SimpleStudy® Legal

Data Protection

Data Protection at SimpleStudy

At SimpleStudy, we are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains what personal data we collect, how we use it, how we protect it, and your rights.

1. Personal data we collect

For learners (students):

  • Name and email address
  • Login credentials (passwords stored in hashed & salted format)
  • Educational context data such as subjects, exam board, and year group
  • Usage data from engaging with features in the app (e.g. quizzes, flashcards, progress tracking)

For administrators (teachers and school staff):

  • Name and email address
  • Role/title and school affiliation
  • Login credentials (hashed & salted)
  • Usage data from engaging with features in the app (e.g. homework assignments, classroom analytics, reporting dashboards)

We do not collect special category data such as health information, ethnicity, political opinions, or biometric data.

2. How we store and protect your data

  • Storage: All data is stored securely in the European Union on GDPR-compliant infrastructure.
  • Encryption: Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent industry standard).
  • Access control: Personal data is only accessible to authorised staff who need it for their role. Access is protected with secure authentication, logged, and reviewed regularly.
  • Backups and monitoring: Encrypted backups are maintained and systems are monitored for anomalies.
  • Retention: Data is kept only as long as necessary to provide the service. If an account is closed, personal data is deleted or anonymised.

3. Third-party subprocessors

We work with a small number of trusted third-party providers to deliver our services. Each acts under a GDPR-compliant agreement and only processes data necessary for their function.

  • Amazon Web Services (AWS): EU hosting and storage
  • Customer.io: EU-based, transactional emails and notifications
  • Mixpanel: EU-based analytics to understand how features are used
  • PostHog: EU-based analytics and event tracking
  • Stripe Payments Europe, Ltd.: EU-based payment processing
  • Apple (EU entity): EU-based App Store payment processing

No third party is permitted to use your data for its own purposes, and your data is never sold.

4. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Request corrections to inaccurate or incomplete data
  • Request deletion of your personal data (“right to be forgotten”)
  • Restrict how your data is processed
  • Request a copy of your data in a portable format
  • Object to certain processing, such as when based on our legitimate interests
  • Withdraw consent, where processing is based on consent

To exercise your rights, please contact us at hello@simplestudy.com.

5. Accountability and compliance

  • We maintain Data Processing Agreements with all subprocessors.
  • Access to personal data is restricted and reviewed.
  • Our security practices are reviewed regularly to ensure compliance with GDPR and industry standards.

6. More information

For additional details on cookies, children’s data, and other practices, please see our full Privacy Policy.

Join 500,000+ students studying with us.

Select your subjects, and get access to A+ resources today.

Wave decoration