data: kept for as long as your account is active. Inactive accounts may be deleted after 24 months of inactivity, with prior notice.
AI chat conversations: not retained by default. Safeguarding-flagged conversations are kept for up to 24 months for review and audit.
Uploaded files (chat attachments): retained for up to 30 days and then cleaned up automatically.
Uploaded files (My Genies knowledge base): retained until you delete them or delete the genie.
Support tickets: kept for up to 24 months after resolution.
Payment records: retained for at least 7 years to meet UK accounting and tax requirements.
Anonymised analytics: may be retained indefinitely.
See our Data Retention Policy for the full breakdown.
5.1 Access: You can access and download your personal information through your account settings or by request.
5.2 Rectification: You can correct inaccurate information in your account settings, or by contacting us.
5.3 Erasure: You can request deletion of your account. We operate a 2-day cooling-off period, after which your account is anonymised and your personal data deleted. Certain records (such as financial records or anonymised safeguarding information) may be retained where the law requires.
5.4 Restriction and Objection: You can ask us to restrict how we use your data, or object to processing based on legitimate interests.
5.5 Portability: You can ask us to provide your data in a portable format.
5.6 Withdraw Consent: Where we rely on consent (e.g. marketing emails), you can withdraw it at any time without affecting prior processing.
5.7 Memory Controls: You can view, edit and delete any notes our AI has saved about you in Settings → AI Memory.
5.8 Right to Complain: If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office (the UK's data protection regulator) at ico.org.uk or by calling 0303 123 1113.
We share information only when necessary to provide our service or when required by law. We never sell your personal information and we never share it for advertising or commercial profiling.
We use the following trusted third-party processors to run Revision Genie:
Microsoft Azure (United Kingdom / European Union regions) - Azure OpenAI for AI tutoring and Azure Speech Services for text-to-speech in language lessons. Microsoft contractually commits not to train its models on our customer data.
MongoDB Atlas - hosts our primary database.
Vercel - hosts the website and serverless functions.
Vercel Blob - stores uploaded files (chat attachments, profile pictures, knowledge base documents).
Upstash Redis - caching and rate limiting.
Stripe - processes all card payments and stores card information securely on our behalf.
Google (Google Sign-In, Google AdSense) - optional sign-in and limited non-personalised advertising. See our Cookie Policy.
Microsoft (Microsoft Sign-In) - optional sign-in.
Resend - email delivery for service emails, support replies and (where opted in) practice reminders and newsletters.
All processors are bound by data processing agreements and are required to meet UK GDPR-equivalent standards.
We may also share progress data with the school or class teacher that registered a student account, where the school has authorised this. We may disclose information to law enforcement or safeguarding authorities where we are legally required to do so or where we reasonably believe it is necessary to protect a user.
We prefer to keep personal data within the United Kingdom and European Economic Area, but some of our processors (notably aspects of Azure and Stripe) may transfer or back up data outside the UK and EEA.
Where data is transferred internationally, we rely on UK and EU recognised safeguards such as the UK International Data Transfer Addendum or Standard Contractual Clauses, plus additional measures such as encryption.
8.1 Age-Appropriate Design: Our service follows the ICO's Age Appropriate Design Code.
8.2 Privacy-Protective Defaults: For users under 18, we apply minimal data collection by default and disable social and location features.
8.3 No Advertising Profiling: We never use children's data for advertising or behavioural profiling.
8.4 Clear Communication: We provide age-appropriate privacy information and easy reporting tools.
See our Children's Code Compliance page for the full breakdown.
9.1 Encryption: All personal data is encrypted in transit (TLS) and at rest by our processors.
9.2 Access Controls: We maintain strict controls over who can access user data.
9.3 Regular Reviews: We regularly review our security practices and update them as needed.
9.4 Incident Response: We have procedures in place to handle security incidents promptly. Where required by law we will notify affected users and the ICO.
For questions about your privacy or to exercise your data protection rights, please contact our Data Protection Officer, Joel Martin, at joel@revisiongenie.com.
Revision Genie Ltd is the data controller for your personal information and is registered with the Information Commissioner's Office under registration number ZC008367. For more information about how we protect young users, please see our Children's Code Compliance page.