Privacy Policy
Last updated: July 1, 2026
This policy explains what personal data TheoryAced ("TheoryAced", "we", "us") collects and how we use it. TheoryAced is the data controller of personal data processed through the TheoryAced service and is responsible for deciding how and why that data is processed.
Data we collect
- Account data: email, password hash, and optional profile details (name, date of birth, phone) that you choose to provide.
- Quiz data: your answers, attempt history, progress, and performance analytics used to personalise practice.
- Support data: messages you send to us and related correspondence.
- Technical data: device type, browser, IP address, and basic usage/telemetry needed to operate and secure the service.
- Payment data: handled directly by Paddle as merchant of record. We store only the purchase metadata (product, status, and transaction reference) required to grant access.
How we use it and our legal basis
- To provide and operate your account and the quiz service — legal basis: performance of a contract with you.
- To process payments and grant or revoke paid access — legal basis: performance of a contract, and compliance with legal obligations (tax, accounting).
- To secure the service, prevent fraud and abuse, and maintain reliability — legal basis: our legitimate interests in running a safe service.
- To improve the product and understand aggregate usage — legal basis: our legitimate interests in improving the service.
- To respond to support enquiries — legal basis: performance of a contract and our legitimate interests.
- To send service and transactional messages (e.g. purchase confirmations, security notices) — legal basis: performance of a contract and legal obligations. Marketing communications, where sent, rely on your consent, which you can withdraw at any time.
Sharing
We share personal data only with the following categories of recipients, under contract:
- Merchant of Record: Paddle.com Market Limited, which handles checkout, payments, tax, invoicing, and order support.
- Infrastructure and platform providers: our hosting, database, authentication, and email delivery providers who process data on our behalf.
- Professional advisers (such as legal and accounting) where reasonably necessary.
- Authorities or third parties where required by law, or to protect our rights, users, or the service.
We do not sell your personal data.
Data retention
- Account and quiz data: retained for as long as your account is active, and deleted or anonymised within 12 months of account closure, unless we need to keep it longer to comply with legal obligations or resolve disputes.
- Subscription and billing records: retained for up to 7 years to meet tax and accounting requirements.
- Support correspondence: retained for up to 24 months after the enquiry is resolved.
- Security and technical logs: retained for up to 12 months.
Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS/TLS), encryption at rest for our database, hashed passwords, row-level access controls, and restricted administrative access. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.
Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, email theoryaced@gmail.com and we will respond within the timeframes required by applicable law.
Cookies
We use essential cookies to keep you signed in and to secure the service. Paddle may set cookies during checkout to process your payment. Where we use analytics cookies, we do so in line with applicable law and, where required, with your consent.
Contact
For any privacy question, email theoryaced@gmail.com.
