Privacy Policy

What Data We Collect

Account information: your first name and email address, provided when you sign up.

Study and usage data: session history, card responses and ratings, Reflex Map readiness scores, streak data, exam date, and daily activity. This data powers the adaptive learning system and your personal Reflex Map.

Payment data: payment transactions are processed securely by a third-party payment provider. We receive confirmation of payment but do not receive or store your card number, expiry date, or CVC.

Technical data: IP address, browser type, device information, and session timestamps. This data is used for session management, security, and service reliability.

Communications: if you contact us by email or WhatsApp, we retain the content of those messages to provide support and improve the service.

How We Use Your Data

We use your personal data to provide and operate Chairside: Flex, including generating your Reflex Map and Smart Sessions; to manage your account and process your payments; to send you transactional emails (welcome email, session reminders, weekly digest); to respond to your support requests; to monitor and improve the service using aggregated, anonymised usage patterns; and to protect the security and integrity of the service.

Lawful Basis for Processing

Under UK GDPR, we process your data on the following bases:

Contract: processing your account information, study data, and payment data is necessary to provide the service you have purchased.

Legitimate interests: we process technical data and aggregated usage patterns to maintain service security, prevent fraud, and improve the product. We have assessed that this does not override your rights and freedoms.

Consent: where we send you non-essential communications (such as product updates or feature announcements), we rely on your consent, which you can withdraw at any time.

Who We Share Your Data With

We use third-party services to operate Chairside: Flex. Your account and study data is hosted by Supabase, payments are processed by Stripe, transactional emails are delivered by Resend (which receives your email address and first name for this purpose), and the application is hosted by Vercel. These providers may process your data as described in their own privacy policies.

We do not sell your personal data to anyone. We do not share your data with third parties for marketing purposes.

International Data Transfers

Some of our third-party service providers process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including the use of providers certified under recognised data protection frameworks or providers based in jurisdictions with adequate data protection standards as recognised by the UK.

How Long We Keep Your Data

We retain your personal data for as long as your account is active and you have access to the service. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, accounting, or security purposes.

Payment records may be retained for up to 6 years in line with HMRC requirements.

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access: you can request a copy of the personal data we hold about you.

Right to rectification: you can ask us to correct inaccurate or incomplete data.

Right to erasure: you can ask us to delete your personal data, subject to any legal obligations we have to retain it.

Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.

Right to data portability: you can request your data in a structured, commonly used, machine-readable format.

Right to object: you can object to processing based on legitimate interests.

Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email support@getchairside.com. We will respond within one month.

Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection authority. ICO website: ico.org.uk. ICO helpline: 0303 123 1113.

Cookies

Chairside: Flex uses essential cookies required for the service to function, including authentication cookies that keep you signed in. These are strictly necessary and do not require consent.

We do not currently use analytics cookies, advertising cookies, or any non-essential tracking technologies. If this changes in the future, we will update this policy and obtain your consent before setting any non-essential cookies.

Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure authentication, and restricted access to production systems. However, no method of internet transmission or electronic storage is 100% secure.

Children

Chairside: Flex is not intended for anyone under 18. We do not knowingly collect data from children. If we learn that we have collected data from someone under 18, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the service. The “Last updated” date at the top reflects the most recent revision.