FeaturesHow It WorksAboutPricingBlog
Log InTry It Free
HomeLegalPrivacy Policy
Legal · UK GDPR

Privacy Policy

How SQEase collects, uses, stores and protects your personal data — and the rights you have over it under UK GDPR and the Data Protection Act 2018.

Effective: 1 January 2026
Last updated: 1 January 2026
Version: 1.0
The short versionWe collect the minimum personal data needed to run SQEase. We never sell your personal data — but we do generate strictly anonymised, statistical insights from onboarding signals and may sell those aggregated insights to legal-education researchers and publishers. You have full control to access, correct, export or delete your personal data.

01Who we are

SQEase is a SQE1 exam-preparation platform operated by Finlay Salisbury, a sole trader trading as SQEase, based in England & Wales. For the purposes of UK GDPR, Finlay Salisbury is the data controller.

02Data we collect

You give us directly

  • Account data — name, email, password (hashed), exam date, study goals.
  • Marketing data — email address (if you opt in to receive updates).
  • Billing data — handled by Stripe; we receive plan, billing period, country and last-four digits.
  • Study materials — documents, notes, photos and Google Drive imports you upload.
  • Support correspondence — messages you send via email or in-app chat.

We collect automatically

  • Usage data — questions answered, time per question, mode, topic scores.
  • Product-analytics events — when you're signed in, we record first-party operational events (sessions, screens viewed, and features used such as exams, Lex, uploads and flashcards) to understand how the app is used and improve it. This is processed in our own infrastructure and is not shared with third-party advertising or analytics networks. Event records contain no study-material content.
  • Device data — browser, OS, screen size, IP address (truncated).
  • Cookies — see our Cookie Policy.

03Why we use it

We use your data to provide the platform, bill you, personalise difficulty, send service emails, and improve AI quality. See our full data-use table in the source policy.

  • Contract — to provide the service.
  • Legitimate interests — security, fraud prevention, quality improvement.
  • Consent — marketing emails and non-essential cookies.
  • Legal obligation — tax, accounting, lawful disclosure.

05Who we share it with

We never sell your personal data. We share it only with vetted processors:

ProcessorPurposeLocation
StripePayments & billingIreland / US (SCCs)
Firebase / Google CloudHosting, auth, databaseEU / UK
Google AI (Gemini)Question generationEU / US (SCCs)
AnthropicQuestion critique & tutoringUS (SCCs)
OpenAISpecific generation tasksUS (SCCs)

06AI & our knowledge base

When you upload a document, our pipeline extracts legal topics and principlesnot your document content. We do not use your personal data or uploaded documents directly to train AI models.

Your files are processed transiently, then deleted. Documents are converted to text in your browser; only that text is sent for processing, where we extract a generic legal syllabus and strip out personal or sensitive detail. The uploaded text is deleted as soon as processing finishes — we don't keep your files or their contents. What we retain is only what we generate from them: the list of legal topics and the practice questions.

Instead, the extracted topics prompt us to conduct independent legal research. This resulting research populates our cautious, in-house knowledge base. We then use this knowledge base to fine-tune our own AI models, hosted securely on Google Cloud. Foundation-model providers operate under strict contractual undertakings that your input is never used to train their public models.

07Anonymised data we monetise

As part of our onboarding process, we may prompt you for information regarding your study method, funding method, workplace, training contract provision, education provider, area of law, and similar professional details. We generate aggregated, strictly anonymised statistical insights from this data and have the right to sell those insights to legal-education researchers, publishers, or other third parties.

None of this data will be traceable to you. All such data is anonymised and aggregated immediately upon collection. You can opt out of providing this optional onboarding data, but by providing it you consent to its anonymisation and monetisation.

08How long we keep it

  • Account data — active + 30 days after deletion.
  • Study materials — until you delete them.
  • Billing records — 6 years (HMRC).
  • Usage logs — 13 months identifiable, then aggregated.

09International transfers

Where data leaves the UK we rely on the UK Addendum to the EU SCCs, the UK-US Data Bridge, or adequacy decisions.

10Your rights

Access, rectification, erasure, restriction, portability, objection, withdraw consent, and automated-decision rights. Use our DSAR form or email privacy@sqease.uk.

11Security

TLS 1.3 in transit, AES-256 at rest, bcrypt passwords, least-privilege access. Full detail on our Security page.

12Changes to this policy

Material changes notified 14 days in advance by email and in-app.

13Contact & complaints

If you're unhappy, complain to the ICO at ico.org.uk.

Plain-English summaryYou own your personal data. We use it to run SQEase, never sell it, and store it for the shortest practical time.

We use essential cookies to run SQEase and, with your permission, Microsoft Clarity to understand how the site is used. Analytics stay off unless you accept. Read our Cookie Policy.