Privacy Policy

1. Introduction

We ("we," "our," or "us") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use TmuaBank ("Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1. Account Information

When you create an account, we collect:

• Name and email address (provided through Clerk authentication)
• Profile information you choose to provide
• Account preferences and settings

2.2. Authentication Data

We use Clerk for user authentication. Clerk collects and processes:

• Email addresses and passwords (hashed)
• Social media account information (if you sign in with Google, etc.)
• Session tokens and authentication cookies
• Device and browser information for security

For more information about Clerk's data practices, please review Clerk's Privacy Policy.

2.3. Payment Information

When you make a purchase, payment processing is handled by Stripe. We do not store your full payment card details. Stripe collects:

• Payment card information (processed securely by Stripe)
• Billing address
• Payment history and transaction records

For more information about Stripe's data practices, please review Stripe's Privacy Policy.

2.4. Usage Data

We automatically collect information about how you use our Service:

• Question attempts and answers
• Progress tracking data
• Saved questions and study materials
• Feature usage and interactions
• Device information (browser type, operating system)
• IP address and general location
• Log files and error reports

2.5. Subscription Information

We store information about your subscription:

• Subscription plan and status
• Billing cycle and renewal dates
• Stripe customer ID
• Subscription history

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process payments and manage subscriptions
• Authenticate users and manage accounts
• Personalize your experience and track your progress
• Send you service-related communications (account updates, subscription notices)
• Respond to your inquiries and provide customer support
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations
• Analyze usage patterns to improve our Service

We do not sell your personal information to third parties. We only share your information as described in this Privacy Policy.

4. Data Storage and Processing

Your data is stored and processed using the following services:

• Supabase: We use Supabase to store your account data, progress, and usage information. Data is stored securely in databases with encryption at rest.
• Clerk: Authentication data is stored by Clerk in accordance with their security practices.
• Stripe: Payment information is stored securely by Stripe in compliance with PCI DSS standards.

Your data may be processed and stored in data centers located in the European Union, United States, or other jurisdictions. We take appropriate measures to ensure your data is protected in accordance with applicable data protection laws.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session (essential cookies)
• Remember your preferences and settings
• Analyze Service usage and performance
• Improve our Service functionality

Types of cookies we use:

• Essential Cookies: Required for the Service to function properly. These cannot be disabled.
• Functional Cookies: Remember your preferences and enhance your experience.
• Analytics Cookies: Help us understand how users interact with our Service.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

6. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Clerk: Authentication services. Privacy Policy
• Stripe: Payment processing. Privacy Policy
• Supabase: Database and storage. Privacy Policy

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

7. Your Rights (GDPR and Data Protection)

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal information ("right to be forgotten")
• Right to Restrict Processing: Request that we limit how we use your information
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal information in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing where we rely on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days or as required by applicable law.

If you are located in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication through Clerk
• Regular security assessments and updates
• Access controls and employee training
• Secure payment processing through Stripe (PCI DSS compliant)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you delete your account, we will:

• Delete your account and personal information from our systems
• Cancel any active subscriptions
• Retain certain information as required by law or for legitimate business purposes (e.g., transaction records)

Some information may remain in backups for a limited time. We will securely delete this information when backups are updated.

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13, we will delete that information immediately. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws, including Standard Contractual Clauses where applicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: enquiries@tmuabank.co.uk

For data protection inquiries or to exercise your rights, please include "Privacy Request" in the subject line and provide sufficient information to verify your identity.