Privacy Policy

Last Updated: July 2025

Introduction

TopDecile ("we", "us", "our") is committed to protecting your privacy and complying with UK GDPR, the Data Protection Act 2018, and Google API Services User Data Policy. This Privacy Policy explains how we collect, use, store, and protect your personal information—including data from Google services—when you use www.topdecile.uk and associated features such as Google Calendar integration.

By using TopDecile, you consent to the practices described below.

Information We Collect

Information You Provide Directly

  • Account information: Name, email address, password (hashed), and exam preferences.
  • Study data: Study schedule preferences, mock exam performance, MCQ/flashcard progress, and analytics.
  • Payment data: Payment status and plan (payment processing handled securely by Stripe).

Information from Google Services (Only With Your Consent)

Google Calendar (optional): If you choose to connect your Google account, we temporarily access:

  • ✓ Your calendar's busy periods (event start/end times only)

We do NOT access or store: Event titles, descriptions, attendees, or any sensitive or personal content.

Your Google data is accessed only for providing the study calendar scheduling feature, and not for any other purpose.

Automatically Collected Data

Device and browser details, log data, and basic usage analytics for platform improvement and security.

How We Use Your Information

  • To personalise your study schedule and suggest optimal revision times around your busy periods.
  • To provide analytics and performance feedback on your learning progress.
  • Google Calendar data is used exclusively to identify your free/busy time for study planning. We do not retain or process any event details or private content.
  • No Google data is ever used for marketing, profiling, or shared with third parties (except as needed for service operation and legal compliance).

How We Store and Protect Data

  • All data is encrypted in transit (HTTPS) and stored securely using GDPR-compliant cloud infrastructure (Supabase).
  • Google Calendar data is processed in real time and only busy time blocks are stored—never event details, titles, or descriptions.
  • Calendar access tokens are stored securely and are only used for the intended integration. Tokens are deleted if you disconnect your Google account.

User Controls and Data Deletion

  • You can remove all calendar-derived busy times instantly from the Study Plan page ("Clear rota").
  • You can delete all your study and analytics data from the Settings page.
  • Account deletion: You may delete your account at any time via Settings, which removes all user data except for name and email (retained for security/admin). If you want these removed as well, contact support@topdecile.uk and your data will be fully erased within 30 days.
  • Disconnecting Google Calendar: You can revoke access at any time in your Google Account Permissions, and all associated data is removed from TopDecile instantly.

Data Sharing and Disclosure

We never sell or share your personal or Google data for advertising or marketing.

Data is only shared:

  • With essential service providers (e.g. Supabase, Stripe), all of whom are contractually bound to GDPR standards.
  • If required by law or regulatory authorities.
  • To protect our legal rights, users, or comply with lawful requests.

Google API Disclosure

TopDecile's use of information from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • We request only the minimum necessary Google Calendar permissions.
  • We only access your calendar when you initiate calendar integration, and only for the purpose of study scheduling.
  • We do not access, use, or store your Google data for any unauthorised purpose, or for advertising or analytics.

Third-Party Services

  • Google Calendar API: Used strictly as described above.
  • Stripe: Handles all payment transactions; we do not store payment card details.
  • Supabase: Provides secure database hosting.

For more, see their respective privacy policies.

Children's Privacy

TopDecile is intended for users 16+ only. We do not knowingly collect personal data from children under 16.

Changes to this Policy

We may update this Privacy Policy. Any material changes will be communicated by email or via notice on the platform.

Contact Information

For questions, data access or deletion requests, or complaints:

Email: support@topdecile.uk

Website: www.topdecile.uk