PoliPulse

Legal

Privacy Policy

Last updated: February 2026

1. Introduction

PoliPulse ("we", "our", "us") provides a daily politics news digest for A-Level students. This privacy policy explains how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following personal data when you create an account or subscribe:

  • Email address — required for account creation and digest delivery
  • Name — optional, used to personalise communications
  • Exam board (AQA, Edexcel, OCR, WJEC, CCEA, or SQA) — used to tailor content to your specification
  • Year group — optional, helps us understand our user base
  • School name — optional, helps us understand our user base

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Personalised daily digest — delivering politics news analysis mapped to your exam board specification. Legal basis: consent and legitimate interest.
  • Curriculum mapping — matching news articles to relevant A-Level topics and concepts. Legal basis: legitimate interest.
  • Account management — authenticating your identity and managing your subscription preferences. Legal basis: contractual necessity.

4. Data Processors

We use the following third-party services to operate PoliPulse:

  • Anthropic — AI analysis of news articles for curriculum relevance and summary generation. Article content is sent to Anthropic's Claude API; no personal user data is included in these requests.
  • Resend — email delivery service for digest emails and authentication magic links. Your email address is shared with Resend for this purpose.
  • Neon — PostgreSQL database hosting where your account data is stored.
  • Vercel — application hosting and deployment platform.

All processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • Subscriber data (non-registered) is retained while your subscription is active, plus 30 days after unsubscribing.
  • Session data is automatically deleted when your session expires (30 days of inactivity).
  • When you delete your account, all associated data (account details, sessions, and linked accounts) is permanently deleted within 30 days.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can update your personal data via your account settings.
  • Right to erasure — you can delete your account at any time from your settings page, which removes all associated data.
  • Right to data portability — you can request an export of your data in a machine-readable format by contacting us.
  • Right to withdraw consent — you can unsubscribe from the email digest at any time using the link in any digest email, or by updating your settings.

To exercise any of these rights, contact us at the address below.

7. Users Under 18

PoliPulse is designed for A-Level students, many of whom are under 18 years of age. If you are under 18, please ensure your parent or guardian is aware you are using PoliPulse. We do not knowingly collect more data than is necessary, and we do not share personal data with third parties for marketing purposes.

8. Cookies

PoliPulse uses essential cookies only. We do not use any tracking, analytics, or advertising cookies.

  • Session cookie (Auth.js / NextAuth) — a session token stored in an HTTP-only cookie that keeps you logged in. This cookie is strictly necessary for the service to function and does not track your activity.
  • Cookie consent — a localStorage entry that records whether you have acknowledged our cookie notice. This is not a cookie itself and contains no personal data.

Because we only use strictly necessary cookies, we do not require opt-in consent under the Privacy and Electronic Communications Regulations (PECR). However, we display a notice informing you of our cookie use.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data. All data is transmitted over HTTPS. Passwords are not stored as we use passwordless magic-link authentication. Database access is restricted and encrypted at rest.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us:

Email: privacy@polipulse.glooper.ai

Terms of Service · Back to Home