9StraightNines

Privacy Policy

Last updated: 14 February 2026

1. Who we are

Straight Nines (“we”, “us”, “our”) operates the website straightnines.com, a free revision resource for AQA GCSE English Literature (8702). If you have any questions about this policy, please contact us at hello@straightnines.com.

2. What data we collect

We may collect the following personal data:

  • Account data — When you sign in with Google, we receive your name, email address, and profile picture from Google OAuth.
  • Usage data — Pages visited, features used (flashcards, exams, vocab quizzes), and study progress.
  • Device data — Browser type, operating system, screen resolution, and IP address (anonymised where possible).
  • Cookies & local storage — We use cookies and browser local storage to remember your preferences and progress. See our Cookie Policy for details.

3. How we use your data

We use your data to:

  • Provide and maintain the service (saving your flashcard progress, exam results, etc.).
  • Authenticate your account via Google sign-in.
  • Improve the website through anonymised usage analytics.
  • Respond to your queries if you contact us.

We do not sell your personal data to third parties. We do not use your data for advertising or marketing purposes.

4. Legal basis for processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your data on the following bases:

  • Consent — For analytics cookies (you can accept or reject these via our cookie banner).
  • Legitimate interest — To provide the service, save your study progress, and improve the site.
  • Contract performance — To provide the service you've signed up for.

5. Data storage & security

Your data is stored securely using Supabase (hosted on AWS in the EU). We use HTTPS encryption for all data in transit and follow industry-standard security practices. Local storage data (flashcard progress, quiz scores) is stored only on your device.

6. Data sharing

We share data only with the following third-party services that are essential to running the site:

  • Supabase — Database and authentication provider.
  • Google — OAuth authentication (sign in with Google).
  • Vercel / Netlify — Website hosting.

Each provider has their own privacy policy and is compliant with GDPR.

7. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymised analytics data may be retained indefinitely.

8. Your rights

Under GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Ask us to correct inaccurate data.
  • Erasure — Request deletion of your personal data (“right to be forgotten”).
  • Restrict processing — Ask us to limit how we use your data.
  • Data portability — Receive your data in a structured, machine-readable format.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Withdraw consent at any time for consent-based processing.

To exercise any of these rights, email us at hello@straightnines.com. We will respond within 30 days.

9. Children’s privacy

Our service is designed for GCSE students, many of whom are under 18. We do not knowingly collect more data than is necessary to provide the service. We do not use data from minors for marketing. If you are a parent or guardian and believe we have collected data about your child inappropriately, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on the website. Your continued use of the site after changes constitutes acceptance of the updated policy.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection authority.

12. Contact us

For any privacy-related questions, contact us at: hello@straightnines.com