Last updated: 1 March 2026
Privacy Policy
TL;DR (Quick Summary)
We collect: Your email, name (if you give it), what year you're in, and what programmes you bookmark. We also track which career tasks you've completed so you can see your progress.
We use it for: Showing you relevant opportunities, reminding you about deadlines, and making the platform better. We don't sell your data. Ever.
Your rights: You can see, edit, or delete all your data anytime in your settings. Just email us if you need help.
We're hosted in the EU, fully GDPR compliant, and we take security seriously.
Read on for the full details, or contact us at hello@studentgrowthspace.com with any questions.
1. Who We Are
Student Growth Space ("we", "us", "our") is a UK-based platform helping students navigate their path from sixth form through university and into their careers. We're registered in the United Kingdom and act as the data controller for all personal information collected through our website at studentgrowthspace.com.
Contact us: hello@studentgrowthspace.com
2. What This Policy Covers
This Privacy Policy explains how we collect, use, store, and protect your personal information when you:
- Create an account on Student Growth Space
- Use our platform tools (programme directory, protocol tracker, exam countdown, finance calculator)
- Interact with our website or services
Important: By using our platform, you agree to this Privacy Policy. If you don't agree, please don't use our services.
3. Information We Collect
3.1 Personal Information You Provide
When you sign up and use our platform, we collect:
| Information | Required? | Why we need it |
|---|---|---|
| Email address | Yes | Account creation, login, important updates |
| Full name | No | Personalising your experience (you choose) |
| Year group | Yes | Showing relevant opportunities (Year 12/13/Uni) |
| University/school | No | Better programme recommendations (optional) |
| A-Level subjects | No | Exam countdown feature (your choice) |
3.2 Usage Data (Automatically Collected)
We track how you use the platform to improve your experience:
- Protocol progress: Which of the 15 career tasks you've completed
- Bookmarks: Which programmes you've saved for later
- Calculator inputs: We process these to show results but don't store your household income data
- Login activity: When you last used the platform (for security and analytics)
- Technical data: Browser type, device type, and approximate location (country level only)
3.3 Authentication Data
- Email/password: Stored securely by Supabase using industry-standard hashing (bcrypt)
- Google OAuth: If you choose "Sign in with Google", your credentials are managed by Google. We only receive your email and basic profile info.
4. How We Use Your Information
We use your data to provide and improve our services:
Core functionality:
- Personalising programme recommendations based on your year group
- Tracking your progress through the 15-step protocol
- Showing relevant A-Level exam countdowns
- Saving your bookmarked programmes for easy access
Communication (with your consent):
- Deadline reminders for programmes you've bookmarked (future feature)
- Important updates about the platform
- Career tips and opportunities we think you'll value
Improvement and security:
- Understanding how students use our tools so we can make them better
- Protecting against fraud, abuse, or security threats
- Complying with legal obligations
We never:
- Sell your personal information to third parties
- Use your data for advertising (we don't show ads)
- Share your information with universities or employers without your explicit permission
5. Legal Basis for Processing (GDPR)
Under UK and EU data protection law, we process your data based on:
- Contract necessity: We need your email and year group to provide the service you signed up for
- Legitimate interests: We analyse usage patterns to improve our platform and keep it secure
- Consent: For optional features like email reminders (you can opt out anytime)
- Legal obligation: When required to comply with laws or regulations
6. How We Store and Protect Your Data
6.1 Security Measures
- Encryption: All data is encrypted in transit (HTTPS/TLS 1.3) and at rest (AES-256)
- Passwords: Hashed using bcrypt—never stored in plain text
- Access control: Strict internal controls on who can access user data
- Regular audits: We review our security practices regularly
6.2 Where Your Data Lives
We use Supabase, a GDPR-compliant database provider with servers in the European Union (Frankfurt, Germany). This means your data is protected by EU data protection laws, considered among the strongest in the world.
6.3 Payment Data
We don't currently handle payments. When we introduce premium features, we'll use Stripe, a PCI-DSS compliant payment processor. We never see or store your credit card details—Stripe handles everything securely.
