Privacy Policy

This policy is issued by LRARE Holdings Ltd. We act as the data controller for personal data processed through our websites and products, unless a separate written agreement says otherwise.

Contact: hello@lrare.co.uk or use the contact form at lrare.co.uk.

Depending on how you use our services, we may collect:

• Identity and contact: name, email address, and account identifiers.
• Usage data: interactions with the product, feature usage, basic event metrics.
• Device and technical data: device type, operating system, app version, language, approximate location from IP, and similar diagnostics.
• Learning and assessment data: assessment answers, progress metrics, mastery indicators, and related analytics.
• Institution assignment: where relevant, whether you are linked to an institution cohort or licence.
• Support and communications: messages you send to us, including contact form submissions.

We aim to minimise data collection. If we do not need a data field to provide or improve the service, we do not request it.

We use personal data to:

• Provide the service, including authentication, content delivery, and account management.
• Maintain security and prevent fraud or misuse.
• Measure performance, reliability, and improve product quality.
• Provide institutional features such as cohort reporting where applicable.
• Respond to support requests and operational communications.
• Send product updates, including push notifications where enabled.

We do not use personal data for advertising profiles, and we do not sell personal data.

Under UK GDPR, we rely on one or more of these legal bases:

• Contract: to provide the service you request.
• Legitimate interests: to operate, secure, and improve our services, in a way that is proportionate and expected.
• Consent: where we ask for it, such as certain optional communications or device permissions.
• Legal obligation: where we must retain or disclose information to comply with law.

Where consent is the basis, you can withdraw it at any time through your device or account settings, or by contacting us.

If you enable push notifications, we may send reminders, service updates, and other operational messages. You can turn notifications off at any time in your device settings.

We use messaging infrastructure (for example Firebase Cloud Messaging) to deliver notifications. This may involve device tokens and delivery metadata.

We use analytics and diagnostics to understand how the service performs, to fix bugs, and to improve the product. This typically includes event analytics, crash reporting, and basic device information.

We currently use Google services including: Firebase Authentication, Firestore, Crashlytics, Firebase Messaging, Firebase Analytics, Remote Config, and Google Analytics.

We configure these tools to be proportionate and privacy conscious. We do not use them to build advertising profiles.

If you access SQEz through a university, employer, or other institution, certain data may be processed to provide cohort level reporting and licence management.

We design institutional reporting to be proportionate and aligned with privacy principles. Where applicable, reporting may include aggregated or cohort level progress metrics. Specific arrangements can vary by institution and agreement.

Some features may use AI to support learning experiences, calibrate difficulty, or surface helpful signals. We aim to keep AI usage narrow, reviewable, and human led.

Our full commitments and limits are set out in our AI Policy.

We share data only where needed to run the service. This may include:

• Service providers acting as processors (for example cloud infrastructure and analytics providers).
• Institutional customers where cohort reporting or licence administration applies, under contract.
• Legal and compliance where required by law, court order, or to protect rights and safety.

We do not sell personal data and we do not share it for behavioural advertising.

Some of our service providers may process data outside the UK. Where that occurs, we use appropriate safeguards such as adequacy decisions or standard contractual clauses, and we assess provider practices to protect data.

We retain personal data only as long as needed to provide the service, meet contractual requirements, comply with law, and maintain appropriate records for security and integrity.

If you request deletion, we will take reasonable steps to delete or anonymise personal data, except where we must keep it for legal, security, or operational reasons.

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit where supported, and secure infrastructure practices.

No system is perfectly secure. If we detect a material data incident, we will take appropriate steps to investigate, mitigate, and notify where required by law.

Subject to UK GDPR and applicable law, you may have rights to:

• Access your personal data.
• Correct inaccurate personal data.
• Request deletion in certain circumstances.
• Object to certain processing, including processing based on legitimate interests.
• Restrict processing in certain circumstances.
• Data portability where applicable.
• Withdraw consent where consent is used as the basis.

To exercise rights, contact hello@lrare.co.uk. We may need to verify identity before acting on requests.

You also have the right to complain to the UK Information Commissioner’s Office (ICO).

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of the page. If changes are material, we will take reasonable steps to notify users.

Questions or requests regarding privacy can be sent to hello@lrare.co.uk or via the contact form at lrare.co.uk.

LRARE Holdings Ltd (Company No. 16807366)