Mmarqit
Log inStart free
Back home

Privacy Policy

Last updated 2 June 2026

Marqit is a parent-led revision service: an adult account holder creates the account and adds child profiles. This policy explains what personal data we collect, why, and the rights you and your children have. It is written to comply with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Marqit Ltd (“Marqit”, “we”, “us”) is the data controller for the personal data described in this policy. You can reach us at privacy@marqit.app.

Registered office: [Marqit Ltd registered address]. Company number: [company number]. ICO registration: [ICO registration number].

2. The parent-led model

Accounts may only be created by an adult (18 or over) — typically a parent or guardian. The account holder adds child profiles for the students who will use Marqit and is responsible for those profiles. By adding a child, you confirm you have parental responsibility for that child or are otherwise authorised to provide their information and consent to its processing as described here.

3. What we collect

Account holder (parent) data

  • Email address and authentication details (we store a securely hashed password, never the password itself).
  • Account and billing status, and payment records if you subscribe to a paid plan.

Child profile data

  • The child’s name (or nickname) and year group, as entered by the account holder.
  • Mock exam attempts: the answers a child submits, scores, marking feedback, timing, and usage history.

Technical data

  • Essential session cookies used to keep you signed in.
  • Basic operational logs (e.g. error and request logs) generated by our hosting provider.

We do not require a child’s real name, email, date of birth, or any special-category data, and we ask that you do not enter more information about a child than is needed to use the service.

4. How and why we use data

  • To provide the service — creating accounts and child profiles, running mock exams, and marking answers. Legal basis: performance of our contract with the account holder.
  • To mark answers with AI — a child’s written answers and the relevant mark scheme are sent to our AI marking provider to generate feedback (see section 6). Legal basis: performance of our contract.
  • To keep the service secure and working — authentication, abuse prevention, and enforcing fair-use limits. Legal basis: our legitimate interests in running a safe, reliable service.
  • To take payment — if you subscribe. Legal basis: performance of our contract and compliance with our legal obligations.
  • To contact you — service and account emails such as email verification. Legal basis: performance of our contract. We will only send marketing email with your consent.

5. AI marking and your data

Marking is performed by a large language model. When a mock is submitted, the child’s answer text and the mark scheme are sent to our AI provider, Anthropic, which returns a score and feedback. We instruct Anthropic to process this data solely to provide the marking result and not to train its models on it. We log the volume of processing (token counts) to monitor cost and quality, but the marking itself is not used to build advertising or unrelated profiles.

6. Service providers (processors)

We share data with a small number of providers who process it on our behalf under contract:

  • Supabase — database, authentication, and hosting of account, profile, and attempt data.
  • Anthropic — AI marking of submitted answers, as described above.
  • Stripe — payment processing for paid plans. We do not store full card details; these are handled by Stripe.

Some providers may process data outside the UK. Where they do, the transfer is protected by appropriate safeguards such as the UK International Data Transfer Agreement or an adequacy decision.

7. How long we keep data

We keep account and child profile data for as long as the account is active. If you delete a child profile, its attempts and answers are deleted with it. If you close your account, we delete or anonymise personal data within a reasonable period, except where we must keep limited records (for example, billing records) to meet legal obligations.

8. Your rights

Under UK data protection law you (and, through you as the account holder, your child) have the right to access, correct, delete, restrict, or object to the processing of personal data, and the right to data portability. You can delete child profiles directly from your dashboard. To exercise any other right, email privacy@marqit.app and we will respond within one month.

9. Security

Access to data is restricted by row-level security so that an account holder can only see their own account and children. Passwords are hashed, connections are encrypted in transit, and access to production systems is limited. No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.

10. Changes to this policy

We may update this policy from time to time. If we make a material change we will update the date above and, where appropriate, notify the account holder by email.

11. Complaints

If you have a concern about how we handle personal data, please contact us first. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.