Privacy Policy
Effective date: May 1, 2026
1. Who We Are
UClass.one is operated by Natalia Aksenenko, an individual entrepreneur registered in the Czech Republic (IČO: 22474650), with a registered address at Českobrodská 942, 198 00, Praha 9 — Hostavice, Czech Republic.
UClass.one is a client-management platform designed for coaches, teachers, and other independent instructors ("Instructors"). For questions about this Privacy Policy, contact us at support@uclass.one.
2. Roles and Responsibilities
- UClass.one as Data Controller. We are the controller of the personal data that Instructors provide when they create an account and use the platform (account data, profile data, usage analytics).
- UClass.one as Data Processor. When an Instructor enters information about their clients (students, athletes, pupils — "Clients"), UClass.one acts as a data processor on behalf of the Instructor. The Instructor is the data controller for Client data and is responsible for having a lawful basis (such as consent or contractual necessity) to enter that data into UClass.one.
3. What Data We Collect
3.1 Instructor Account Data
| Category | Examples |
|---|---|
| Account credentials | Email address, password (stored as a BCrypt hash — we never store plaintext passwords) |
| Profile information | Name, country, city, profile picture. If you choose to use device location to fill your profile location, we process it only to derive country and city; raw coordinates are not stored |
| Authentication providers | If you sign in with Google or Apple, we receive and store your provider-specific identifier and basic profile information (name, avatar URL, language) |
| Preferences & settings | Language, working hours, time zone |
| Subscription information | Subscription tier, purchase and expiry dates, subscription status, store identifiers, product identifiers, RevenueCat customer and subscription identifiers, environment, and related webhook or sync metadata |
3.2 Client Data (entered by the Instructor)
| Category | Examples |
|---|---|
| Basic information | Name, gender, date of birth, notes, achievements |
| Contact details | Phone number, email address |
| Parent/guardian information | Name, contact details |
| Health information | Health status notes — see Section 4 below |
| Scheduling & attendance | Class schedules, attendance records |
| Payments | Pass purchases, payer name |
3.3 Automatically Collected Data
| Category | Examples |
|---|---|
| Analytics events | User identifier, actions performed in the app (e.g., creating a client), event parameters, session identifier, platform, app version, timestamp |
| Daily activity summaries | User identifier, date, activity type |
| Crash reports | If the app crashes, we may collect your user identifier, account email address, an optional message you write, a screenshot, and a technical stack trace to diagnose the issue |
| Email delivery records | Recipient addresses, subject, and delivery status for transactional emails we send on your behalf |
| Security and anti-abuse data | Turnstile token, IP address, request headers, browser/device signals, verification result, and related rate-limiting metadata for registration, account deletion, and other sensitive forms |
3.4 Requests and Support Data
| Category | Examples |
|---|---|
| Account deletion and support requests | Email address, optional message or note, request status, related operational metadata, and screenshots or files you choose to submit |
| Waitlist signups | Email address and signup source when you ask to be notified about the launch |
3.5 Data We Do Not Collect
We do not use third-party advertising trackers, social-media pixels, or behavioural profiling tools. Our product analytics system is built in-house and sends data exclusively to our own servers.
We do not receive or store full payment card numbers, bank account details, or store account passwords. Payments made through the Apple App Store, Google Play, or another supported store are processed by that store or payment provider. We receive only the subscription and entitlement information needed to provide paid-tier access, maintain billing records, support customers, and prevent abuse.
4. Health Data (Special Category)
Instructors may optionally record health-related notes about their Clients. Under the GDPR, health data is a "special category" of personal data (Article 9). We apply the following safeguards:
- Explicit consent. Health data can only be entered after the Instructor records that explicit consent has been given by the Client (or their parent/guardian). The date, source, and status of consent are tracked.
- Encryption at rest. Health data is encrypted using AES-256-GCM with versioned encryption keys. It is stored in encrypted form and decrypted only when accessed by the authorised Instructor.
- Access logging. Every read and write of health data is recorded in a structured application audit log.
- Automatic purge. When a Client record is archived, its health data is automatically and irreversibly cleared (set to null) after 6 months. The consent record is also marked as revoked at this time for record-keeping purposes. The consent metadata (date and source) is retained for accountability.
- Consent revocation. If consent is revoked, the health data is immediately cleared and the record is marked as revoked.
UClass.one records the Instructor's attestation that consent has been obtained but cannot independently verify the validity of such consent. The Instructor bears full legal responsibility for the accuracy of consent records entered into the platform.
