IRPCS
Get the app
Features Learn Quiz Blog FAQ Contact Get the app
Last updated · 10 June 2026

Privacy Policy

Your data, in plain language. We built IRPCS to teach you the rules of the sea - not to surveil you while you learn them.

Contents
  1. The short version
  2. What we collect
  3. How we use it
  4. Advertising & consent
  5. Who we share it with
  6. Your rights
  7. Deleting your account
  8. Children
  9. Security & retention
  10. International transfers
  11. Changes to this policy
  12. Contact

1. The short version

IRPCS Ltd ("we", "us", "our") provides the IRPCS mobile and web applications. We collect the minimum information needed to give you a working account, sync your learning progress between devices, and keep the service running. We do not sell your personal data and we never will.

The free tier of the mobile app shows rewarded and interstitial ads served by Google AdMob. On iOS we ask for App Tracking Transparency permission before the first ad; if you decline, ads still show but are not personalised. In the EU and UK we present Google's IAB TCF consent form on first launch and let you change your mind at any time from Settings → Privacy → Ad privacy options.

2. What we collect

Website usage & cookies (irpcs.app)

When you visit this website, we use Cloudflare Web Analytics to record anonymous page-view statistics - which page was viewed, the country it was viewed from, and the referring site. This is privacy-respecting by design: no cookies are set, and no personal data is collected. Cloudflare's analytics data handling is described at cloudflare.com/privacypolicy.

The site sets a single essential cookie (__cf_bm) used by Cloudflare for bot management. It expires after 30 minutes and contains no personal data.

Meta Pixel (optional, opt-in only). If you accept marketing cookies in the consent banner, we load the Meta (Facebook) Pixel so we can measure the performance of ads we run on Facebook and Instagram. The pixel sets two cookies (_fbp, and _fbc if you arrived from a Meta ad) and reports page-view events to Meta along with your IP address and the URL you viewed. We do not pass your email, name, or any other personal identifier to Meta from this site. Meta acts as an independent controller for the data it receives; their handling is described at facebook.com/privacy/policy. You can withdraw consent any time from the "Cookie preferences" link in the footer - we stop loading the pixel script on the next page view and your browser's existing _fbp / _fbc cookies will expire on their own schedule (or you can clear them in your browser settings).

Google Tag Manager (optional, opt-in only). If you accept marketing cookies in the consent banner, we also load Google Tag Manager, which we use to manage site measurement tags (such as Google Analytics 4). Like the Meta Pixel, it is never loaded before you consent. Tags loaded through it may set Google measurement cookies (for example _ga) and report page views to Google along with your IP address and the URL you viewed. We do not pass your email, name, or any other personal identifier to Google from this site. Google's handling is described at policies.google.com/privacy. Withdrawing consent from the "Cookie preferences" link stops the scripts loading on the next page view.

Contact form (irpcs.app/contact). If you send us a message through the contact form, we collect the name, email address, topic, and message you provide, plus your IP address and country (used for abuse prevention and rate limiting). The form is protected by Cloudflare Turnstile, a privacy-first bot check that does not set tracking cookies; Cloudflare processes the data needed to tell humans from bots as described in their privacy policy. Your message is delivered to our inbox via Postmark and retained only as long as needed to handle your enquiry.

We set no other tracking, advertising, or third-party cookies on this website.

Account information

If you sign in with Apple or Google, we receive your name (where available), email address (which may be Apple's private-relay address) and a unique sign-in identifier. If you create an account directly with email and password, we store your email plus a bcrypt hash of your password - we never see or store your password in clear text. A display name you set in the app is stored on your account and can be changed any time from Settings → Account.

Learning data

To personalise practice and surface the rules you haven't mastered yet, the app records: rules viewed, quizzes taken, answers given, time spent per question, your self-rated confidence, saved mistakes, bookmarks, daily-review card state, and any onboarding answers (your region preference, IALA buoyage region, skill level, and goals). Most of this lives on your device and is synced to our servers only when you are signed in.

Device & diagnostic information

App version, build number, operating system version, device model, language, timezone, and last-seen timestamp - so we can send time-of-day push notifications in your local time, target bug fixes to the devices that actually have the bug, and triage crash reports. Crash and performance traces are sent to Sentry with your user identifier so we can answer "which user reported this bug".

