Privacy policy
Last updated 03/07/2026
This policy explains what personal data FRCR Vault collects, why, and what your rights are. The data controller is Benjamin Sanderson, trading as FRCR Vault. For any privacy question, contact support@frcrvault.com.
1. What we collect
- Account details — your email address and a password (stored only as a secure hash; we never see it in plain text), or, if you choose Google sign-in, the basic profile Google shares with us.
- Subscription details — your plan, its status and renewal date, and a customer reference held by our payment processor. Your card details are handled entirely by Stripe; we do not receive or store them.
- Study activity — the questions you attempt and your answers, your spaced-repetition schedule, mock-exam sessions, flagged questions and any exam date you set. This is what powers your dashboard and progress tracking.
- Support and reports — if you report a question or email us, we keep the message and any details you include.
- Technical data — standard server logs needed to run and secure the service.
2. How we use it
To create and secure your account, take payment and manage your subscription, deliver the question bank and show your progress and analytics, respond to reports and support requests, and meet our legal and accounting obligations.
3. Legal bases
We rely on performance of a contract (to provide the service you subscribe to), legitimate interests (to keep the service secure and improve it), consent where you give it (for example Google sign-in), and legal obligation (for example keeping billing records).
4. Who processes your data
We share data only with the providers we need to run the service:
- Supabase — authentication and database hosting (your account and study data).
- Stripe — payment processing and subscription billing.
- Vercel — application hosting and delivery.
- Resend — sending operational email.
- Google — only if you choose to sign in with Google.
These providers act on our instructions. Some may process data outside the UK; where they do, appropriate safeguards (such as standard contractual clauses) apply. We do not sell your data or share it for advertising.
5. Cookies
We use only strictly necessary cookies — to keep you signed in and to secure your session. We do not use advertising or analytics cookies, so no cookie banner is needed. Stripe may set its own cookies on its checkout pages, governed by Stripe’s privacy policy.
6. How long we keep it
We keep your account and study data while your account is active. If you close your account or ask us to erase it, we delete your personal data, except records we must keep for legal or accounting reasons (such as proof of a transaction), which we retain only for as long as the law requires.
7. Your rights
Under UK GDPR you can ask us to give you a copy of your data, correct it, erase it, restrict or object to its use, or provide it in a portable form, and you can withdraw consent where we rely on it. Email support@frcrvault.comto exercise any of these. If you are unhappy with how we handle your data you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
8. Changes
We may update this policy; the “last updated” date above shows the current version.
9. Contact
Privacy questions: support@frcrvault.com. See also our Terms and conditions.