MLAbuddy Logo

Privacy Policy

Last updated: August 2025

Your privacy is important to us. This Privacy Policy describes how PLABOO LTD ("we", "our", or "us") collects, uses, and protects your personal data when you visit and use mlabuddy.co.uk (our "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

1.1. The data controller responsible for your personal data is PLABOO LTD.

1.2. You can contact us regarding any privacy matters by emailing us at [email protected].

1.3. Our Data Protection Officer can be reached at the same email address for any data protection queries.

2. Information We Collect

Personal Data You Provide

We collect personal data that you voluntarily provide to us when you:

  • Register for an account (name, email address, password)
  • Subscribe to our premium services (billing information)
  • Contact us for support (name, email, inquiry details)
  • Participate in surveys or feedback forms
  • Interact with our AI tutoring system (questions, responses, learning preferences)

Automatically Collected Data

When you visit our Service, we automatically collect certain information, including:

  • Device information (IP address, browser type, device type, operating system)
  • Usage data (pages visited, time spent, click patterns)
  • Cookies and similar tracking technologies
  • Log data (access times, errors, referring URLs)

AI Interaction Data

As an AI-powered educational platform, we collect:

  • Your questions and conversations with our AI tutor
  • Learning progress and performance data
  • Study patterns and preferences
  • Feedback on AI responses and educational content

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you agree to receive marketing communications or use optional features
  • Contract Performance: To provide our educational services and process payments
  • Legitimate Interest: To improve our services, ensure security, and conduct analytics
  • Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and maintain our AI tutoring services
  • To personalize your learning experience and track progress
  • To process payments and manage subscriptions
  • To communicate with you about your account and our services
  • To provide customer support and respond to inquiries
  • To improve our AI algorithms and educational content
  • To detect fraud and ensure platform security
  • To comply with legal obligations and resolve disputes
  • To send marketing communications (with your consent)

5. AI and Machine Learning Data Usage

How we use your interaction data to improve our AI:

  • We analyze anonymized conversation patterns to enhance our AI tutoring system
  • Learning progress data helps us identify areas for content improvement
  • User feedback is used to train and refine our AI responses
  • All AI training uses aggregated, anonymized data only

Important: Your personal conversations and individual learning data are never shared with third parties or used to identify you personally in our AI training processes.

6. How We Share Your Information

We may share your personal data in the following circumstances:

Service Providers

  • Payment Processing: Stripe (for secure payment processing)
  • Analytics: Google Analytics (for website usage analysis)
  • Email Services: For sending service-related communications
  • Cloud Hosting: Secure cloud providers for data storage

Legal Requirements

We may disclose your data if required by law, court order, or government request, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

7. Data Retention

We retain your personal data for the following periods:

  • Account Data: Until you delete your account or request deletion
  • Conversation History: For the duration of your subscription plus 2 years
  • Payment Information: As required by tax and accounting laws (typically 7 years)
  • Analytics Data: Aggregated data may be retained indefinitely for service improvement
  • Marketing Communications: Until you unsubscribe or object

We regularly review our retention periods and will delete data when it is no longer necessary for the purposes for which it was collected.

8. Your Data Protection Rights

Under UK GDPR and data protection laws, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional features

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Analyze how you use our website
  • Provide personalized content and advertisements
  • Ensure security and prevent fraud

Types of Cookies We Use

  • Strictly Necessary: Essential for website functionality
  • Performance: Help us understand how visitors use our site
  • Functional: Remember your preferences and improve user experience
  • Marketing: Track effectiveness of our marketing campaigns

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.

For users between 13 and 16 years of age, we require parental consent before collecting their personal data.

If we become aware that we have collected personal data from a child under the appropriate age without parental consent, we will take steps to delete that information immediately.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including:

  • United States (for cloud hosting and analytics services)
  • Other countries where our service providers operate

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the UK Government.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

13. Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by UK GDPR. We will also notify the relevant supervisory authority where required.

14. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. These include:

  • Stripe for payment processing
  • Google Analytics for website analytics
  • Educational content providers

These third parties have their own privacy policies. We recommend reviewing their privacy practices before providing them with personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.

We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Sending you an email notification (for significant changes)
  • Displaying a notice on our website

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

Website: mlabuddy.co.uk

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

Ready when you are

Start practising free. Right now.

No credit card. No credits to top up. Just sign up and start speaking to AI patients within 60 seconds.