7. Third-Party Services
We work with trusted providers to run our platform:
| Service | What they do | Their privacy policy |
|---|---|---|
| Supabase | Database, authentication, hosting | supabase.com/privacy |
| Vercel | Website hosting and delivery | vercel.com/legal/privacy-policy |
| Optional OAuth login | google.com/policies/privacy | |
| Plausible Analytics | Privacy-focused usage analytics (no cookies) | plausible.io/privacy |
Future services: Stripe (payment processing), SendGrid/Resend (email delivery). We only share the minimum data necessary with these providers, and all are GDPR-compliant with appropriate data processing agreements in place.
8. Your Rights Under GDPR
As a UK/EU user, you have strong rights over your data:
- Right to access: View all data we hold about you in your account settings, or email us for a complete copy.
- Right to rectification: Edit your profile information anytime in settings. Spot an error? Let us know and we'll fix it.
- Right to erasure ("Right to be forgotten"): Delete your account permanently. All personal data is removed within 30 days. Some anonymised analytics may be retained.
- Right to restrict processing: Temporarily pause how we use your data while resolving a dispute.
- Right to data portability: Request your data in a standard format to take elsewhere (coming soon as a self-service feature).
- Right to object: Opt out of non-essential communications and certain types of processing.
To exercise any right: Email hello@studentgrowthspace.com or use the controls in your account settings. We respond to all requests within 30 days.
9. Cookies and Local Storage
We keep this simple:
Essential cookies only:
- Session authentication (keeps you logged in)
- Security tokens (protects against attacks)
No tracking or advertising cookies: We don't use Google Analytics, Facebook pixels, or any ad tracking.
LocalStorage: We store some preferences locally on your device (like your exam countdown precision or sort order). This never leaves your browser and isn't sent to our servers. You can clear this data anytime through your browser settings, though it may reset your preferences.
10. Data Retention
| Data type | How long we keep it |
|---|---|
| Active account data | Until you delete your account |
| Deleted accounts | Permanently erased within 30 days |
| Anonymised usage analytics | Indefinitely (can't identify you) |
| Server logs (security) | 90 days |
| Backup copies | Up to 30 days after deletion |
11. Children's Privacy and Age-Appropriate Design
Our platform is designed for students aged 16–25.
For users under 18:
- We encourage you to review this Privacy Policy with a parent or guardian
- We don't knowingly collect data from children under 16
- If we discover we've collected data from someone under 16, we delete it immediately
UK Age Appropriate Design Code:
We follow the ICO's Children's Code principles:
- We prioritise your privacy and wellbeing
- We don't use manipulative design patterns (no dark patterns)
- We provide clear information about how we use your data
- We give you control over your privacy settings
12. International Data Transfers
Your data is stored in the European Union (Germany). We don't transfer your personal data outside the UK/European Economic Area unless you specifically request a service requiring it, or we have appropriate safeguards in place (Standard Contractual Clauses). All our core services are EU-based to ensure maximum protection.
13. Changes to This Policy
We may update this Privacy Policy as our platform evolves. When we do:
- We'll change the "Last Updated" date at the top
- We'll email you about significant changes (using your registered email)
- We'll post a notice on the platform for 30 days before major changes take effect
Continued use of Student Growth Space after changes means you accept the updated policy.
14. Contact Us
Questions about this policy? Concerns about your data? Want to exercise your rights?
Email: hello@studentgrowthspace.com
We'll respond within: 48 hours (usually much faster)
For formal complaints: You have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk, but we hope you'll give us a chance to resolve any issues first.
15. Quick Reference
| Your question | Our answer |
|---|---|
| Who owns my data? | You do. We're just looking after it. |
| Can I delete everything? | Yes, anytime. Account deletion is permanent. |
| Do you sell my data? | Never. We don't even show ads. |
| Is my data secure? | Yes. Encrypted, EU-hosted, GDPR compliant. |
| What if I forget my password? | Reset link sent to your email. We can't see your password. |
| Can my school see my data? | No. Only you can access your account. |
Thanks for trusting Student Growth Space with your career journey. We're here to help you succeed, not to exploit your data.
— The Student Growth Space Team