Privacy Policy
Your data, in plain language. We built IRPCS to teach you the rules of the sea — not to surveil you while you learn them.
1. The short version
IRPCS Ltd ("we", "us", "our") provides the IRPCS mobile and web applications. We collect the minimum information needed to give you a working account, sync your learning progress between devices, and keep the service running. We do not sell your personal data and we never will.
2. What we collect
Account information
If you sign in with Apple or Google, we receive your name, email address and a unique sign-in identifier. If you create an account directly, we collect your email and a hashed password.
Learning data
To sync your progress and tailor practice to your weak spots, we store: rules viewed, quizzes taken, answers given, time spent, and bookmarks.
Device information
App version, operating system version, device model, language, and crash diagnostics. We use this to fix bugs and to make sure the app works on the devices you actually use.
Purchase information
If you buy a subscription, the transaction is handled by Apple, Google or Stripe. We receive a receipt and subscription status — never your card details.
What we do not collect
- Your location, unless you explicitly turn on a feature that needs it
- Your contacts, photos, microphone, or camera
- Your browsing activity outside the IRPCS app
3. How we use it
- To give you a working, signed-in account that syncs across devices
- To personalise practice and surface rules you haven't mastered
- To send transactional emails (receipts, password resets, account changes)
- To investigate crashes, bugs, and performance issues
- To meet our legal obligations (tax, fraud prevention)
We do not use your learning data for advertising. We do not run third-party advertising trackers in the app.
4. Who we share it with
We share data only with vendors who help us deliver the service, under written contracts that bind them to our standards:
- Apple, Google — sign-in and in-app purchases
- Stripe — web subscription payments
- Cloudflare — application hosting and DDoS protection
- Sentry — anonymised crash reporting
- Postmark — transactional email delivery
We may disclose data when legally required (court order, regulatory request) or to protect the safety of users or the public.
5. Your rights
Wherever you are, you can:
- Request a copy of the data we hold about you
- Correct inaccurate information
- Delete your account and all associated data
- Export your learning history
- Withdraw consent at any time
If you're in the UK, EEA or California, you have additional rights under UK GDPR, EU GDPR and CCPA respectively, including the right to lodge a complaint with your local supervisory authority. Email [email protected] and we'll respond within 30 days.
6. Children
IRPCS is not directed at children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
7. Security & retention
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed with bcrypt. We keep account data for as long as your account is active, plus 90 days after deletion to allow recovery. Anonymised analytics may be retained longer for product improvement.
8. International transfers
Our infrastructure runs on Cloudflare's global network. Data may be processed in the UK, EU, and US, protected by Standard Contractual Clauses where required.
9. Changes to this policy
If we materially change this policy, we'll notify you in the app and by email at least 30 days before the change takes effect.
10. Contact
Questions, requests, or concerns: [email protected].
IRPCS Ltd, registered in England and Wales. Postal address available on request.