Back to Home

Study Time customer privacy notice

This privacy notice tells you what to expect us to do with your personal information.

Contents

Contact details

Email

admin@studytime.biz

What information we collect, use, and why

We collect or use the following information to provide the Study Time service (account management and study tracking):

Lawful bases and data protection rights

Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO's website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO's website:

Your right of accessYou have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
Your right to rectificationYou have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
Your right to erasureYou have the right to ask us to delete your personal information. Read more about the right to erasure.
Your right to restriction of processingYou have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
Your right to object to processingYou have the right to object to the processing of your personal data. Read more about the right to object to processing.
Your right to data portabilityYou have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
Your right to withdraw consentWhen we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide the Study Time service (account management and study tracking) are:

Where we get personal information from

How long we keep information

You can choose a per-user retention policy for study sessions and optional journaling content in Settings:

For time-bound policies (6/12/24 months), a scheduled cleanup job runs daily and automatically deletes sessions older than your selected window, measured from each session's creation timestamp. Deleting a session also deletes its related topics and feelings.

If you choose "Keep until I delete", session records remain until you delete them manually or delete your account.

Account profile data and account-level settings are kept while your account is active. When your account is deleted, associated records are deleted within a reasonable period, unless a longer retention period is required for security, troubleshooting, or legal compliance.

Deleted data may remain in backups for a limited period before those backups are rotated out.

Retention preference metadata (policy and timestamp) and consent audit metadata (status, timestamp, notice version, and source) are retained to demonstrate compliance with your choices.

How we protect your information

In addition to baseline legal requirements, we apply extra field-level encryption to optional journaling content.

Who we share information with

Data processors

Vercel (hosting)

This data processor does the following activities for us: Hosts the Study Time application and delivers it to users over HTTPS. Processes limited technical and operational data necessary to run the service (e.g., request handling and service logs).

Neon (database hosting)

This data processor does the following activities for us: Stores and processes Study Time application data in a PostgreSQL database, including user account records and study session data. Neon applies encryption at rest and encryption in transit. See Neon's Security overview.

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Vercel

Category of recipient:
Cloud hosting / web application platform (hosting and delivery provider)
Country the personal information is sent to:
United States / international (global processing)
How the transfer complies with UK data protection law:
The International Data Transfer Agreement (IDTA)

Neon

Category of recipient:
Managed database provider (PostgreSQL hosting)
Country the personal information is sent to:
United States

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated: 20 February 2026