Privacy Policy

This Privacy Policy describes how Studible ("Studible", "we", "us", "our") collects, uses, stores, and shares personal information. Studible is operated by Noetic Labs, a company registered in Botswana (placeholder — full registered name, company number, and registered address pending registration). Noetic Labs is the data controller for personal information processed through Studible.

This policy covers the Studible marketing website at studible.co.bw, the Studible learner app delivered through the web at app.studible.co.bw and through native mobile apps where available, and any related services we operate under the Studible brand (together, the "Service").

It does not cover third-party websites we may link to. When you follow a link away from Studible, the destination's own privacy policy applies.

For any privacy-related question, to exercise your rights, or to make a complaint, email us at hello@studible.co.bw.

We collect only the data we need to run Studible and deliver the Service you asked for. We group it into three categories:

A. Information you give us directly

• Account registration: your first name, last name, mobile phone number (which we parse for country and ISO code), and a password. Your phone number is the primary identifier for your account.
• Profile details you choose to add: email address, date of birth, gender (Male / Female / Prefer not to say), curriculum (BGCSE or IGCSE), grade (Form 4 or Form 5), school (either selected from our catalogue, entered manually, or marked as "independent learner"), and your preferred daily study goal (15, 30, 45, or 60 minutes). These fields are optional.
• Subscription and payment data: when you subscribe to a paid plan, our payment processor (placeholder — provider to be confirmed) collects the payment details needed to settle the transaction. We receive confirmation of the payment, the plan purchased, and the amount, but we do not store full card or mobile-money credentials on our systems.
• Communications with us: the content of emails, support tickets, social-media messages, or other communications you send us, along with any attachments and contact details included.
• Messages to Thuto AI: the text of questions, answers, and follow-ups you send to our Thuto AI tutor.
• Notification preferences: your chosen settings for push notifications, email updates, and SMS reminders.

B. Information generated as you use Studible

• Learning activity: courses and topics you've enrolled in, lessons and microlessons you open, time spent per lesson, completion status, exercise answers, scores, and timestamps.
• Mastery and performance data: per-concept mastery percentage, weighted mastery, sub-skill mastery, number of exercises completed, average score, last-studied timestamp, scheduled review timestamps, and topic-level roll-ups.
• Thuto AI chat history: all messages in a chat thread — both yours and Thuto's responses — stored against your account with a thread ID, sender role, and timestamp so you can return to a conversation.
• Device, connection, and log data: IP address, device type, operating system, browser type and version, referring URL, and timestamps, collected automatically for security, diagnostics, and to detect abuse.
• Product analytics events: page and screen views and key in-app events (for example, which lesson was opened) collected through Firebase Analytics. These are tied to a pseudonymous analytics identifier — see section 5.

C. Information from third parties

• Payment providers share transaction confirmation and, where applicable, a masked account reference.
• Authentication providers (Firebase Authentication) share the identifiers needed to confirm that a phone number or email belongs to you.
• Schools or partner organisations may share your enrolment details where they have arranged Studible access on your behalf and have a lawful basis to do so.

What we do not collect. We do not collect your ID-card number, home address, precise GPS location, biometric data, or any "special category" data (such as health, religion, or ethnicity). If we ever need to, we will update this policy and ask for your consent first.

We use your personal data for the following purposes, and only these purposes:

• To provide the Service: create and secure your account, show you the right courses, track your progress, run the adaptive engine that routes you to the next best lesson, and sync your data across devices.
• To power Thuto AI: send your question to an AI model and return a response (see section 5).
• To process payments for subscriptions you purchase, settle transactions, issue receipts, and handle refunds.
• To communicate with you about your account, important service announcements, security alerts, support requests, and — only where you've opted in — product updates, learning tips, and promotional offers.
• To personalise your experience, for example by setting default subjects from your curriculum, suggesting topics based on your mastery gaps, and respecting your daily study goal.
• To improve Studible: understand which features are used, fix bugs, and build better content. Where possible we use aggregated or anonymised data for this.
• To keep the Service safe: detect and prevent fraud, abuse, spam, and misuse, and enforce our Terms of Service.
• To meet legal obligations, for example keeping tax and accounting records, responding to lawful requests from public authorities, or preserving records relevant to legal claims.

