Legal

Privacy Policy

This policy explains how Bare Bones Biology collects, uses, stores, and shares personal data when you use the website, accounts, paid products, and related services.

This Privacy Policy applies to Bare Bones Biology, including the website at barebonesbiology.co.uk, account features, revision materials, paid access products, waitlists, support communications, and any related services. It should be read together with the Terms and Conditions.

1. Who we are

Bare Bones Biology is the controller of the personal data described in this policy. You can contact Bare Bones Biology at hello@barebonesbiology.co.uk.

2. Personal data we collect

The personal data collected depends on how you use the service. It may include:

  • Account data, including name, email address, role, login status, account ID, account creation date, and selected access plan.
  • Student account data, including an optional parent or guardian email address if provided during signup.
  • Revision and progress data, including starting point results, question attempts, mastery status, session history, review history, progress records, and free session usage.
  • Payment and access data, including payment status, Stripe customer ID, checkout session ID, paid access level, and payment date. Bare Bones Biology does not store full card details.
  • Support and contact data, including messages sent by email or through site features, refund requests, account requests, corrections, and general questions.
  • Waitlist data, including name, email address, signup source, signup time, and limited anti-abuse information.
  • Technical data, including device and browser information, IP address, authentication logs, error information, security data, analytics events, cookies, and local storage identifiers.

3. How we collect personal data

Personal data may be collected directly from you when you create an account, use the service, purchase access, join a waitlist, contact Bare Bones Biology, submit a question, or request support. Technical data may be collected automatically through Firebase, browser storage, cookies, security logs, analytics tools, and hosting infrastructure.

4. Purposes for using personal data

Bare Bones Biology uses personal data for the following purposes:

  • To create, authenticate, maintain, and secure user accounts.
  • To provide revision content, save progress, calculate mastery status, maintain review history, and personalise revision queues.
  • To provide free sessions, paid access, account management, and support.
  • To process payments, confirm purchases, prevent fraud, administer refunds, and maintain accounting records.
  • To respond to support requests, correction requests, legal requests, parent or guardian requests, and user communications.
  • To operate waitlists and, where applicable, send information about products or services a user has requested.
  • To maintain security, investigate misuse, prevent unauthorised access, diagnose errors, improve reliability, and understand how the service is used.
  • To comply with legal, tax, accounting, consumer protection, safeguarding, and regulatory obligations.

5. Lawful bases for processing

Under UK data protection law, Bare Bones Biology relies on one or more lawful bases depending on the purpose of processing:

  • Contract, where processing is necessary to provide the service, accounts, paid access, support, or requested features.
  • Legitimate interests, where processing is necessary to operate, improve, secure, and protect the service, respond to users, prevent misuse, and understand service performance.
  • Consent, where consent is required, including for certain optional communications, optional information, or non-essential technologies.
  • Legal obligation, where processing is necessary to comply with tax, accounting, consumer law, regulatory, or other legal requirements.

6. Children and students

The service is designed for GCSE students, many of whom are aged 14 to 16, and for parents, carers, tutors, and teachers supporting them. Bare Bones Biology aims to collect only the personal data reasonably necessary to provide the service and does not knowingly use student data for behavioural advertising.

Bare Bones Biology does not knowingly collect personal data from children under 13 without appropriate parental or guardian consent. If you believe that a child under 13 has created an account or provided personal data without consent, please contact hello@barebonesbiology.co.uk so the account and related data can be reviewed and, where appropriate, deleted.

Students may optionally provide a parent or guardian email address. This information is used only for account-related purposes, such as responding to a parent or guardian who contacts Bare Bones Biology about the relevant student account, unless another lawful basis or legal obligation applies.

Parents and guardians may contact Bare Bones Biology to request access to, correction of, deletion of, or information about personal data linked to their child's account. Bare Bones Biology may need to verify identity and relationship to the student before acting on such a request.

7. Cookies, analytics, and local storage

The service may use cookies, Firebase authentication storage, local storage, and similar technologies to provide essential account functions, security, checkout, free session tracking, temporary trial progress, and site functionality. Logged-in account progress is stored in cloud services so that it can be used across devices. Some temporary or prototype progress data may also be stored locally in the browser.

Bare Bones Biology may use Firebase Analytics or similar tools to understand site usage, performance, and reliability. Where required by law, non-essential cookies or analytics technologies will be used only with appropriate consent.

8. Sharing personal data

Bare Bones Biology may share personal data with service providers where necessary to operate the service. These may include:

  • Firebase and Google Cloud services, for authentication, hosting, databases, cloud functions, analytics, security, and infrastructure.
  • Stripe, for payment processing, checkout, fraud prevention, payment records, and refunds.
  • Brevo or another email provider, where used to operate waitlists or requested communications.
  • Professional advisers, regulators, public authorities, or other parties where required for legal, tax, accounting, safeguarding, fraud prevention, dispute, or regulatory purposes.

Service providers are expected to process personal data only as necessary to provide their services to Bare Bones Biology or to comply with their own legal obligations.

9. International transfers

Some service providers may process personal data outside the United Kingdom. Where this occurs, Bare Bones Biology relies on appropriate safeguards where required by data protection law, such as adequacy regulations, standard contractual clauses, or equivalent protections made available by the relevant provider.

10. How long personal data is kept

Account, progress, and revision data is generally kept for as long as the account remains active or as long as needed to provide the service. Users may delete their account or request deletion by contacting Bare Bones Biology. Some limited information may be kept for longer where necessary for legal, tax, accounting, fraud prevention, payment, dispute, security, or regulatory reasons.

11. Security

Bare Bones Biology uses technical and organisational measures intended to protect personal data, including access controls, Firebase security rules, authentication, payment processing through Stripe, and deletion tools for user account data. No online service can guarantee absolute security, and users are responsible for keeping login details confidential.

12. Your rights

Depending on the circumstances, you may have the right to request access to personal data, correction, deletion, restriction, objection, portability, or withdrawal of consent. You may also have the right to object to processing based on legitimate interests or to complain to a supervisory authority.

Requests should be sent to hello@barebonesbiology.co.uk. Bare Bones Biology may need to verify your identity before responding. You can also complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint/.

13. Changes to this policy

Bare Bones Biology may update this Privacy Policy from time to time. The latest version will be posted on this page. If a material change is made, reasonable steps will be taken to bring it to users' attention where appropriate.

Last updated

31 May 2026.

Bare Bones Biology

AQA GCSE Biology revision for students preparing for GCSE exams. Free topic notes, active recall questions, exam-style mastery sessions, required practical support, and teacher-checked content matched to the AQA specification.

Contact

Questions, corrections, or support requests are welcome.

hello@barebonesbiology.co.uk

© 2026 Bare Bones Biology.

Built by a qualified biology teacher for AQA GCSE Biology revision.