1. Who We Are

MemOrLearn is a web-based educational platform providing learning tools including flash cards, math fluency practice, a typing tutor, Bible memory, and grammar courses.

2. Data We Collect

• 2.1 Account Registration Data

When you create an account, we collect:

• First name and last name
• Email address
• Username (automatically generated from your name)
• Hashed password (we never store your password in plain text)
• Account type (student or teacher)
• Registration date and last login date

• 2.2 Subscription and Payment Data

When you subscribe to a plan, we record:

• Your chosen subscription plan
• Subscription status (e.g. active, trialing, canceled)
• Subscription start date, renewal date, and cancellation date (where applicable)
• Whether auto-renewal is enabled
• Whether you have used a free trial

Payment card details are processed and stored by Stripe, our payment processor. We do not receive or store your full card number, CVV, or other sensitive payment details. We do store your Stripe Customer ID and Stripe Subscription ID to link your account to your Stripe records.

• 2.3 Learning Progress Data
  

We store your activity and progress within each learning module:

• Flash Cards: card decks you create (deck name, cards and their content), and your study progress per card.
• Math Fluency: daily practice statistics (correct answers, total attempts, date), your current grade level, and grade lock status.
• Typing Tutor: results per lesson including words per minute (WPM), accuracy percentage, session duration, and completion timestamp.
• Bible Memory: verse collections and their contents, per-verse attempt history (typed text and score), verse progress status, and practice settings (e.g. ignore capitalisation, first-letter mode).
• Grammar Course: per-sentence progress scores (step 1, 2, and 3), completion dates, current grade and grade lock status, and daily streak information.

• 2.4 Teacher–Student Relationship Data
  

If you use teacher features, we also store:

• Associations between teacher accounts and the student accounts they manage.
• Student credit balances assigned by the teacher.
• Student invitation records (invite links issued by teachers).

• 2.5 Discount and Promotion Data
  

If you use a discount code during checkout, we record the code and the number of times it has been redeemed.

• 2.6 Cookies
  

We use a cookie to remember that you have acknowledged our cookie notice:

• gcb_dismissed — set for 12 months when you dismiss the cookie banner.

The System also sets standard session cookies to keep you logged in while you use the platform. These cookies are essential for the Service to function and are deleted when your session ends (or after the remember-me period if selected at login).
Third-party services we use (such as Google Analytics) may also set their own cookies. Please refer to the relevant third-party privacy policies listed in Section 4 for details.

• 2.7 Analytics and Site Performance Data
  

We use Google Analytics to collect information about how visitors use the website, including pages visited, time spent on pages, browser type, device type, and approximate geographic location (derived from IP address). This data is collected in aggregate and is used to improve the Service. Google Analytics may use cookies and similar tracking technologies.
We also use Google Search Console and other search engine indexing tools to monitor the website’s performance in search results. These tools may collect data about search queries that led users to the site and how pages are indexed.

• 2.8 Demo Mode
  

The public demo is available without registration. All data generated in demo mode is stored exclusively in your browser’s session storage on your own device. No personal data from demo sessions is stored by us. Session storage is automatically cleared when you close the browser tab. We do count the number of times each demo module is visited (a simple integer counter, with no user identification) for internal analytics.

• 2.9 Debug Logging
  

When debug logging is enabled by an administrator (typically during troubleshooting), the system may write a server-side log file. This log may include your user ID, email address, and technical details about requests you make to the Service. Debug logs are accessible only to administrators and are cleared regularly. Logging is disabled by default.

3. How We Use Your Data

We use the data we collect for the following purposes:

To create and manage your user account.
To process subscription payments and manage your billing relationship with Stripe.
To provide access to learning modules appropriate to your subscription plan and role.
To save and display your learning progress within each module.
To allow teachers to manage and monitor the progress of students in their care.
To send password reset emails when requested.
To send subscription-related notifications (e.g. payment confirmation, subscription activation).
To analyse website usage and improve the Service using tools such as Google Analytics.
To monitor search performance and visibility through tools such as Google Search Console.
To enforce access controls and prevent fraud or abuse.
To maintain the security and integrity of the platform.

We do not sell your personal data to third parties.

4. Third-Party Services

We currently use the following third-party services. Each operates under its own privacy policy and may collect or process data about you independently of us.

• Stripe — payment processing for subscriptions and credit purchases. Stripe handles all card data in compliance with PCI-DSS. Privacy policy: stripe.com/privacy
• Google Analytics — website usage analytics including page views, session data, and approximate location. Privacy policy: policies.google.com/privacy
• Google Search Console — search performance monitoring and site indexing. Privacy policy: policies.google.com/privacy
• Google Fonts — loading of interface fonts (DM Sans, Outfit, Manrope). When fonts load, your browser contacts Google’s servers. Privacy policy: policies.google.com/privacy
• hCaptcha (optional, when enabled) — bot protection on the registration form. Privacy policy: hcaptcha.com/privacy

We reserve the right to add, remove, or change the third-party services we use at any time and without individual notice to users. When we do so, this Privacy Policy will be updated to reflect the change. The updated policy will be posted on this page with a revised effective date. Continued use of the Service after any such update constitutes your acceptance of the revised policy.

5. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data (name, email, password hash) is retained until your account is deleted.
• Subscription records are retained for accounting and compliance purposes even after cancellation.
• Learning progress data is retained indefinitely while your account exists so that your progress is preserved across sessions.
• Debug log files are temporary and cleared regularly by the administrator.
• Session tokens (login cookies) expire when your session ends or after the selected remember-me duration.
• Analytics data held by Google Analytics is subject to Google’s own retention settings.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data by updating your account settings.
• Request deletion of your account and associated data by contacting us.
• Object to our use of your data or request that we restrict processing in certain circumstances.
• Receive a copy of your data in a portable format on request.

Please note that some data (such as subscription records) may need to be retained for legal or accounting reasons even after an account deletion request. To exercise any of these rights, please contact us through the website.

7. Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. These include:

• Passwords are hashed using a secure hashing system — we cannot recover your plain-text password.
• Payment card data is handled exclusively by Stripe and never passes through our systems.
• Access to admin features and the debug log is restricted to authorised administrators only.
• Authentication tokens and nonces are used to protect all form submissions and AJAX requests.

No system can be completely secure. If you become aware of a security issue affecting this platform, please notify us promptly.

8. Children’s Privacy

Student accounts may be held by minors. Student accounts are created either by a teacher (on the student’s behalf) or by direct registration with parental consent. We collect only the minimum data required to provide the educational service. We do not use data from student accounts for marketing purposes.

If you believe we have inadvertently collected personal information from a child without appropriate consent, please contact us immediately so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy at any time, including when we add, remove, or change third-party services. When we do, we will update the effective date at the top of this page. We will not provide individual notice to users for every change. It is your responsibility to review this policy periodically. Continued use of the Service after a policy change constitutes your acceptance of the updated policy.

10. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the data we hold about you, please contact us through the website.