Our lawful bases

Where the law (including the Botswana Data Protection Act, 2018, and — where applicable — the UK GDPR and EU GDPR) requires a lawful basis for processing, we rely on:

• Performance of a contract — to deliver the Service you signed up for.
• Legitimate interests — to keep the Service secure, prevent abuse, and improve our product, where those interests are not overridden by your rights.
• Consent — for optional things like marketing emails, SMS reminders, or non-essential cookies. You can withdraw consent at any time (see section 8).
• Legal obligation — to comply with Botswana tax, accounting, and data protection law, and to respond to lawful requests.

Studible is designed for secondary school students, typically Forms 4 and 5 in Botswana (roughly ages 15–17). Many of our users are under 18, and some are under 13. We take this responsibility seriously.

If you are under 18

• You should have the permission of a parent or legal guardian before creating an account, agreeing to our Terms, or paying for a subscription.
• Your parent or guardian is responsible for any payments made through your account.
• If at any point you, or your parent or guardian, want to review or delete your account, email hello@studible.co.bw from the phone number or email on the account.

If you are under 13

Studible is not primarily aimed at children under 13. If you are under 13, you must not create an account or use Studible without the explicit, verifiable consent of a parent or legal guardian. If we become aware that a child under 13 has registered without such consent, we will suspend the account and, unless consent is promptly provided, delete the associated personal data.

For parents and guardians

• Contact us at hello@studible.co.bw at any time to ask what personal data we hold about your child, to correct it, or to ask us to delete the account.
• We do not serve third-party targeted advertising to any user, and we never sell children's personal data.
• Where your child's school has arranged Studible access on their behalf, the school acts as the data controller for the enrolment information they share with us. We process that information as a data processor on the school's behalf.

Placeholder — we will publish a dedicated Parental Consent Form and a parent portal here once built. In the meantime, email us to exercise any of the rights above.

To deliver Thuto AI and to run the Service securely, we share carefully limited data with service providers who act as our data processors. Each is bound by a written agreement that restricts how they may use your data. We currently use:

A. Thuto AI (Google Gemini)

• The text of your questions to Thuto and limited context about the subject and lesson you are studying is sent to Google's Gemini family of models, operated by Google LLC / Google Cloud, to generate a tutoring response.
• Google has publicly committed that prompts and responses delivered through its paid Gemini API are not used to train Google's generally available models and are not shared with other customers. We rely on that commitment in our contract with Google.
• Responses are streamed back to your device in real time. The full conversation — your messages and Thuto's replies — is stored on our servers against your account so you can come back to it later. You can delete individual chats from within the app.
• We do not share your identity (name, phone, email) with Google in the chat payload. Messages are sent with a pseudonymous user reference and the subject context only.

B. Hosting & infrastructure

• Google Cloud Platform and MongoDB Atlas — host our application servers, databases, and the chat store. Chat data is stored in Mongo; a Redis cache is used for short-lived session state.
• Cloudflare — delivers our website and app over HTTPS, protects against denial-of-service attacks, and caches static assets.

C. Authentication, notifications & analytics

• Firebase Authentication (Google) — verifies your phone number or email during sign-up and sign-in.
• Firebase Analytics (Google) — collects pseudonymous product-usage events (screen views, key in-app actions) so we can see what's working. IP addresses are truncated by Firebase and we do not use Firebase Analytics for advertising.
• Firebase Storage / Firestore (Google) — store a subset of app data (legacy records and media).
• Push, email, and SMS delivery — if you opt in, we use standard transactional providers to deliver notifications. Placeholder — specific providers to be confirmed.

D. Payments

• Our payment processor (placeholder — provider to be confirmed) collects and processes the payment details needed to accept and settle payments in Botswana Pula.

We do not sell your personal data to anyone, and we do not share it with advertisers or data brokers. We do not use your data to train any AI model operated by us or by any third party.

We use a small number of cookies and similar technologies (such as local storage) to keep Studible running and to understand how it's used:

• Strictly necessary cookies / storage: keep you signed in, remember your preferences, store CSRF tokens, and keep the Service secure. These cannot be turned off.
• Analytics cookies / identifiers: help us count visits, measure feature usage, and diagnose problems. In the learner app we use Firebase Analytics with IP truncation; on the marketing site we may use a privacy-preserving analytics tool (placeholder — final analytics provider to be confirmed; a consent banner will be shown where required).

