RevloSign up

Legal

Privacy Policy

Effective date: 2 June 2026

1. Who we are

Revlo is a web application for Cambridge AS Level Economics MCQ revision, operated by Lev Lavrentiev ("we", "us", "our"). For the purposes of the EU General Data Protection Regulation (GDPR) and applicable national implementing legislation, Lev Lavrentiev is the data controller.

Contact: lev@gymshackles.com

2. Data we collect

We collect the following categories of personal and usage data when you use Revlo:

Account data

Your email address (required to create an account) and display name (optional, user-set). Collected and stored via our authentication provider Clerk.

Practice data

For every MCQ question you answer: the paper and question identifier, the answer you selected, the correct answer, whether you marked the answer as a guess, and whether the answer was correct. This data is stored permanently and forms the core of your revision history.

Timing data

The time in milliseconds you spent on each question from when it was displayed to when you submitted an answer. Additionally, the time spent away from the app after answering a question (capped at two hours), which we use to infer time spent reviewing mistakes in an external tool. This data is stored per-attempt and used to generate performance insights.

Session data

For each revision session: the mode (paper, mixed, or IRL), the paper studied (if applicable), the session start time, whether the session was completed, and the total time spent. Sessions are linked to your account and retained indefinitely.

Performance and topic data

Derived data calculated from your practice history: accuracy per topic, accuracy per paper, total questions answered, and streaks. Every question in Revlo is tagged to one or more Economics topics; your responses are attributed to those topics automatically.

Preference data

Your in-app preferences stored as cookies on your device: statistics data source (online/IRL/both), daily question goal, and expanded copy mode. These cookies are first-party, non-tracking, and expire after one year.

Technical data

Your IP address and basic request metadata (browser type, operating system, device type, referring URL) are processed by our infrastructure provider Cloudflare as part of normal web serving and security operations. Cloudflare retains this data in accordance with its own privacy policy. We do not separately log or store raw IP addresses beyond what Cloudflare's systems handle automatically.

Usage and interaction data

We may collect data about how you interact with the application including pages visited, features used, navigation patterns, and session durations. This may be collected directly or via analytics tools we integrate in the future. Where such tools are introduced, this policy will be updated.

Historically seeded data

For accounts where prior printed-paper (IRL) attempt history has been manually recorded and imported, that historical data (questions answered, results, session metadata) is stored in the same format as live practice data and is subject to this policy.

3. How and why we use your data

We process your data on the following legal bases under GDPR Article 6:

Contract performance (Article 6(1)(b))

Providing the core service: displaying questions, recording your answers, tracking your progress, generating statistics, and enabling session continuity. Without this processing, the service cannot function.

Legitimate interests (Article 6(1)(f))

Improving and developing the service; understanding how features are used; detecting and preventing abuse; ensuring technical performance and reliability; generating anonymised and aggregated performance benchmarks across all users (e.g. average accuracy per topic across the user base); and conducting internal research and analysis to build new features. We have assessed that these interests are not overridden by your rights, given the educational context, the non-sensitive nature of the data, and the reasonable expectations of users of a revision tool.

Legal obligation (Article 6(1)(c))

Complying with applicable laws, responding to lawful requests from authorities, or exercising or defending legal claims.

4. Aggregated and anonymised data

We may derive aggregated, anonymised datasets from user practice data - for example, average accuracy rates per topic across all users, most-missed questions, or difficulty distributions. Once data is genuinely anonymised such that no individual can be identified, it falls outside the scope of GDPR and may be retained and used indefinitely for research, benchmarking, and product development purposes, including potential future publication or sharing.

5. Data sharing and processors

We do not sell your personal data. We share data only with the following sub-processors who act under our instructions:

  • -Cloudflare - CDN, edge hosting, and database (Cloudflare Pages, Workers, D1, R2). Data may be processed on servers across the EU and globally. Cloudflare is certified under the EU-US Data Privacy Framework.
  • -Clerk - Authentication and user management. Stores your email address and session data. Clerk processes data in accordance with GDPR and maintains standard contractual clauses for international transfers.

We may add further processors as the service grows. Any new processor will be added to this section.

6. Cookies

We use the following cookies:

  • -Clerk session cookies - Strictly necessary for authentication. Set when you sign in, expire when your session ends or after inactivity.
  • -Preference cookies (revlo_source, revlo_goal, revlo_expanded_copy) - Store your in-app preferences. First-party, non-tracking, expire after 1 year.

We do not use third-party advertising cookies. If we introduce analytics cookies in the future, we will update this policy and implement appropriate consent mechanisms where required.

7. Data retention

Account and practice data - Retained for the lifetime of your account. If you delete your account, personal data is permanently deleted within 30 days, except where we are required by law to retain it.

Anonymised and aggregated data - Derived non-personal datasets may be retained indefinitely.

Infrastructure logs - Cloudflare access logs are retained per Cloudflare's standard retention periods (typically up to 30 days for free plans).

Preference cookies - Expire after 1 year on your device.

8. International transfers

Our infrastructure providers (Cloudflare and Clerk) may process data outside the European Economic Area. Both providers rely on appropriate transfer mechanisms including Standard Contractual Clauses and/or certification under the EU-US Data Privacy Framework to ensure your data receives adequate protection.

9. Your rights under GDPR

You have the following rights in relation to your personal data:

  • -Access - Request a copy of the personal data we hold about you.
  • -Rectification - Ask us to correct inaccurate data.
  • -Erasure - Request deletion of your data. You can delete your account and all associated data directly in the app under Settings. We will process any additional erasure requests within 30 days.
  • -Restriction - Ask us to restrict processing of your data in certain circumstances.
  • -Portability - Request your data in a structured, machine-readable format.
  • -Object - Object to processing based on legitimate interests. We will cease such processing unless we can demonstrate compelling legitimate grounds.
  • -Withdraw consent - Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email lev@gymshackles.com. You also have the right to lodge a complaint with your national data protection authority.

10. Minors

Revlo is intended for users aged 13 and above. Users under the digital age of consent in their EU member state (which varies from 13 to 16 depending on jurisdiction) should have parental or guardian consent before creating an account. We do not knowingly collect data from children under 13. If you believe a child under 13 has registered, contact us and we will delete the account.

11. Changes to this policy

We may update this policy as the service evolves. If we make material changes, we will update the effective date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

Questions or requests regarding this policy: lev@gymshackles.com