Privacy Policy

1. Who we are

Kramizo ("we", "our", "us") provides an exam-board-aligned revision platform at kramizo.com. We are the data controller for the personal information described in this policy.

To contact us about privacy matters, email: support@kramizo.com

2. What data we collect

Account data

• →Email address (required to create an account)
• →Display name (optional, chosen by you)
• →Hashed password (stored by Supabase — we never see your plaintext password)
• →Account creation date and last active date

Quiz and usage data

• →Questions you answer, your responses, and whether they were correct
• →Quiz session scores, XP earned, and streaks
• →Subject and topic preferences
• →Daily activity timestamps (to calculate streaks)

Payment data

Subscription payments are processed by Stripe. We never see or store your full card number, CVV, or bank details. We store only a Stripe customer ID and your current subscription plan and status so we can grant you the correct access level.

Technical data

• →IP address (collected by our hosting provider, Vercel)
• →Browser type and device information (collected indirectly via Supabase auth logs)
• →Authentication tokens stored in your browser's local storage

3. How we use your data

We use your data to:

• →Provide the Kramizo revision service and personalise your question feed
• →Track your progress and calculate performance analytics on your dashboard
• →Manage your account, including login and password resets
• →Process subscription payments and manage billing via Stripe
• →Send transactional emails (account confirmation, password reset, receipts) — we do not send marketing emails unless you opt in
• →Detect and prevent fraud or abuse

4. Our legal basis (UK GDPR)

We rely on the following lawful bases:

• →Contract performance — to deliver the service you signed up for
• →Legitimate interests — to improve the platform, detect fraud, and maintain security
• →Legal obligation — where the law requires us to retain records (e.g. VAT invoices)

5. Users under 16

Kramizo is designed for students preparing for GCSE, IGCSE, and equivalent qualifications. Some of our users may be under 16 years old.

We do not knowingly collect data from children under 13. If you are between 13 and 15, you should obtain parental or guardian consent before creating an account. If you are a parent or guardian and believe your child has created an account without consent, please contact us at support@kramizo.com and we will delete the account.

We do not use children's data for any purpose other than delivering the revision service.

6. Data sharing

We share your data only with:

• →Supabase (database and authentication) — EU/US data processing with standard contractual clauses
• →Stripe (payment processing) — PCI-DSS Level 1 certified
• →Vercel (hosting and CDN) — GDPR-compliant infrastructure
• →Anthropic (AI question generation) — only anonymised topic/subject context is sent; no personal data is shared

We do not sell your data to third parties. Ever.

7. Data retention

• →Active account data: retained while your account is open
• →Quiz and answer data: retained for 3 years after your last active date to support progress analytics
• →Payment records: retained for 7 years (UK VAT legal requirement)
• →Deleted accounts: personal data purged within 30 days of a deletion request; anonymised aggregate usage data may be retained

8. Cookies

We use only essential cookies required for the service to function — specifically authentication tokens set by Supabase so you stay logged in. We do not use tracking, advertising, or analytics cookies without your consent.

9. Your rights

Under UK GDPR you have the right to:

• →Access — request a copy of the personal data we hold about you
• →Rectification — ask us to correct inaccurate data
• →Erasure — ask us to delete your account and personal data
• →Restriction — ask us to limit how we process your data in certain circumstances
• →Portability — receive your quiz data in a machine-readable format
• →Object — object to processing based on legitimate interests

To exercise any of these rights, email support@kramizo.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We implement technical measures to protect your data including: HTTPS encryption in transit, hashed password storage, row-level security policies on our database, and service-role key isolation for server-side operations. No system is 100% secure; if you suspect unauthorised access to your account, change your password immediately and contact us.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email (if you have an account) or by a notice on the website. The date at the top of this page always shows when the policy was last updated.

12. Contact

For any privacy questions or to exercise your rights: support@kramizo.com