Privacy Policy

1. Who We Are

Infinity Stars (“we”, “us”, “our”) operates the website and platform at infinitystars.online. We are the data controller for the personal information we process.

For data protection enquiries: support@infinitystars.co

2. What Data We Collect

Account information

• Email address (required to create an account)
• Password (stored as a secure hash — we never see your password)
• School or institution name (optional, provided by you)
• Aspiration or goal (optional, provided by you)
• Profile photo (optional, uploaded by you)

Usage data

• Questions generated, topics practised, mock papers taken
• Answer attempts, marks awarded, time taken per question
• Leaderboard points and rankings
• Daily challenge (MathLE) participation

Technical and security data

• Session token and active device information (used to prevent account sharing)
• Login timestamp and device type (browser, OS)
• IP address (collected by our infrastructure providers)

Payment data

Payment processing is handled entirely by Stripe, Inc. We do not store your full card number, CVV, or bank details. We receive from Stripe: a payment method fingerprint (used to prevent duplicate trials), your Stripe customer ID, and subscription status.

Cookies

We use strictly essential cookies only — to keep you signed in across sessions. We do not use advertising, tracking, or analytics cookies. See Section 8 for details.

3. Why We Collect It (Legal Basis)

We process your data on the following legal bases under UK GDPR Article 6:

• Contract (Article 6(1)(b)): To provide the subscription service you have signed up for.
• Legitimate interests (Article 6(1)(f)): To prevent fraud, maintain security, and send transactional emails.
• Legal obligation (Article 6(1)(c)): To comply with applicable UK laws, including financial record-keeping.
• Consent (Article 6(1)(a)): For any marketing emails, we obtain your explicit consent separately.

4. How We Use Your Data

• To authenticate you and maintain your session
• To generate AI-powered questions and mock papers for your exam board
• To track your progress and display it on your dashboard
• To calculate leaderboard rankings
• To process subscription payments and manage billing
• To prevent the same payment card being used for multiple free trials
• To send transactional emails: login notifications, billing receipts, account alerts
• To prevent account sharing (one active session at a time)
• To respond to your support requests

5. Third Parties We Share Data With

We do not sell your personal data. We share data only with the following service providers, each bound by appropriate data processing agreements:

• Supabase — database and authentication; data stored in EU region servers
• Stripe, Inc. — payment processing; PCI DSS Level 1 compliant
• Anthropic, PBC — AI question generation via Claude API; question parameters are sent but not your personal profile
• Resend — transactional email delivery (login and account notifications)
• Go High Level — CRM for tutoring enquiry management; you can opt out at any time
• Vercel — website hosting; may log IP addresses transiently

6. Data Retention

• Active account data: retained for as long as your account is active
• Usage and attempt data: retained for 2 years from the date of each attempt
• Payment records: retained for 7 years as required by UK financial regulations
• Deleted accounts: personal data is erased within 30 days of account deletion, except where legally required

7. Your Rights Under UK GDPR

Contact us at support@infinitystars.co to exercise any of these rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your account and data (also available directly in Account Settings)
• Right to restriction — ask us to limit how we use your data while a dispute is resolved
• Right to data portability — request your data in a machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw any consent you have given (e.g. for marketing emails)

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Cookies

We use only strictly necessary cookies — cookies essential for the website to function. These do not require consent under PECR.

• Authentication cookies (Supabase): Keep you signed in between page loads and browser sessions.
• Session security cookie (is-tok): Validates your active session and prevents unauthorised use from another device. Stored as httpOnly (not accessible to JavaScript).

We do not use advertising cookies, cross-site tracking, or analytics cookies (e.g. no Google Analytics).

9. AI-Generated Content

Infinity Stars uses Claude (by Anthropic) to generate A-Level Maths questions and solutions. While we design prompts to match exam board specifications, AI-generated content may occasionally contain errors. All content is for revision purposes only. Always cross-reference with official exam board materials.

Only question parameters you select (exam board, topic, difficulty) are sent to Anthropic — not your personal profile information.

10. Data Security

• Encrypted connections (HTTPS/TLS) for all data in transit
• Passwords stored using bcrypt hashing — never in plain text
• Session tokens stored in httpOnly cookies (inaccessible to JavaScript)
• Row-level security policies on our database
• Single active session enforcement to prevent account sharing
• Two-factor authentication available for your account

In the event of a data breach likely to result in a risk to your rights, we will notify you and the ICO as required by UK GDPR.

11. Children

Our Service is intended for students aged 16 and above. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with their personal data, please contact support@infinitystars.co and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email.

13. Contact Us