Privacy Policy

Last updated: 3 April 2026

1. Who We Are

SpeakBritish is an online English education platform. This policy explains how we collect, use, and protect your personal data in compliance with the UK GDPR, EU GDPR, and Turkish KVKK (Kişisel Verilerin Korunması Kanunu).

2. Data We Collect

  • Account data: name, email address, password (hashed), age group, English level
  • Booking data: name, email, phone number, preferred schedule, messages
  • Payment data: processed by Stripe — we do not store card numbers
  • Learning data: lesson progress, quiz scores, session attendance
  • Technical data: IP address, browser type, device information (via server logs)

3. How We Use Your Data

  • To provide and personalise our education services
  • To process payments and manage bookings
  • To send transactional emails (booking confirmations, session reminders, password resets)
  • To track learning progress and provide appropriate lesson content
  • To improve our platform and services

4. Legal Basis (GDPR / KVKK)

  • Contract: processing necessary to deliver the service you signed up for
  • Consent: for marketing communications (you can opt out at any time)
  • Legitimate interest: to improve our service and prevent fraud

5. Data Sharing

We share data only with:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Neon — database hosting (EU region)
  • Vercel — website hosting

We do not sell your data to third parties.

6. Data Retention

We retain your data for as long as your account is active plus 12 months after deletion. Payment records are retained for 7 years as required by law.

7. Your Rights

Under GDPR and KVKK, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a portable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

8. Children’s Data

For students under 18, accounts must be created with parental consent. Parents may access, modify, or delete their child’s data at any time by contacting us.

9. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and secure session management. Payment data is handled entirely by Stripe’s PCI-compliant infrastructure.

10. Contact

For privacy-related requests, contact us at hello@speakbritish.com.