Privacy Framework
Standard Data Protection Compliant Architecture Β· Last Revision: Feb 2026
Standard Data Protection Compliant
Study CPEA applies the highest standards of data protection, specifically tailored for Caribbean students under 18. We strictly adhere to the Age Appropriate Design standards (Children's Code).
01
Who We Are
Study CPEA is the data controller for personal information collected through this platform. We operate a specialized educational revision service for Caribbean students aged 9β14.
Inquiries
support@studycpea.comOfficial Hub
studycpea.com
02
What Data We Collect
We collect only the minimum data necessary to provide and improve the Study CPEA service.
β’ Email address (for login and account recovery)
β’ Display name / first name
β’ Account type (student or parent)
β’ Year group (students)
β’ Parentβchild relationship links (if applicable)
β’ Quiz sessions: subject, topic, score, date and duration
β’ XP points, badges earned and streak information
β’ Bookmarked questions and personal notes
β’ Study plan entries (subject, topic, scheduled day)
β’ Question attempts and accuracy per topic
β’ Messages sent from parent to child accounts within the platform
β’ Support enquiries submitted via our contact form
β’ Login timestamps and session metadata
β’ Browser type and device type (from our hosting provider's logs)
β’ We do not use tracking cookies or third-party advertising technologies
03
How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the quiz and revision service | Account + study data | Contract performance |
| Personalising progress tracking and recommendations | Study activity data | Legitimate interest |
| Parental visibility of child's progress | Study activity data | Contract performance |
| Responding to support requests | Contact form data | Legitimate interest |
| Improving the platform (aggregated analytics) | Anonymised usage data | Legitimate interest |
| Account security and fraud prevention | Technical + account data | Legal obligation |
We will never use your data for targeted advertising or sell it to third parties.
04
Children's Privacy
Study CPEA is designed for use by school-age children and we take their privacy extremely seriously. In line with the child safety standards:
- We collect only the minimum data required for the educational service
- We do not serve advertisements to any users, especially children
- We do not use nudge techniques or gamification designed to exploit children
- Parental consent is required for users under 13
- Parents can view and request deletion of their child's data at any time
- Profile information for student accounts is not publicly visible
- We do not share children's data with third parties except our hosting provider (Supabase β see below)
05
Third-Party Services
Study CPEA uses a small number of trusted third-party services:
Supabase (database & authentication)
All user data is stored in a Supabase PostgreSQL database. Supabase is SOC 2 Type II certified. Data is stored in secure cloud infrastructure. Supabase Privacy Policy β
Google Fonts
We load the Outfit typeface from Google Fonts. Google may log the request (IP address, browser, referring page). No personal account data is shared with Google.
Tailwind CSS CDN
Our styling is loaded from the Tailwind CDN. No personal data is shared with Tailwind.
We do not use Google Analytics, Facebook Pixel, or any other advertising or tracking technologies.
06
Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Your personal profile data (name, email) is deleted within 30 days
- Study session logs may be retained in anonymised, aggregated form for up to 12 months to improve our service
- Support messages are retained for up to 24 months for quality assurance
You can request deletion of your data at any time by contacting us at support@studycpea.com.
07
Your Rights
Under Standard Data Protection, you have the right to:
β Access
Request a copy of the personal data we hold about you
βοΈ Rectification
Ask us to correct inaccurate data
ποΈ Erasure
Request deletion of your data ("right to be forgotten")
β Objection
Object to processing based on legitimate interest
π¦ Portability
Receive your data in a portable, machine-readable format
βΈοΈ Restriction
Request that we limit processing of your data
To exercise any of these rights, contact us at support@studycpea.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authorities.
08
Cookies
Study CPEA does not use tracking or advertising cookies. We use only:
- Authentication tokens β stored in your browser's local storage to keep you logged in. These are essential for the service to function and are not shared with third parties.
- Preference storage β your year group and theme preferences are stored in local storage on your device.
09
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email before they take effect. The current version is always available at this page with the date it was last updated.
10
Contact & Data Requests
For any privacy-related questions or to exercise your data rights:
Email: support@studycpea.com
Contact form: studycpea.com/support
We aim to respond to all data requests within 5 working days, and no later than 30 days.