Privacy Policy
Introduction
TheMattLabs Ltd ("we," "us," or "our") operates the UpMark mobile application (the "App"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal information when you use our App.
UpMark is an educational application designed to help students track their academic progress by scanning and analyzing marked schoolwork. We are committed to protecting the privacy of all users, with particular attention to the privacy of children and students.
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree to this policy, please do not use the App.
Table of Contents
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Name (first and last name)
- Email address (optional, when using Apple Sign In)
- Date of birth (used for age verification and appropriate content)
- Country of residence
- Educational year group (e.g., Year 7, GCSE, A-Level)
- School name (optional)
Educational Profile:
- Subjects you study
- Academic year and term
- Teacher names (optional, for document organization)
User-Generated Content:
- Scanned images of schoolwork and assessments
- Questions and answers extracted from your documents
- Annotations and marks on documents
1.2 Information We Collect Automatically
Usage Information:
- Time spent using the App
- Features accessed
- Number of documents processed
- Study session timestamps
- Learning progress and mastery scores
We do NOT collect: Device identifiers, IDFA, advertising identifiers, or hardware identifiers.
1.3 Document Analysis
When you scan documents for analysis, the images are temporarily processed to extract educational data. Document images are processed to extract educational data and are not retained by our AI analysis provider after processing is complete.
2. How We Use Your Information
2.1 To Provide Our Educational Service
- Create and manage your account
- Analyze scanned documents to track academic progress
- Generate progress reports and learning insights
- Identify topics requiring additional study
- Sync your data across your devices via iCloud
2.2 To Improve Our Service
- Understand how users interact with the App
- Identify and fix technical issues
- Develop new features based on usage patterns
- Improve the accuracy of document analysis
2.3 For Research and Development
We may use aggregated, de-identified data to analyze educational trends, improve our AI models for document analysis, and develop new educational features. This aggregated data cannot be used to identify individual users.
3. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
3.1 Service Providers
We share information with trusted service providers who assist in operating our App:
| Provider | Purpose | Data Shared |
|---|---|---|
| Apple (iCloud/CloudKit) | Data sync and storage | User profile, documents, progress |
| Google Firebase | Authentication and data services | User ID, email, profile data |
| OpenAI | Document analysis | Document images (temporary processing only) |
| Apple StoreKit | Subscription management | Transaction receipts |
3.2 Family Accounts
If you are a student who has linked a parent/guardian to your account:
- Your parent/guardian can view your academic progress (subjects, scores, study time)
- Your parent/guardian cannot view your actual document content, questions, or answers
- Students maintain control and can unlink parents at any time
4. Data Storage and Security
4.1 Where We Store Your Data
- Primary Storage: Apple iCloud (CloudKit) - your data is stored in Apple's secure cloud infrastructure in your region
- Authentication: Google Firebase (servers in the EU and US)
- Documents: PDF versions are stored in your personal iCloud Documents folder
4.2 Security Measures
- All data transmitted between your device and our servers uses TLS encryption
- Data stored in iCloud is encrypted at rest by Apple
- Authentication credentials are stored in your device's secure Keychain
- We use industry-standard authentication (Apple Sign In, Firebase Auth)
5. Children's Privacy
UpMark is designed for students of all ages, including children under 13. We take children's privacy extremely seriously.
