1. Who we are

Wise-Revise is an education platform for schools, teachers, and students. This notice explains how we collect, use, share, store, and protect personal data when you use Wise-Revise and related services.

2. Controller and processor roles

• When schools use Wise-Revise for teaching and homework, the school is usually the data controller and Wise-Revise acts as data processor.
• When individuals subscribe directly, Wise-Revise acts as data controller for that account and billing relationship.
• Where we process data for schools, we do so under customer instructions and contractual terms (including a Data Processing Agreement).

3. Personal data we process

• Account data: full name, username, role, email address (where required), password hash.
• Learning data: quiz answers, marks, AI feedback, assignments, completion status, streak metrics, leaderboard points.
• Operational data: login timestamps, class memberships, audit and security logs.
• Billing data: Stripe customer/subscription identifiers, plan details, invoices and payment status (not full card numbers/CVC).
• Support data: communications sent to support or admin contacts.

4. How we collect data

• Directly from users, teachers, and school administrators during account setup and platform use.
• From school-managed account imports (for example CSV class imports).
• Automatically via service logs, authentication controls, and security/rate-limiting systems.
• From Stripe for subscription lifecycle and payment status updates.

5. How we use personal data

• To provide learning functionality (AI marking, MCQ marking, class management, assignments, progress reporting).
• To authenticate users, enforce role permissions, and secure accounts.
• To manage subscriptions, recurring payments, usage-based billing, and spend controls.
• To monitor and improve service quality, reliability, safeguarding, and abuse prevention.
• To communicate operational notices, account actions, and support responses.

6. AI marking data use

• AI-marked quiz content is sent for marking and feedback generation using configured AI providers.
• We minimise personal identifiers in AI payloads and do not intentionally send unnecessary personal profile data.
• AI-marked outputs are returned to users and stored in the platform for progress reporting and teacher review.

7. Lawful bases (UK GDPR)

• Contract: to provide the services users and schools subscribe to.
• Legitimate interests: service security, product improvement, fraud/misuse prevention, support operations.
• Legal obligations: compliance with applicable law, financial reporting, and safeguarding responsibilities.
• Consent: where specific optional communications or features require it.

8. Data sharing and processors

• Stripe (billing and subscription processing).
• Hosting/infrastructure providers used to run the platform securely.
• AI provider(s) used for marking functionality where enabled by account entitlements.
• Law enforcement/regulators where disclosure is legally required.

9. International transfers

Some processors may process data outside the UK. Where applicable, we use UK GDPR compliant transfer safeguards and contractual controls.

10. Data retention

• Account records are retained while active and for a defined period after inactivity for audit/security continuity.
• Learning records are retained to provide progress history and school reporting, then removed/anonymised per policy.
• Billing records are retained for statutory financial and tax obligations.
• Where acting as processor for schools, retention follows school instructions and contractual terms.

11. Security measures

• Password hashing using modern one-way hashing algorithms.
• Role-based access controls and server-side authorisation checks.
• CSRF controls for state-changing actions, secure session handling, and login protections.
• HTTPS transport security and secure handling of secrets outside public web root.
• Monitoring and incident response procedures for suspected security events.

12. Children and age-appropriate use

Wise-Revise is built for school-age users. We apply child-focused privacy protections and default settings aligned to high-privacy principles.

13. Your rights

Subject to legal conditions, individuals may request access, correction, restriction, objection, portability, and erasure. School-managed users should usually raise requests through their school first.

14. Complaints

If you are not satisfied with how data is handled, you may raise a complaint with your internal contact first, then with the UK Information Commissioner’s Office.

15. Contact

For privacy queries, data rights requests, or data processing questions, contact your Wise-Revise administrator or support contact listed on your service agreement.