We do not use third-party advertising cookies or tracking pixels. You can clear cookies and local storage at any time through your browser or device settings; doing so may break parts of the Service (for example, you'll need to sign in again).

We keep personal data only for as long as we need it. Specifically:

• Account data (name, phone, email, profile fields): for as long as your account is active. If you delete your account, we delete or anonymise this data within 30 days, except where we're required to retain it by law.
• Learning activity and mastery data: tied to your account, deleted when your account is deleted.
• Thuto AI chat transcripts: retained for up to 24 months from the last message in the thread, then deleted or anonymised. You may delete individual chats, or your entire chat history, from within the app. When you delete your account, your chat history is deleted along with it.
• Payment records: retained for as long as required by Botswana tax and accounting law — typically at least 7 years from the end of the relevant tax year — even if you close your account.
• Support communications: typically 24 months from the close of the ticket, to help us service follow-up questions.
• Log data and security events: typically up to 90 days, longer for events tied to a suspected security incident or fraud investigation.
• Backups: our encrypted backups may contain deleted data for up to 35 days after deletion from production systems, after which they are overwritten.

Depending on where you live, and in particular under the Botswana Data Protection Act 2018 and (where it applies) the UK GDPR and EU GDPR, you have rights over the personal data we hold about you. These include:

• Access — ask for a copy of the personal data we hold about you.
• Correction — ask us to fix anything inaccurate or incomplete.
• Deletion — ask us to delete your account and associated personal data. You can also trigger this yourself from Settings → Account → Delete Account inside the learner app. Note that some records (e.g. payment history) may have to be retained to meet legal obligations — see section 7.
• Portability — ask us to provide the personal data you gave us in a structured, machine-readable format.
• Objection — object to processing based on our legitimate interests, and object to direct marketing at any time.
• Restriction — ask us to pause processing in certain circumstances.
• Withdraw consent — where we rely on your consent, you can withdraw it at any time. This does not affect the lawfulness of processing before the withdrawal.
• Complain to a supervisory authority — in Botswana, the Information and Data Protection Commission. If you are in the UK or EU, you may also contact your national supervisory authority.

To exercise any of these rights, email hello@studible.co.bw from the phone number or email on your account. We will respond within 30 days. We do not charge a fee for reasonable requests; we may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.

Some of our service providers — notably Google (Gemini, Firebase, Google Cloud), MongoDB Atlas, and Cloudflare — are headquartered outside Botswana and may store or process data in the United States, the European Union, or other jurisdictions.

When we transfer personal data outside Botswana, we rely on lawful transfer mechanisms such as Standard Contractual Clauses, adequacy decisions where applicable, and our providers' own compliance certifications (for example, ISO 27001 and SOC 2). We only transfer the data needed to deliver the Service and we keep that transfer as limited as we can.

We take security seriously and apply appropriate technical and organisational measures to protect your personal data. These include:

• Encryption in transit (HTTPS / TLS) for all traffic between your device and our servers.
• Encryption at rest on our production databases and backups.
• Role-based access controls, least-privilege engineering access, and audit logging.
• Password hashing using industry-standard algorithms — we never store your password in plain text.
• Regular dependency updates and security reviews.

No system is 100% secure. You have a part to play too: use a strong password unique to Studible, keep it private, and sign out on shared devices. If you believe your account has been compromised, or if you spot a security issue in Studible, please email us immediately at hello@studible.co.bw.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, notify you directly, in line with the Botswana Data Protection Act 2018 and other applicable law.

We may update this policy as the Service evolves or as the law changes. When we make a material change, we will update the "Last updated" date at the top of the page and — where the change is significant, and we can reach you — notify you by email, SMS, or in-app message. Your continued use of Studible after the change takes effect means you accept the updated policy.

Previous versions of this policy are available on request.

If you have any questions about this policy, how we handle your data, or how to exercise your rights, please get in touch.

Data controller: Noetic Labs (placeholder — full registered company details pending registration)
Email: hello@studible.co.bw
Postal address: Placeholder — registered company address in Botswana to be confirmed.

If you live in Botswana and you're not satisfied with our response, you can complain to the Information and Data Protection Commission of Botswana. If you live in the UK or EU, you may also complain to your national data protection authority.