Privacy Policy
How we collect, use, and protect your data
1. Introduction
TE&MX ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the TE&MX practice and assessment platform ("the Platform").
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using the Platform, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
TE&MX is the data controller for the personal data processed through this Platform. If you have any questions about how we handle your data, please contact us at:
TE&MX
Email: info@teandmx.co.uk
3. What Data We Collect
We collect the following categories of data:
| Data Type | Examples | Purpose |
|---|---|---|
| Account Data | Name, username, organisation | To identify you and provide access |
| Usage Data | Questions attempted, self-ratings, time spent | To track progress and generate reports |
| Response Data | Written answers to practice questions | To provide AI feedback and track progress |
| Technical Data | IP address, browser type, device type | To maintain security and improve the Platform |
4. How We Use Your Data
We use your personal data for the following purposes:
- Providing the service: To give you access to practice tools, generate AI feedback on your answers, and display your results.
- Progress tracking: To show you and, where applicable, your Organisation how you are progressing across different topics.
- Improving the Platform: To analyse usage patterns and improve our questions, content, and features.
- Communication: To send you important updates about the Platform or your account.
- Security: To protect the Platform against misuse, fraud, or unauthorised access.
5. Lawful Basis for Processing
We process your data under the following lawful bases:
- Contract: Processing necessary to provide the service you or your Organisation have subscribed to (Article 6(1)(b) UK GDPR).
- Legitimate interests: Processing necessary for our legitimate interests in improving the Platform and maintaining security, where these interests are not overridden by your rights (Article 6(1)(f) UK GDPR).
- Consent: Where we send optional marketing communications, we will obtain your consent first (Article 6(1)(a) UK GDPR).
6. AI Processing and Third-Party Services
When you submit a written answer for AI feedback, the text of your answer is sent to Google's Gemini AI service via a secure proxy server for processing. You should be aware that:
- Only the text of your answer and the question context are sent. No personally identifiable information (such as your name, email, or username) is included in AI requests.
- AI requests are processed through our secure Cloudflare Worker proxy. Your data is encrypted in transit.
- Google may process this data in accordance with their own privacy policy. We recommend reviewing Google's Privacy Policy for details.
- We do not use your answers to train AI models. Google's terms for the Gemini API state that API data is not used to train their models.
7. Data Sharing
We may share your data with:
- Your Organisation: If your access is provided through an employer, training provider, or educational institution, they may have access to your usage data and progress reports. This is necessary to support your learning and development.
- Service providers: We use trusted third-party services to operate the Platform, including Cloudflare (hosting and security) and Google (AI processing). These providers process data on our behalf under appropriate data processing agreements.
- Legal requirements: We may disclose your data if required to do so by law or in response to valid legal requests from public authorities.
We will never sell your personal data to third parties.
8. Data Retention
- Account data: Retained for the duration of your subscription and deleted within 90 days of account closure.
- Usage and response data: Retained for the duration of your subscription. Anonymised, aggregated data may be retained indefinitely for analytics purposes.
- Technical data: Server logs are retained for a maximum of 30 days.
9. Data Security
We take appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit using HTTPS/TLS.
- API keys and secrets stored securely using encrypted environment variables, never in client-side code.
- Rate limiting to prevent abuse of the Platform.
- Regular review of security practices.
10. Your Rights
Under UK GDPR, you have the following rights:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct inaccurate data.
- Right to erasure: You can ask us to delete your data ("right to be forgotten").
- Right to restrict processing: You can ask us to limit how we use your data.
- Right to data portability: You can request your data in a structured, commonly used format.
- Right to object: You can object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at info@teandmx.co.uk. We will respond within 30 days.
11. Cookies
The Platform uses sessionStorage (browser session data) to maintain your login state and track progress during a session. This data is automatically cleared when you close your browser. We do not use tracking cookies or third-party advertising cookies.
12. Children's Privacy
The Platform is intended for users aged 16 and over. If access is provided to users under 16, this must be arranged through their educational institution, which is responsible for obtaining appropriate parental consent.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via the Platform or by email. The "last updated" date at the bottom of this page will always reflect the most recent version.
14. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
This Privacy Policy is effective from 15 February 2026.
Last updated: 15 February 2026.