H
HPATPro← Back to Home

Privacy Policy

Last updated: 2 March 2026

1. Introduction

HPATPro ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at hpatpro.ie ("the Site") and our services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Irish Data Protection Act 2018, and all applicable data protection legislation. By using our Site, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

3. What Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

  • Account information: name, email address, and password when you register
  • Profile information: display name and avatar (if provided)
  • Payment information: processed securely through our payment provider — we do not store your credit card details
  • Communications: messages you send to us via email or support channels

3.2 Information Collected Automatically

  • Usage data: pages visited, features used, practice questions answered, quiz scores, and study activity
  • Device information: browser type, operating system, screen resolution, and device type
  • Log data: IP address, access times, referring URLs, and error logs
  • Cookies and similar technologies: see our Cookie Policy for details

4. How We Use Your Data

We use your personal data for the following purposes:

  • Providing our services: to operate your account, deliver content, track your progress, and provide AI-powered tutoring and explanations
  • Personalisation: to customise your learning experience, recommend study topics, and generate analytics
  • Communication: to send account-related notifications, respond to your enquiries, and (with your consent) send marketing communications
  • Improvement: to analyse usage patterns, improve our platform, and develop new features
  • Security: to detect and prevent fraud, abuse, and unauthorised access
  • Legal compliance: to comply with applicable laws, regulations, and legal processes

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide our services to you (Article 6(1)(b))
  • Legitimate interests: improving our platform, ensuring security, and analytics (Article 6(1)(f))
  • Consent: marketing communications and non-essential cookies (Article 6(1)(a))
  • Legal obligation: complying with applicable laws (Article 6(1)(c))

6. Data Sharing

We do not sell your personal data. We may share your data with:

  • Service providers: Supabase (authentication and database hosting), Vercel (website hosting), and payment processors — all bound by data processing agreements
  • AI service providers: anonymised or pseudonymised data may be processed to deliver AI tutoring features
  • Legal authorities: when required by law, court order, or to protect our legal rights

All third-party service providers are carefully selected and are required to implement appropriate data protection measures.

7. International Data Transfers

Some of our service providers may process your data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's adequacy decision.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. After account deletion, we will retain your data for a maximum of 12 months for legal and administrative purposes, after which it will be securely deleted or anonymised.

Usage analytics data may be retained in anonymised form indefinitely for statistical purposes.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: request limitation of how we process your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@hpatpro.ie. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure authentication via Supabase Auth
  • Access controls and role-based permissions
  • Regular security reviews and updates

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our services are intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically. Continued use of the Site after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints:

🎓

HPATPro Assistant

Online — replies instantly