5.1 COPPA Compliance (United States)
For users under 13 in the United States:
- We require verifiable parental consent before collecting personal information
- Parents can review, delete, or refuse further collection of their child's data
- We collect only the minimum information necessary for the educational service
- We do not display targeted advertising
- We do not share children's data with third parties for marketing
5.2 UK Age Appropriate Design Code (UK AADC)
For users under 18 in the United Kingdom:
- Default privacy settings are set to maximum protection
- Data collection is minimized to what is necessary for education
- Behavioral tracking is disabled by default for under-18 users
- Social features are disabled for users under 13
- Clear, age-appropriate privacy information is provided
5.3 GDPR-K (European Union)
For users under 16 in the European Union (or the applicable age in your member state):
- Parental consent is required for data processing
- Children's data is processed only for direct educational purposes
- We provide child-friendly privacy notices
- Data minimization principles are strictly applied
6. Parental Controls and Family Accounts
6.1 Parent/Guardian Linking
Students can invite parents/guardians to view their progress:
- Parents can see: subjects studied, overall scores, study time, topic mastery
- Parents cannot see: document content, specific questions, or written answers
- Students maintain control and can unlink parents at any time
6.2 Parental Rights
Parents of children using UpMark can:
- Review their child's personal information
- Request deletion of their child's data
- Revoke consent for data collection
- Request a copy of their child's data
- Modify privacy settings for their child's account
To exercise these rights, contact us at privacy@getupmark.com.
7. Your Rights and Choices
7.1 All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Portability: Export your data in a common format
- Withdraw Consent: Opt out of optional data processing
7.2 GDPR Rights (EEA/UK Users)
If you are in the European Economic Area or United Kingdom, you have additional rights:
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
- Right to Restriction: Limit how we process your data
- Right to Object: Object to certain processing activities
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Data Protection Authority (UK): Information Commissioner's Office (ICO) - ico.org.uk
7.3 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it's used
- Delete your personal information
- Opt out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
7.4 How to Exercise Your Rights
To exercise any of these rights:
- In-App: Go to Settings → Privacy → Manage My Data
- Email: Contact privacy@getupmark.com
We will respond to requests within 30 days (or sooner as required by applicable law).
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:
8.1 Transfers from the EEA/UK
For transfers outside the EEA/UK, we rely on:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
9. Data Retention
9.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Educational progress | Until account deletion |
| Scanned documents | Until you delete them or delete your account |
| Support communications | 2 years from last contact |
| Subscription records | 7 years (legal/tax requirements) |
| Analytics (aggregated) | Indefinitely (de-identified) |
9.2 Account Deletion
When you delete your account:
- Personal information is deleted within 30 days
- Some information may be retained longer if required by law
- De-identified, aggregated data may be retained for research
- Backup copies are purged according to our backup retention schedule (up to 90 days)
10. Third-Party Services
10.1 Services We Use
| Service | Purpose | Privacy Policy |
|---|---|---|
| Apple CloudKit | Data sync & storage | Apple Privacy |
| Google Firebase | Authentication | Google Privacy |
| OpenAI | Document analysis | OpenAI Privacy |
| Apple StoreKit | Subscriptions | Apple Privacy |
10.2 OpenAI Document Processing
When documents are analyzed:
- Images are sent securely via HTTPS to OpenAI's API
- OpenAI processes the images to extract text and educational data
- OpenAI does not retain the images or use them to train their models
- Extracted data is returned to the App and stored in your iCloud account
11. Changes to This Policy
11.1 How We Notify You
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top
- For significant changes, we will notify you via in-app notification, email (if you've provided one), or prominent notice on our website
11.2 Your Continued Use
Your continued use of the App after changes become effective constitutes acceptance of the revised policy. If you do not agree to the changes, you should stop using the App and delete your account.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
TheMattLabs Ltd
Email: privacy@getupmark.com
Data Protection Officer: privacy@getupmark.com
Website: https://getupmark.com
For GDPR/UK AADC inquiries: Please include "GDPR Request" or "UK AADC Request" in your subject line.
For COPPA inquiries (parents of children under 13): Please include "COPPA Request" in your subject line.
App Store Privacy Label Summary
The following summarizes data collection for Apple's App Store privacy labels:
Data Linked to You:
- Contact Info (name, email)
- Identifiers (user ID)
- Usage Data (app interactions, study progress)
- User Content (scanned documents, answers)
Data Not Linked to You:
- Diagnostics (crash data, performance data)
Data Used to Track You: None - we do not track users across other companies' apps or websites.
This Privacy Policy was last reviewed on December 3, 2025. Version 1.0