Privacy Policy

1. Introduction

Minigem Study ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information from Authentication Providers

When you sign in using Google, Microsoft, or LinkedIn, we receive:

• Your name
• Email address
• Profile picture (if available)
• Unique identifier from the authentication provider

We do not receive or store your password. Authentication is handled entirely by your chosen provider.

2.2 Usage Data

We automatically collect certain information when you use the Service:

• Assessment responses and scores
• Credit usage and purchase history
• Features accessed and time spent
• Device type and browser information

2.3 Analytics and Telemetry Data

We collect analytics data to improve our Service. This includes:

• Page views and navigation: Which pages you visit and how you navigate between them
• Session data: A random session identifier to group your activities during a single visit
• Device information: Device type (mobile/tablet/desktop), operating system, browser type and version, screen resolution
• Approximate location: Country and region derived from your IP address (we do not store your actual IP address - see below)
• Referrer information: How you arrived at our site (e.g., search engine, direct link, UTM campaign parameters)
• Feature usage: Which assessments you start and complete, your scores, and time spent
• Purchase events: When you initiate and complete credit purchases or subscription changes
• Error tracking: Technical errors you encounter to help us fix issues

IP Address Handling: We do not store your raw IP address. Instead, we create a one-way cryptographic hash of your IP address combined with the current date. This allows us to identify unique visitors for statistical purposes without being able to trace activity back to your actual IP address. The hash changes daily to further protect your privacy.

3. How We Use Your Information

We use your personal data to:

• Provide and maintain the Service
• Process your credit purchases
• Track your assessment progress
• Improve our AI feedback systems
• Send important service updates

3.1 Analytics Purposes

We use analytics data to:

• Understand how users interact with our Service
• Identify and fix technical issues
• Improve user experience and interface design
• Measure the effectiveness of features and content
• Make data-driven decisions about new features
• Analyse aggregated trends (e.g., most popular question types, common errors)

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract: Processing necessary to provide the Service you have requested (e.g., account creation, credit purchases, assessments)
• Legitimate Interests: We have a legitimate interest in collecting analytics data to improve our Service, provided this does not override your fundamental rights and freedoms. Our analytics are first-party only (no third-party tracking), use privacy-preserving techniques (IP hashing), and are essential for service improvement
• Legal Obligation: Where we are required to retain certain data for legal or regulatory purposes

5. Data Storage and Security

Your data is stored securely on servers located in the United Kingdom with industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Profile pictures are stored as base64-encoded data in our database to ensure fast loading and avoid third-party image hosting dependencies.

6. Third-Party Services

We use the following third-party services:

• Google OAuth: For authentication. Subject to Google's Privacy Policy
• Microsoft Azure AD: For authentication. Subject to Microsoft's Privacy Statement
• LinkedIn: For authentication. Subject to LinkedIn's Privacy Policy
• Stripe: For payment processing. Subject to Stripe's Privacy Policy

No Third-Party Analytics: We do not use Google Analytics, Facebook Pixel, or any other third-party tracking services. All analytics are collected and processed on our own servers.

7. Data Retention

We retain different types of data for different periods:

• Account data: Retained while your account is active. Deleted upon account deletion request
• Assessment data: Retained while your account is active to show your progress history
• Purchase records: Retained for 7 years as required by UK tax regulations
• Analytics events: Retained for 2 years, then automatically deleted
• Aggregated analytics: Retained indefinitely (contains no personal data)

You may request deletion of your account at any time via the Profile page. Upon deletion, all personal data will be removed except where we are legally required to retain it.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (via Profile page)
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Request your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests

To exercise these rights, please use the self-service options in your Profile page or visit our Help Centre for guidance.

9. Children's Privacy

The Service is intended for students aged 13 and older in accordance with the minimum age requirements of our authentication providers (Google and Microsoft require users to be 13+). We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

10. Cookies and Session Storage

We use the following types of cookies and browser storage:

• Essential Cookies: Required for authentication and session management. These cannot be disabled as the Service will not function without them
• Session Storage: Stores a random session identifier for analytics purposes. This is cleared when you close your browser tab

We do not use advertising cookies, tracking pixels, or any third-party cookies. Our first-party analytics operate under legitimate interests and do not require separate consent under UK GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact and Complaints

For privacy-related questions or to exercise your rights, please visit our Help Centre which provides self-service options and guidance.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk