ExamCast
Legal

Privacy Policy

Last updated: 17 April 2026

1. Who We Are

ExamCast is an independent educational resource platform operating in the United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ExamCast is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at admin.examcast@gmail.com.

2. Personal Data We Collect

We collect only the personal data necessary to provide and improve our service. The categories of data we collect are:

2.1 Account Data

  • Email address - obtained automatically from your Google account when you sign in via Google OAuth. We do not collect your Google password.
  • Username - chosen by you during onboarding.
  • Role - whether you are a student or teacher, as selected during onboarding.
  • Year groups - selected during onboarding (e.g. Y9, Y10, Y11), or the year groups you teach.
  • School or college name - provided during onboarding (required for teachers).
  • Exam year and target grade - provided during onboarding to personalise recommendations (students only).
  • Subject interests - the subjects you study, along with the exam board, tier, and qualification type for each subject.
  • Marketing preferences - whether you have opted in to receive product update emails. You can change this any time in Settings.
  • Referral source - optionally provided during onboarding (how you heard about ExamCast).
  • Consent timestamps - the date and time you accepted our Terms of Use, Privacy Policy, and (if applicable) marketing communications.

2.2 Billing Data

  • Subscription metadata - your subscription status, plan type, billing period dates, and cancellation status. This data is managed by Stripe and synchronised to our systems via secure webhooks.
  • Stripe customer identifier - a reference ID linking your ExamCast account to your Stripe customer record.
  • We do not collect, store, or have access to your payment card numbers, bank details, or other financial instrument data. All payment processing is handled directly by Stripe in a PCI-DSS compliant environment.

2.3 Contact Data

  • If you submit our contact form, we collect your name, email address, subject category, and message content.

2.4 Community Data

  • If you use community features, we store your posts, replies, likes, and any content reports you submit.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

  • Performance of a contract (Article 6(1)(b)) - to create and manage your account, deliver the service you have subscribed to, and process payments.
  • Consent (Article 6(1)(a)) - for optional data you choose to provide (such as school name and subject interests), and for your explicit acceptance of our Terms of Use and Privacy Policy during onboarding.
  • Legitimate interests (Article 6(1)(f)) - to moderate community content, maintain platform security, and improve the service. Our legitimate interests do not override your fundamental rights and freedoms.
  • Legal obligation (Article 6(1)(c)) - to retain financial records as required by applicable UK tax and accounting legislation.

4. Children and Young People

ExamCast is designed for GCSE-level students, teachers, and educational organisations. Under the Data Protection Act 2018 (Section 9), the age of digital consent in the United Kingdom is 13 years.

  • Users must be aged 13 or over to create an ExamCast account.
  • If you are under 13, you must not register for or use ExamCast.
  • We encourage users aged 13 to 17 to review this Privacy Policy with a parent or guardian.

We process only the minimum data necessary to provide our service. We do not engage in profiling, behavioural advertising, or automated decision-making targeting children or any other users.

5. Third-Party Data Processors

We share personal data only with the following third-party service providers, solely to the extent necessary to operate ExamCast:

  • Supabase - provides our database hosting and authentication infrastructure. Your account data is stored on Supabase-managed servers.
  • Stripe - processes all payments. Your email address and username are shared with Stripe as customer metadata to facilitate subscription management. Stripe handles all card data directly.
  • Resend - delivers transactional emails when you submit our contact form. Your email address and message content are shared with Resend for this purpose only.
  • Google - provides authentication via OAuth. We receive your email address and basic profile information from Google when you sign in. We do not share any ExamCast data back to Google.

We do not use analytics or tracking cookies. We do not sell, rent, or share your personal data with advertisers, data brokers, or any other third parties not listed above.

6. Cookies and Local Storage

We use only strictly necessary cookies and local storage:

  • Authentication session cookies - set by Supabase to maintain your login session. These are essential for the service to function and cannot be disabled.
  • Theme preference - stored in your browser's local storage to remember your dark or light mode selection. This is not a cookie and is not transmitted to our servers.

We do not use analytics cookies, advertising cookies, or any other non-essential cookies. Accordingly, no cookie consent banner is required under the Privacy and Electronic Communications Regulations 2003 (PECR).

7. Data Retention

  • Account data - retained for as long as your account is active. Deleted upon your request or account deletion.
  • Community content - retained while visible. Content that has been moderated (hidden or removed) may be retained for a reasonable period for moderation and safety purposes.
  • Contact form submissions - retained for the purpose of responding to and resolving your enquiry.
  • Billing records - retained as required by UK tax and financial record-keeping obligations, typically for a minimum of six years.
  • Consent records - the timestamps of your acceptance of our Terms of Use and Privacy Policy are retained as evidence of consent for the duration of your account and for a reasonable period thereafter.

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access - you may request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification - you may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure - you may request that we delete your personal data, subject to any overriding legal obligations we may have.
  • Right to restrict processing - you may request that we limit how we use your personal data in certain circumstances.
  • Right to data portability - you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object - you may object to our processing of your personal data where we rely on legitimate interests as the lawful basis.

We do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects on you.

To exercise any of these rights, please contact us at admin.examcast@gmail.com. We will respond to your request within one month, as required by law.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO via their website at ico.org.uk or by telephone on 0303 123 1113.

9. International Data Transfers

Some of our third-party service providers (including Supabase and Stripe) may process your personal data on servers located outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR, such as Standard Contractual Clauses approved by the Information Commissioner, or transfers to countries that have been granted an adequacy decision by the UK Secretary of State.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically. Your continued use of ExamCast after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ExamCast
Email: admin.examcast@gmail.com