Push notifications

If you opt in to notifications, we store the push token your device issues (Expo / APNs on iOS, FCM on Android) alongside your account so we can deliver streak reminders, daily-review nudges, and product updates you have asked for. You can disable notifications in iOS or Android settings, or per-category in Settings → Notifications inside the app.

Subscriptions & comps

If you subscribe to IRPCS Pro, the transaction itself runs through Apple or Google and they hand us a receipt token, the entitlement state (active / lapsed / cancelled), the renewal date, and the store country. We never see your card details. Subscription state is delivered via RevenueCat, which acts as our subscription processor and stores the same receipt-derived data against your user id.

Complimentary IRPCS Pro grants (for cadets, academies, and reviewers) and 25%-off annual discount codes are stored as separate records on your account so we can reconcile fairness disputes; they hold your account id, your email, and the grant duration.

Advertising data (free tier, mobile only)

The free tier serves rewarded and interstitial ads via Google AdMob. When ads are served, AdMob processes contextual signals (device type, country, OS version, ad placement, ad-impression events), and - only if you grant App Tracking Transparency on iOS and complete the IAB TCF consent form in regulated regions - your advertising identifier (IDFA on iOS, Android Advertising ID on Android) for personalised ad selection and frequency-capping. If you decline tracking, AdMob receives no identifier and serves non-personalised ads.

What we do not collect

  • Your location, unless you explicitly turn on a feature that needs it
  • Your contacts, photos, microphone, or camera
  • Your browsing activity outside the IRPCS app
  • Special-category data such as race, religion, health, or political views
  • Your card or bank account details (Apple and Google handle payments; we only see receipts)

3. How we use it

  • To give you a working, signed-in account that syncs across devices
  • To personalise practice and surface rules you haven't mastered
  • To deliver streak reminders, daily-review nudges, and other push notifications you have opted in to
  • To send transactional emails (welcome, receipts, subscription notices, account changes, complimentary-grant expiry reminders, data-export download links)
  • To investigate crashes, bugs, and performance issues
  • To serve ads to the free tier (mobile only, AdMob), so we can keep the rule library and daily drill genuinely free
  • To meet our legal obligations (tax, anti-fraud, compliance with the App Store and Google Play account-deletion policies)

We do not use your learning data for advertising. We do not sell your data. We do not train AI models on your practice answers.

4. Advertising & consent (mobile, free tier)

Apple App Tracking Transparency (iOS)

On iOS 14.5 and later, before the first ad appears, IRPCS asks for permission to track activity across other companies' apps and websites. We use this permission solely to share your advertising identifier with Google AdMob so they can show you more relevant ads in the free tier. If you decline, AdMob still serves ads, just without your identifier - this typically means less relevant ads and lower revenue for us. Your choice is never resold, and the prompt is shown only once; you can change your decision at any time in iOS Settings → Privacy & Security → Tracking → IRPCS.

EU & UK consent (IAB TCF v2 via Google UMP)

If you live in the European Economic Area, the United Kingdom, or a US state that regulates digital advertising, the first time you open IRPCS we present Google's Consent Management Platform form. Your choices control which IAB TCF purposes the in-app advertising chain may use. We do not show personalised ads unless the consent form returns canRequestAds = true. You can revisit and change your choices any time from Settings → Privacy → Ad privacy options.

Children & under-16 users

IRPCS is intended for adult mariners and adult cadets. We use AdMob's content-rating gate set to G as a safety net, and we follow the IAB TCF tagForUnderAgeOfConsent signal where appropriate.

5. Who we share it with

We share data only with vendors who help us deliver the service, under written contracts that bind them to our standards:

  • Apple and Google - sign-in, in-app purchases, and push-notification delivery (APNs / FCM)
  • Supabase (Frankfurt, EU) - our authentication, database, and Edge Function backend; the source of truth for your account data
  • RevenueCat - subscription receipt processing and entitlement reconciliation
  • Google AdMob (mobile free tier only) - rewarded and interstitial ad serving, including personalisation only where you have granted ATT and/or IAB TCF consent
  • Cloudflare - application hosting for irpcs.app, DDoS protection, and privacy-respecting Web Analytics (no cookies set, no personal data collected)
  • Meta Platforms (only on irpcs.app, and only with your consent in the cookie banner) - ad-performance measurement via the Meta Pixel; receives the URL of the page you viewed and your IP address, but no email, name, or other personal data from this site
  • Google (only on irpcs.app, and only with your consent in the cookie banner) - site measurement via Google Tag Manager and the tags it manages (such as Google Analytics 4); receives the URL of the page you viewed and your IP address, but no email, name, or other personal data from this site
  • Sentry (EU region) - anonymised crash reporting and performance monitoring, including your user id so we can correlate reports
  • Postmark - transactional email delivery (welcome, receipts, comp grants, comp expiry reminders, data-export download links, operator alerts)
  • Help Scout and Atlassian Jira Service Desk - inbound triage of emails you send to [email protected] or [email protected]
  • Sign in with Apple and Continue with Google - federated identity providers, only if you choose them at sign-up

We may disclose data when legally required (court order, regulatory request) or to protect the safety of users or the public.

6. Your rights

Wherever you are, you can:

  • Access - request a copy of the data we hold about you. You can also generate this yourself any time in the app: Settings → Privacy → Export my data emails you a 24-hour download link to a JSON copy of your server-side data
  • Rectify - correct inaccurate information; you can edit your display name and email directly in Settings → Account
  • Erase - delete your account and all associated data, immediately, from Settings → Delete my data → Delete my account. See section 7 for what "delete" specifically means
  • Restrict or object to processing
  • Port your data (the export above is in machine-readable JSON)
  • Withdraw consent at any time - ATT in iOS Settings, IAB TCF consent in Settings → Privacy → Ad privacy options, notification consent in iOS / Android settings

If you're in the UK, EEA or California, you have additional rights under UK GDPR, EU GDPR and CCPA respectively, including the right to lodge a complaint with your local supervisory authority (in the UK, the ICO). Email [email protected] and we'll respond within 30 days.

7. Deleting your account

You can delete your IRPCS account at any time from inside the app: Settings → Delete my data → Delete my account.

When you confirm:

  • Your authentication record (Supabase auth.users), identity bindings (Sign in with Apple, Continue with Google, email/password), and push-notification tokens are hard-deleted immediately
  • Comp grants, discount-code redemptions, question reports you filed, and any audit-log entries are anonymised (your account id removed, your email replaced with a one-way SHA-256 hash) and kept as financial / abuse-investigation business records. These records no longer point at you
  • Quiz attempts, saved mistakes, and spaced-repetition card state stored locally on your device are wiped when you tap delete

The deletion is permanent. We do not keep a recovery window - once your account is gone, it is gone. If you have an active App Store or Google Play subscription, the in-app flow asks you to cancel that first so you are not billed for an account you can no longer access.

This flow complies with Apple App Review Guideline 5.1.1(v) and Google Play's Account Deletion policy. Sign in with Apple users can additionally revoke IRPCS's access to their Apple ID from appleid.apple.com/account/manage; we listen for the corresponding Apple webhook and respond by deleting the linked IRPCS data.

8. Children

IRPCS is intended for adult cadets, deck officers, and recreational mariners. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it. Where IAB TCF applies, we honour the tagForUnderAgeOfConsent signal so personalised advertising is suppressed for under-16 users in regulated regions.

9. Security & retention

Data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with bcrypt. We keep account data for as long as your account is active. When you delete your account, identifying data is removed immediately (see section 7); anonymised audit-trail rows that no longer point at you are retained indefinitely as a business record. Sentry crash data is retained for 90 days. AdMob ad-request logs are governed by Google's standard retention. Push delivery records are retained for 30 days for operational debugging.

10. International transfers

Our application hosting (irpcs.app) runs on Cloudflare's global network; our data backend (Supabase) is in Frankfurt, EU; Sentry stores crash traces in its EU region. Postmark, RevenueCat, AdMob, Help Scout, and Atlassian operate from the United States. Data may be processed in the UK, EU, and US, protected by Standard Contractual Clauses and Data Processing Addenda where required.

11. Changes to this policy

If we materially change this policy, we'll notify you in the app and by email at least 30 days before the change takes effect.

12. Contact

Privacy questions, data-access requests, and complaints: [email protected].

General support: [email protected].