Skip to main content
PSR Train

Privacy Policy

Last updated: 12 April 2026

1. Who we are

PSR Train ("we", "our", "us") operates the training platform at psrtrain.com. We are the data controller for personal data we collect about you through the Service. PSR Train is operated as a UK-based training platform. Full company details are available on request via enquiries@psrtrain.com.

You can contact us about privacy at enquiries@psrtrain.com or via the contact page.

2. Data we collect

  • Account data: name (if provided), email, hashed password, authentication identifiers.
  • Training data: practice answers, progress, scores, time spent, preferences.
  • Billing data: subscription plan, status, and invoice records. Payment card details are processed by our payment provider and never stored by us.
  • Technical data: IP address, device and browser information, session cookies, and basic usage logs used for security, fraud prevention, and reliability.
  • Communications: messages you send through the contact form or by email.

3. Lawful bases (UK GDPR, Article 6)

  • Contract — to provide your account, deliver the training service, process payments, and respond to support requests.
  • Legitimate interests — to keep the Service secure, prevent fraud, debug errors, understand usage (aggregated), and improve the product.
  • Legal obligation — to keep billing and tax records and to respond to lawful requests from authorities.
  • Consent — for any optional communications or cookies that are not strictly necessary. You can withdraw consent at any time.

4. How we use your data

  • To create and operate your account and deliver the training features you use.
  • To track your practice progress and show you personalised statistics.
  • To process subscription payments and deal with billing enquiries.
  • To send service emails (account verification, password reset, billing, important service changes).
  • To protect the Service against abuse, fraud, and unauthorised access.
  • To improve the Service in aggregate form. We do not sell your personal data.

5. Who we share data with (sub-processors)

We use a limited number of trusted third parties to run the Service. Each is bound by a written data-processing agreement and processes data only on our instructions:

  • Supabaseauthentication and database hosting.
  • Vercelapplication hosting and edge delivery.
  • Resendtransactional email (contact form, account emails).
  • Lemon Squeezysubscription billing and payment processing.

Some of these providers may process data outside the UK. Where that is the case, we rely on recognised safeguards such as UK-approved Standard Contractual Clauses or adequacy decisions.

6. How long we keep data

  • Account and training data: for as long as your account is active, plus up to 12 months after closure (so you can reopen your account and for audit).
  • Billing records: kept for at least 6 years to meet HMRC and accounting requirements.
  • Support and contact messages: up to 24 months, then deleted.
  • Server and security logs: typically up to 90 days.

7. Your rights

Under UK GDPR you have the right to: access your data; have inaccurate data corrected; ask us to delete data ("right to erasure") where it applies; restrict or object to processing; port certain data to another provider; and withdraw consent at any time (without affecting earlier processing). To exercise any of these rights, contact enquiries@psrtrain.com.

If you are not satisfied with our response you can complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint.

8. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS), secure authentication, access controls, and regular patching of our platform providers. No service is 100% secure; please use a strong, unique password.

9. Cookies

We use a small number of strictly necessary cookies (for login, session, and security). See our Cookie Policy for details.

10. Children

The Service is intended for professional adult use. We do not knowingly collect personal data from anyone under 18. If you believe we hold data about a child, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or a prominent notice on the Service before they take effect.