Privacy Policy

10to10 ("we", "us", or "our") operates the 10to10 mobile application and website at 10to10.app. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.

By using 10to10, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

Account information

When you create an account, we collect your name, email address, grade level (2–12), and a password. Passwords are hashed using bcrypt and are never stored in plain text.

Practice data

We collect your answers to grammar questions, accuracy scores, session history, and mistake patterns. This data is used to personalise your learning experience, generate revision sessions, and track progress over time.

Contact form submissions

When you submit the contact form on our website, we collect your name, email address, subject, and message. We also record your IP address for rate-limiting and abuse prevention purposes.

Technical data

We may collect device type, operating system version, and app version for troubleshooting and improving the app experience. We use Vercel Analytics and Speed Insights on our website, which collect anonymous, aggregated usage data with no personal identifiers.

• Provide and personalise your daily grammar practice sessions
• Generate Day 7 revision sessions based on your mistake patterns
• Track your progress and level progression
• Respond to your contact form inquiries
• Send important service updates (e.g. password resets, account changes)
• Prevent abuse and enforce rate limits
• Improve and optimise the app experience

We do not sell your personal data. We do not use your data for advertising. We do not share your data with third-party advertisers.

Your data is stored securely using industry-standard practices:

• Database hosted on Supabase (PostgreSQL) with encryption at rest
• All data transmitted over HTTPS (TLS encryption in transit)
• Passwords hashed with bcrypt (never stored in plain text)
• JWT-based authentication with separate secrets for student and admin access
• Row-level security enabled on database tables
• API rate limiting to prevent abuse

We use the following third-party services to operate 10to10:

• Supabase — database hosting (your data is stored here)
• Railway — backend API hosting
• Vercel — website and admin panel hosting, analytics
• Expo / React Native — mobile app framework

These services have their own privacy policies. We only share the minimum data necessary for each service to function.

10to10 is designed for students in grades 2 through 12, which includes children under 13. We take children's privacy seriously:

• We collect only the minimum data necessary for the app to function
• We do not include social features, chat, or user-generated content
• We do not display advertisements or use data for ad targeting
• We do not sell or share children's data with third parties
• Parents or guardians may request deletion of their child's data at any time

If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us and we will promptly delete it.

We retain your account data and practice history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.

Contact form submissions and associated IP addresses are retained for up to 12 months for abuse prevention and support purposes, after which they are deleted.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent at any time by deleting your account

To exercise these rights, please contact us. We will respond within 30 days.

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. We encourage you to review this page periodically for any changes.

If you have questions about this Privacy Policy or how we handle your data, please reach out:

• Email: hello@10to10.app
• Contact form: 10to10.app/contact