Privacy Policy
This policy explains what personal data Mathematics for Machine Learning (the “Service”) collects, why we collect it, and the rights you have over it under UK data protection law (the UK GDPR and the Data Protection Act 2018). We collect as little as we can.
1. Who we are
The Service is run by Ivelin Rangelov Likov, a self-employed sole trader based in the United Kingdom. For data protection purposes, that person is the “data controller” — the one responsible for your data. You can reach us at [email protected] or by post at 21 Bateman Road, London, E4 8ND, United Kingdom. This policy, like the Service itself, is governed by the law of England and Wales.
2. What we collect, and why
| Data | Why we collect it | Lawful basis |
|---|---|---|
| Your email address (with a password, magic link, or Google/X sign-in via Supabase) | To create and secure your account and let you sign in on any device | Contract |
| Course progress and preferences (lessons completed, practice scores, theme, language) | Stored in first-party m4ml.* cookies on your device, and synced to your account when you are signed in, so you can pick up where you left off | Contract |
| Support messages (your email, the message text, your UI language, and which page you wrote from) | To answer your question and fix problems | Contract / legitimate interests |
| An anonymous presence signal (your country and the page you are on — no IP address is stored) | To see roughly how many people are using the Service and where | Legitimate interests |
| Subscription and payment status (plan, renewal date, Stripe references) | To give you the access you paid for | Contract |
Payments are handled entirely by Stripe. Your card number goes straight to Stripe — we never see it and never store it.
We do not show advertising, use tracking pixels, sell your data, or send marketing emails. Our analytics (Cloudflare Web Analytics) is cookieless and collects no personal data.
3. Our lawful bases
- Contract — we need your email, progress, and payment status to provide the account and access you signed up for.
- Legitimate interests — keeping the Service secure and understanding aggregate usage (never in a way that overrides your rights).
- Consent — where it applies, for example if you choose to sign in with Google or X. You can withdraw consent at any time.
4. Cookies and local storage
| What | Type | Purpose |
|---|---|---|
m4ml.* cookies | First-party, functional | Remember your progress, theme, and language on this device |
| Supabase session token | Strictly necessary | Keeps you signed in; stored in your browser |
| Cloudflare Web Analytics | Cookieless | Aggregate page statistics — sets no cookies and stores no personal data |
That is the full list. We set no advertising or cross-site tracking cookies at all, which is why you do not see a cookie consent banner: UK rules only require consent for cookies that are not strictly necessary for the service you asked for, and everything above either is strictly necessary or is functional storage you control through your own use of the Service.
5. Service providers (sub-processors)
We share the minimum necessary with a small number of providers who process data on our behalf:
- Cloudflare — hosting, CDN, and cookieless Web Analytics.
- Supabase — authentication and the database that stores your account and synced progress.
- Stripe — payment processing and subscription billing.
- Resend — transactional email (for example sign-in links and receipts). No marketing email.
- Google Fonts — the fonts on this site are served by Google, so your browser’s IP address reaches Google when it fetches the font files.
- Google or X — only if you choose to sign in with one of them; they then process your sign-in under their own policies.
Some of these providers are outside the UK. Where data leaves the UK, it is protected by UK GDPR safeguards — UK adequacy decisions or standard contractual clauses (SCCs) with the UK addendum.
6. How long we keep your data
- Account data — kept while your account exists. You can ask us to delete your account at any time via support; we then anonymise your data.
- Invoice and payment records — kept for 6 years, because UK tax law (HMRC) requires it, even after your account is deleted.
- Support messages — kept only as long as needed to resolve your query and a reasonable period afterwards.
7. Your rights
Under the UK GDPR you have the right to:
- access the personal data we hold about you;
- rectify it if it is wrong;
- erase it (“right to be forgotten”);
- receive a copy in a portable format;
- restrict or object to certain processing.
To exercise any of these, use the “Contact support” option on your account page or email [email protected]. We will respond within one month. If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk.
8. Security
We use reputable providers and sensible technical and organisational measures to protect your data, including encryption in transit and access controls on the database. No system is perfectly secure, but the small amount of data we hold keeps the risk low, and we work to keep it that way.
9. Children
The Service is not directed at children under 13, and we do not knowingly collect their data. If you believe a child has given us personal data, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. If a change is significant we will give reasonable notice, for example a notice in the app or an email to account holders. The effective date at the top shows the current version.
11. Contact
Privacy questions or requests: use “Contact support” on your account page, email [email protected], or write to Ivelin Rangelov Likov, 21 Bateman Road, London, E4 8ND, United Kingdom.