Privacy Policy

Last updated: 30 May 2026

The short version: Sussed collects only the information needed to provide the revision tutor service. We don’t sell your data, we don’t share it with advertisers, and you can ask us to delete it at any time. Most of what we collect (subjects, topic confidence, practice scores) stays in your own browser. Payment and account information is handled by trusted services (Stripe and Anthropic) under their own privacy standards.

Who we are

Sussed is operated as a sole trader business based in New Zealand, providing an online revision tutoring service for students preparing for GCSE, A-Level and NCEA examinations. The data controller responsible for your personal information is the sole trader operating getsussed.co.uk.

If you need to contact us about this policy or about your data, write to hello@getsussed.co.uk.

What information we collect

Information you give us directly

Profile information: your first name, country (UK or NZ), year group (Y11, Y12, Y13), and the school subjects you study. This is needed to personalise the tutor to your curriculum and exam dates.
Payment information: when you subscribe, your card details are entered directly with our payment provider, Stripe. We do not see or store your card number. Stripe shares with us only the information needed to manage your subscription (a customer ID, your subscription status, and the email you used to subscribe).
Email address: collected by Stripe at checkout. Used to send receipts and (rarely) service announcements.
Feedback you submit: any messages or feedback you choose to send via the Feedback tab in the app, or by email.

Information stored in your browser

Most of your study data is stored locally in your browser’s localStorage, not on our servers. This includes:

Your subject and topic confidence ratings
Past paper attempts and your marked answers
Your revision timetable
Your AI Tutor conversation history within a session
Short summary notes from previous tutor sessions (per subject, on your device only)

This data stays on your device. It is not transmitted to our servers and we cannot see it. If you clear your browser data or use a different device, this information will not be available.

Information we receive when you use the AI tutor

When you ask the AI tutor a question, your question, the relevant subject and topic, and a brief context about your year group and country are sent securely to Anthropic (the company that provides Claude, the AI model behind the tutor). Anthropic processes this to generate a tutoring response and returns it to your device. Anthropic’s privacy policy governs their handling of this data.

Photos you upload of handwritten answers are sent to Anthropic for transcription and marking. They are resized in your browser before upload (typically to under 500KB) and are not stored on our servers after processing.

Information collected automatically

Our hosting provider, Netlify, logs basic technical information when your browser connects to our site — IP address, browser type, the page accessed, and timestamp. This is standard for any website and is used for security, debugging, and abuse prevention. We do not use this information for marketing or to profile you.

We do not currently use analytics tools that track individual users. We do not use advertising cookies.

Why we collect this information

We use your information only for the following purposes:

To provide the tutoring service you signed up for
To process your subscription payments
To send you receipts and important service updates
To respond to your support requests or feedback
To improve the product based on aggregate (non-identifying) patterns of use
To detect and prevent fraud or misuse

Under UK GDPR and the NZ Privacy Act 2020, our lawful bases for processing your personal data are: contract (we need this information to deliver the service you’ve paid for), consent (where you’ve voluntarily provided feedback), and legitimate interests (security and basic site operations).

Who we share your information with

We only share your information with the third-party services strictly necessary to deliver the product:

Stripe — payment processing. Stripe sees your card details (we do not). Stripe privacy policy.
Anthropic — provides the AI model that powers the tutor. Your tutoring questions and photo uploads are sent to Anthropic for processing. Anthropic privacy policy.
Netlify — hosts the site and runs the small server functions that connect Sussed to Stripe and Anthropic. Netlify privacy policy.
Cloudflare — provides DNS routing and email forwarding for our domain. Cloudflare privacy policy.

We do not sell your personal information. We do not share it with advertisers or data brokers. We do not use it to build profiles for marketing purposes.

How long we keep your information

We retain your account and subscription information for as long as you are a customer, and for up to seven years after you cancel, as required by UK and NZ tax record-keeping rules.

Locally-stored data in your browser persists until you clear it or reset your data from the Settings tab.

Tutoring session content sent to Anthropic is processed according to Anthropic’s own retention policies. We do not maintain our own copy.

Your rights

Under UK GDPR, the NZ Privacy Act 2020, and similar laws elsewhere, you have the right to:

Access the personal information we hold about you
Correct information that is inaccurate or incomplete
Delete your personal information (subject to tax record retention requirements)
Object to our processing of your information
Restrict certain processing
Port your data to another service
Withdraw consent at any time where consent was the basis for processing

To exercise any of these rights, email hello@getsussed.co.uk. We will respond within 30 days.

If you believe we have not handled your data properly, you can complain to your local data protection authority:

UK: Information Commissioner’s Office (ICO)
NZ: Office of the Privacy Commissioner

Children and young people

Sussed is designed for secondary school students aged approximately 14–18. We do not knowingly collect data from children under 13. If you are under 16 and live in the UK or EU, please make sure a parent or guardian has agreed to your use of Sussed before you subscribe.

For Y11–13 students who use Sussed, we collect only the minimum information needed to personalise the tutor. Parents who pay for a child’s subscription can contact us at any time to access, correct, or delete that information.

Security

We take reasonable measures to protect your information:

All connections to Sussed use HTTPS encryption (TLS)
API keys and credentials are stored as encrypted environment variables on Netlify, never in our code
Payment details are handled exclusively by Stripe and never touch our servers
We use the minimum necessary access permissions on all third-party services

No system is perfectly secure. If you discover a security issue, please report it to hello@getsussed.co.uk.

International transfers

Some of our service providers (Anthropic, Stripe, Netlify, Cloudflare) are based in the United States. Your data may therefore be transferred to or processed in the US. These providers maintain appropriate safeguards for international data transfers, including Standard Contractual Clauses and (where applicable) the EU-US Data Privacy Framework.

Changes to this policy

We may update this policy from time to time. Significant changes will be communicated to subscribers by email. The “Last updated” date at the top of this page always reflects the current version.

Contact

For any privacy questions, requests, or concerns: hello@getsussed.co.uk