5. Legal Basis for Processing
Under EU privacy law, we are required to have a specific legal reason ("basis") for each type of data processing. The table below lists those reasons.
| Processing activity | Legal basis (GDPR) |
|---|---|
| Account creation and management | Article 6(1)(b) — performance of a contract |
| Sending transactional emails (confirmations, password resets) | Article 6(1)(b) — performance of a contract |
| Optional location autofill | Article 6(1)(a) — consent. Location is processed only if you choose to use this feature and grant device permission. |
| Security and anti-abuse checks, including Cloudflare Turnstile and rate limiting | Article 6(1)(f) — legitimate interest. We have a legitimate interest in protecting the platform, public forms, and user accounts from automated abuse, spam, and unauthorised access. |
| Analytics and service improvement | Article 6(1)(f) — legitimate interest. We have a legitimate interest in understanding how the platform is used to improve it. This processing involves pseudonymous event data and is limited in scope. You may object to this processing (see Section 10). |
| Crash report collection | Article 6(1)(f) — legitimate interest. We have a legitimate interest in diagnosing technical issues to maintain service quality. Crash data is retained for a limited period (90 days). |
| Account deletion, support, and data subject requests | Article 6(1)(c) — legal obligation where required by data protection law, and Article 6(1)(f) — legitimate interest in handling requests, preventing abuse, and keeping accountability records. |
| Subscription management and billing records | Article 6(1)(b) — performance of a contract, and Article 6(1)(c) — legal obligations related to accounting, tax, consumer protection, and dispute handling where applicable |
| Processing Client data on behalf of the Instructor | Article 28 — UClass.one processes Client data solely on the Instructor's documented instructions as a data processor. The Instructor (as data controller) is responsible for establishing their own legal basis for collecting Client data. |
| Health data processing | The Instructor (as data controller) must obtain explicit consent from the data subject under Article 9(2)(a). UClass.one processes health data solely as a processor under the Instructor's instructions and Article 28. |
| AI-assisted import parsing | Article 28 — where imported files contain Client data, UClass.one processes the data as a processor on the Instructor's documented instructions. |
| Audit logging of health data access | Article 6(1)(f) — legitimate interest (security and accountability) |
6. How We Use Your Data
We use the data we collect to:
- Provide, maintain, and improve the UClass.one platform
- Authenticate your identity and secure your account
- Send transactional emails (account confirmations, password resets, notifications)
- Verify human interaction and prevent automated abuse on sensitive forms
- Process account deletion, support, and data protection requests
- Assist with data import parsing when you use the import tools
- Diagnose and fix technical issues (via crash reports)
- Understand how the platform is used so we can improve it (via analytics)
- Fulfil our contractual obligations under your subscription, including granting, synchronising, renewing, expiring, cancelling, and restoring paid-tier access
We do not sell your data, use it for advertising, or share it with third parties for their own marketing purposes.
7. Sub-Processors
We use the following third-party services to operate UClass.one:
| Sub-processor | Data processed | Purpose | Location |
|---|---|---|---|
| Cloudflare R2 | Profile pictures, uploaded import files, support/crash screenshots, and other files uploaded through product features | Object storage and file delivery | Cloudflare network; bucket location depends on the configured R2 bucket (Cloudflare DPA and Standard Contractual Clauses apply) |
| Cloudflare Turnstile | Turnstile token, IP address, request headers, browser/device signals, verification result | Bot prevention, fraud and abuse protection for registration, account deletion, and other sensitive forms | Global / USA (Cloudflare DPA and Standard Contractual Clauses apply) |
| Google OAuth | Google account identifier, name, avatar URL | Authentication | USA (Standard Contractual Clauses apply) |
| Apple ID | Apple account identifier, name | Authentication | USA (Standard Contractual Clauses apply) |
| Apple App Store | Subscription purchase, renewal, cancellation, refund, and entitlement information for iOS subscriptions | In-app purchase processing and subscription management | Apple infrastructure; see Apple's privacy and payment terms |
| Google Play | Subscription purchase, renewal, cancellation, refund, and entitlement information for Android subscriptions | In-app purchase processing and subscription management | Google infrastructure; see Google's privacy and payment terms |
| RevenueCat | App user identifier, product identifiers, entitlement status, purchase and expiry dates, store transaction identifiers, subscription status, webhook events, and related subscription metadata | Subscription entitlement management, store webhook aggregation, and billing sync | USA / global infrastructure (RevenueCat DPA and Standard Contractual Clauses apply) |
| Resend | Email addresses, email content | Transactional email delivery | USA (Standard Contractual Clauses apply) |
| Supabase | Waitlist email address and signup source | Launch notification waitlist storage | EU, as configured for the waitlist project (Supabase DPA applies) |
| Anthropic (Claude API) | A masked/pseudonymised sample of files uploaded during data import (e.g., class schedules, client lists). Values are partially redacted before sending, but the sample may still contain personal data. | AI-assisted data import parsing | USA (Standard Contractual Clauses apply) |
Standard Contractual Clauses (SCCs) are a legal mechanism approved by the European Commission that requires these companies to protect your data to European standards, even when they are based outside the EU.
We enter into appropriate data processing agreements with each sub-processor to ensure your data is protected in accordance with the GDPR (see Section 13 for details on international transfers).
If we enable a different AI provider for production imports, we will update this table before using that provider to process personal data.
