Privacy Policy

1. Introduction

IELTSLab is an AI-assisted IELTS preparation platform. We run it through our website and mobile apps. This policy explains what data we collect, why we collect it, who we share it with, and the rights you have over it. Throughout this document we use "IELTSLab" and "we" interchangeably; "the Service" means the website and mobile apps together.

Using the Service means you have read and understood this policy. If any part of it does not work for you, please stop using the Service.

2. Information We Collect

2.1 Account Information

When you register for the Service, we collect the information necessary to create and authenticate your account:

• Email address and an encrypted password (for credential-based sign-up)
• Name, verified email address, and a unique account identifier supplied by your chosen identity provider (for federated sign-in)
• Optional profile details that you elect to provide

2.2 Learning Content & Performance Data

As you engage with the Service, we store the content you create and the assessment outputs we generate on your behalf:

• Essays and written responses submitted for evaluation
• Speaking practice audio recordings and their transcriptions
• Reading and listening responses, scores, and band estimates
• Study history, progress metrics, and performance analytics
• Bookmarks, saved content, and stated preferences

2.3 Technical & Usage Data

We collect limited technical information to operate, secure, and improve the Service:

• Device model, operating system, and browser type
• IP address and approximate geographic region
• Pages visited, features used, and session duration
• Diagnostic information, crash reports, and error logs

2.4 Transaction Information

When you purchase a subscription or one-time product, the payment itself is handled by a regulated, PCI-DSS compliant payment service provider, by your mobile platform's in-app billing system, or by a licensed local payment gateway, depending on your region. IELTSLab does not see, collect, or store full card numbers, CVV codes, mobile financial service PINs, or bank credentials. We retain only the information needed to recognise the transaction, such as a payment reference, the amount, the currency, the billing country, and your resulting subscription status.

3. How We Use Your Information

We process personal information only for clearly defined purposes and only to the extent necessary for those purposes:

• Service delivery: to authenticate you, generate assessments and feedback on the content you submit, and present your results within your account.
• Personalisation: to track progress, surface relevant practice material, and tailor study recommendations to your performance.
• Product improvement: to analyse aggregate, de-identified usage patterns, diagnose defects, and improve the quality and reliability of the Service.
• Communications: to send transactional notices, important account or security updates, and to respond to your support enquiries.
• Billing & subscription management: to administer purchases, renewals, refunds, invoicing, and applicable tax records.
• Security & abuse prevention: to detect, investigate, and prevent fraud, abuse, account takeover, and other violations of our Terms of Service or applicable law.
• Legal compliance: to satisfy obligations under applicable laws, regulatory requests, or lawful court orders.

4. Automated Assessment & AI Processing

The Service uses language models and acoustic analysis to score the responses you submit and to generate feedback, band estimates, and study recommendations. When you submit a written or spoken response, we send the content over an encrypted connection to our scoring infrastructure.

Four safeguards apply to this processing:

• We do not train models on your content. Your essays, recordings, transcriptions, and scores are never used to train, fine-tune, or improve any third-party model. Our inference partners are contractually prohibited from doing this.
• Transient processing. We process submitted content in real time. Our inference partners do not retain it beyond the duration of the request.
• We persist only the outputs. The feedback, scores, and band estimates land in your account, where you can review or export them at any time.
• Human review on request. If an automated score looks wrong, email us and we will review it. Where appropriate we will correct or delete the result.

5. Data Storage & Security

We host your data on enterprise-grade cloud infrastructure run by providers that hold recognised certifications, including ISO/IEC 27001 and SOC 2 Type II. On top of that, we apply our own layered controls to protect the confidentiality, integrity, and availability of your information:

• Encryption in transit using TLS 1.2 or higher
• Encryption at rest using AES-256 or equivalent
• Strict, role-based access controls and row-level data isolation
• Short-lived authentication tokens with automated rotation
• Routine security reviews, dependency monitoring, and vulnerability patching
• Restricted, audited administrative access on a need-to-know basis

No method of electronic storage or transmission can be guaranteed to be one hundred per cent secure. While we apply commercially reasonable safeguards, you acknowledge that you provide your information at your own risk. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within the timeframes required by applicable law.

6. Service Providers

To deliver the Service, we engage a limited number of carefully selected service providers (sometimes referred to as "subprocessors") that act on our written instructions under appropriate data processing agreements. These providers are organised into the following functional categories:

Each service provider is contractually required to implement appropriate technical and organisational measures, to process data only on our documented instructions, and to assist us in honouring your data subject rights. A current list of named subprocessors, together with their roles and locations, is available on written request to admin@ieltslab.app.

7. International Data Transfers

Some of our service providers operate infrastructure outside your country of residence, including in the European Economic Area, the United Kingdom, the United States, and other jurisdictions. Where personal data is transferred internationally, we rely on recognised legal mechanisms such as the European Commission's Standard Contractual Clauses, equivalent UK transfer mechanisms, or adequacy decisions, in each case combined with supplementary technical measures such as encryption in transit and at rest.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes set out in this Privacy Policy, including the provision of the Service to you, the resolution of disputes, the enforcement of our agreements, and compliance with applicable legal, accounting, or tax obligations. When you close your account, we delete or irreversibly anonymise your personal data within thirty (30) days, except where a longer retention period is required by law (for example, transactional and tax records). Aggregate, de-identified information that cannot be linked back to an individual may be retained indefinitely for analytical and product-improvement purposes.

9. Your Rights

Subject to your jurisdiction and the lawful basis on which we process your information, you may exercise the following rights in relation to your personal data:

• Access: obtain confirmation as to whether we process your personal data and a copy of that data.
• Rectification: have inaccurate or incomplete personal data corrected.
• Erasure: request deletion of your account and associated personal data, subject to lawful retention obligations.
• Portability: receive a structured, commonly used, machine-readable export of your data.
• Restriction: request that we limit how we process your data in defined circumstances.
• Objection: object to certain processing activities, including direct marketing.
• Withdrawal of consent: withdraw any consent you previously gave, without affecting the lawfulness of prior processing.
• Complaint: lodge a complaint with the data protection authority in your jurisdiction.

You may exercise these rights by writing to admin@ieltslab.app. We will respond within thirty (30) days, or sooner where required by law. You may also delete your account at any time from the in-app Settings screen; doing so will permanently remove your essays, recordings, scores, and study history within thirty (30) days, subject to the retention exceptions described above.

10. Young Learners

IELTSLab is an educational platform open to learners of all ages. For users under the age of thirteen (or the equivalent minimum age in your jurisdiction), we ask that a parent or legal guardian create and supervise the account. We do not knowingly collect personal information beyond what is strictly necessary to deliver the Service. If you are a parent or guardian and you believe that your child has provided personal information without appropriate consent, please contact us at admin@ieltslab.app and we will take prompt steps to remove that information.

11. Cookies & Similar Technologies

We use a limited number of cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in), as well as optional cookies for product analytics and performance measurement. Where required by law, we will request your consent before placing non-essential cookies. You may control cookies through your browser settings or, where applicable, through the in-app preferences screen.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify you through the Service or by email before the changes take effect. We encourage you to review this Policy periodically.

13. How to Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us using the details below:

• Email: admin@ieltslab.app
• Website: ieltslab.app