IELTSCORE
Get Started

Legal

Privacy Policy

Last updated: April 2025

1. Who we are

IELTSCORE ("we", "us", "our") operates the website at ieltscore.tech and the associated web application. We are committed to protecting your personal information and being transparent about what we collect and why.

2. Information we collect

Account data: When you register, we collect your email address and display name.

Practice submissions: We store your essay and short-answer submissions, along with the AI-generated feedback and band scores returned for each submission, so that you can review your history.

Speaking recordings: Audio recordings for Speaking tasks are processed to generate feedback and then permanently deleted from our servers. We do not store audio files long-term.

Payment data: Payments are handled by Stripe. We never see or store your card number, CVC, or other sensitive payment details. We receive a subscription status from Stripe.

Usage data: Standard server logs (IP address, browser type, pages visited, timestamps) are collected automatically for security and performance monitoring.

3. How we use your information

  • To provide and operate the Service — authenticating you, generating feedback, and showing your practice history.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (password reset, subscription confirmation).
  • To detect and prevent fraud, abuse, and security incidents.
  • To improve the accuracy and quality of AI evaluation (in aggregate, anonymised form only).

4. Data sharing

We do not sell your personal data. We share data only with:

  • Firebase (Google): Authentication and database storage.
  • Stripe: Payment processing.
  • OpenAI: Your submissions are sent to OpenAI's API to generate AI feedback. OpenAI's data usage policies apply.
  • Google Cloud Storage: Used to serve Writing Task 1 images.

All third-party providers are contractually required to handle your data securely and only for the purpose of providing their service to us.

5. Data retention

We retain your data for as long as your account is active. If you delete your account:

  • Your profile and practice history are deleted within 30 days.
  • Anonymised, aggregated data (no longer linked to you) may be retained for research.
  • Backup copies may persist for up to 90 days in disaster-recovery archives.

6. Cookies

We use a single first-party cookie (NEXT_LOCALE) to remember your preferred language. We do not use advertising cookies or third-party tracking cookies.

7. Security

All data is transmitted over HTTPS. Firebase Authentication is used for credential management — we never store plaintext passwords. Firebase Firestore and Google Cloud Storage enforce server-side access controls. Our Next.js API routes verify your Firebase ID token on every authenticated request.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing.
  • Data portability (receive a copy of your data in a common format).

To exercise any of these rights, email us at privacy@ieltscore.tech. We will respond within 30 days.

9. Children

The Service is not directed at children under 13. If we learn that we have collected personal data from a child under 13, we will delete it promptly. Please contact us if you believe this has occurred.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the date above. Continued use of the Service after changes are posted constitutes acceptance.

11. Contact

Questions or concerns about privacy? Contact us at privacy@ieltscore.tech.