8. Data Retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account |
| Unactivated accounts | Suspended after 48 hours of inactivity; permanently deleted after an additional 30-day grace period |
| Third-party authentication identifiers (Google, Apple) | Until you delete your account |
| Subscription and billing records | For as long as needed to provide access, resolve billing or support issues, prevent fraud or abuse, and comply with applicable accounting, tax, consumer protection, or legal obligations |
| Client data | Until deleted by the Instructor or until account deletion |
| Health data (archived clients) | Automatically cleared 6 months after archiving |
| Health data (active clients) | Retained for as long as the Client record is active and consent has not been revoked |
| Health data (consent revoked) | Cleared immediately upon revocation |
| Questionnaire data (newcomers) | Automatically deleted after 30 days |
| Import session data and uploaded import files | Automatically deleted after 7 days |
| Uploaded files used by active product features | Until deleted by the Instructor, replaced by the user, or removed during account deletion |
| Session tokens | Automatically deleted upon expiry |
| Turnstile tokens and verification data | Turnstile tokens are short-lived and used for verification only; we keep only limited security/rate-limiting records as needed to protect the service |
| Analytics events | Retained for up to 12 months, then deleted |
| Crash reports | Retained for up to 90 days, then deleted |
| Sent email records | Retained for up to 90 days, then deleted |
| Account deletion, support, and data subject request records | Retained as long as needed to process the request, maintain security, prevent abuse, resolve disputes, or comply with law |
| Waitlist emails | Retained until the launch notification has been sent, after which you may request deletion at any time |
When you request account deletion, we first check whether an active App Store, Google Play, or other store-managed subscription is still attached to the account. If you have an active App Store, Google Play, or other store-managed subscription, account deletion will not be processed until the subscription is cancelled in the relevant store and the current entitlement period has ended. When deletion processing can begin, your account is deactivated immediately and all sessions are terminated. Eligible product data is permanently and irreversibly removed within 30 days, including workspaces, client records, files, and settings. Limited billing, fraud-prevention, support, accountability, and legal records may be retained for the periods described above where necessary.
9. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Passwords are hashed with BCrypt and never stored in plaintext
- Health data is encrypted at rest with AES-256-GCM and versioned encryption keys
- Uploaded files are stored in Cloudflare R2; health data remains separately encrypted at application level as described above
- Authentication tokens are stored in encrypted device storage on mobile (iOS Keychain, Android EncryptedSharedPreferences). On the web, tokens are stored in browser local storage and persist across sessions
- Cloudflare Turnstile and rate limiting help protect sensitive public forms from automated abuse
- Internal service-to-service communication uses encrypted headers
- Access to health data is recorded in a structured application audit log
10. Your Rights
Under the GDPR, you have the following rights:
Rights you can exercise directly in the app
- Right of access — view your account data and profile at any time
- Right to rectification — update your profile, settings, and client records
- Right to erasure — request permanent account deletion (Settings → Delete Account). Active App Store, Google Play, or other store-managed subscriptions must be cancelled in the relevant store and must no longer be active before account deletion can be processed. When deletion processing can begin, your account is deactivated immediately and eligible product data is permanently removed within 30 days, subject to the limited billing, fraud-prevention, support, accountability, and legal-retention records described in Section 8.
Rights that require a manual request
For the following requests, please email support@uclass.one. We will respond within one month (this period may be extended by a further two months for complex requests, with notification).
- Right to data portability — request an export of your data in a machine-readable format
- Right to restriction of processing — request that we limit how we process your data
- Right to object — object to processing based on legitimate interest (analytics)
- Right to withdraw consent — where processing is based on consent (e.g., health data), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Client data export or deletion — if you need bulk export or deletion of client records beyond what is available in the app
You also have the right to lodge a complaint with a supervisory authority (see Section 15).
For Clients of Instructors
If you are a Client (student, athlete, pupil) whose data has been entered by an Instructor, your data controller is the Instructor. Please contact your Instructor directly to exercise your data protection rights. If you are unable to reach your Instructor, you may contact us at support@uclass.one and we will assist where possible.
11. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
12. Children's Data
UClass.one accounts may only be created by adults. We do not knowingly offer our service directly to children. Instructors may enter data about minor clients (e.g., students, young athletes) in their capacity as data controllers. Instructors are responsible for complying with all applicable laws regarding the processing of minors' data, including obtaining parental or guardian consent where required.
13. International Data Transfers
We aim to store primary application data within the European Union where our infrastructure is configured to do so. Some sub-processors operate global networks or are based outside the EU (see Section 7). Where data is transferred outside the EU, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other applicable safeguards to ensure an adequate level of data protection.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes include changes to the categories of personal data we collect, the purposes for which we process it, the legal basis for processing, or the introduction of new sub-processors. When we make material changes, we will notify you by email or through a notice in the app at least 14 days before the changes take effect. The "Effective date" at the top of this page indicates when the policy was last revised.
15. Contact
- Privacy and general support questions: support@uclass.one
- Postal address: Natalia Aksenenko, Českobrodská 942, 198 00, Praha 9 — Hostavice, Czech Republic
UClass.one has not designated a Data Protection Officer (DPO), as this is not required under the applicable criteria of GDPR Article 37.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the Czech Republic, the relevant authority is the Office for Personal Data Protection (ÚOOÚ).