Privacy Policy
Last updated: November 2, 2025
PRIVACY POLICY
Last Updated: November 2, 2025
YOUR PRIVACY MATTERS TO US
At Lab Novo, we're committed to protecting your privacy while helping you achieve your academic goals. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at https://labnovo.org/.
LAB NOVO LIMITED ("Lab Novo", "we", "us", or "our") is a UK-registered company subject to UK GDPR and Data Protection Act 2018.
Questions? Email us at support@labnovo.org
---
QUICK SUMMARY
📧 What We Collect: Email, name, payment info (via Stripe), browsing data
🔒 How We Use It: Account management, order processing, platform improvement
🛡️ Security: SSL encryption, secure databases, Stripe payment handling
👤 Your Rights: Access, correct, delete, or export your data anytime
🌍 Data Location: Database in US (Neon PostgreSQL us-east-1), VPS hosting with Coolify
🍪 Cookies: Essential cookies only, no third-party tracking
📧 Marketing: Easy opt-out from our newsletters
---
TABLE OF CONTENTS
1. INFORMATION WE COLLECT
2. HOW WE USE YOUR INFORMATION
3. HOW WE SHARE YOUR INFORMATION
4. DATA RETENTION
5. DATA SECURITY
6. YOUR PRIVACY RIGHTS (UK GDPR)
7. COOKIES & TRACKING
8. THIRD-PARTY SERVICES
9. CHILDREN'S PRIVACY
10. INTERNATIONAL DATA TRANSFERS
11. UPDATES TO THIS POLICY
12. CONTACT US
---
1. INFORMATION WE COLLECT
A. Information You Provide Directly
Account Creation:
• Email address (required for login and order confirmations)
• Name (optional, for personalization)
• Password (encrypted and never stored in plain text)
Authentication Methods:
• Google Sign-In: If you choose Google authentication, we receive your Google email and name
• Email Magic Links: We send secure one-time login links to your email
Purchases:
• Payment information is processed by Stripe (we never store your full card details)
• Billing email for receipts
• Order history and purchase records
Newsletter Subscription:
• Email address (optional)
• Name (optional)
• Subscription preferences
Support Requests:
• Contact information
• Issue descriptions
• Any files you voluntarily submit
Reviews & Feedback:
• Review content
• Ratings
• Your display name (if provided)
B. Information Collected Automatically
Usage Data:
• Pages visited on Lab Novo
• Products viewed and purchased
• Time spent on platform
• Login frequency and times
Technical Data:
• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Referring website
• Language preferences
Session Data:
• Stored via secure, HTTP-only cookies
• Used for authentication and maintaining your logged-in state
• Automatically cleared when you log out
---
2. HOW WE USE YOUR INFORMATION
Essential Platform Functions:
✓ Create and manage your account
✓ Process your orders and deliver digital products
✓ Send order confirmations and download links
✓ Authenticate your identity securely
✓ Provide customer support
✓ Prevent fraud and maintain platform security
Platform Improvement:
✓ Analyze usage patterns to improve user experience
✓ Fix bugs and technical issues
✓ Test new features
✓ Monitor platform performance
Communications (With Your Consent):
✓ Send newsletters with study tips and new resources
✓ Notify you of new products matching your exam board
✓ Share special offers and discounts
✓ Request feedback on purchased materials
You can opt out of marketing emails anytime by clicking "unsubscribe" or emailing us.
Legal Compliance:
✓ Comply with UK laws and regulations
✓ Respond to legal requests and prevent illegal activity
✓ Enforce our Terms of Service
✓ Protect our intellectual property rights
---
3. HOW WE SHARE YOUR INFORMATION
We Do NOT sell or rent your personal data to third parties.
We share data only with:
A. Essential Service Providers
Stripe (Payment Processing):
• Handles all payment transactions securely
• PCI-DSS Level 1 certified
• Processes card details (we never see your full card number)
• Privacy Policy: https://stripe.com/privacy
Self-Hosted VPS (Web Hosting):
• Hosts our Next.js application on our own Virtual Private Server
• Managed using Coolify for deployment and monitoring
• Provides full control over hosting infrastructure
Neon (Database Hosting):
• Hosts our PostgreSQL database in US East (us-east-1)
• Stores encrypted user data and order records
• Privacy Policy: https://neon.tech/privacy-policy
Cloudinary (Image & File Storage):
• Stores product images and some digital content
• Delivers content via secure CDN
• Privacy Policy: https://cloudinary.com/privacy
Supabase (File Storage):
• Stores purchased PDF study materials securely
• Generates time-limited secure download links
• Privacy Policy: https://supabase.com/privacy
Gmail SMTP (Email Delivery):
• Sends transactional emails (login links, order confirmations)
• Delivers our newsletter (if you subscribe)
• Uses Gmail with secure app passwords via nodemailer
B. Legal Obligations
We may disclose your information if required by:
• Court orders or legal processes
• Law enforcement requests
• Protection of our legal rights
• Prevention of fraud or illegal activity
C. Business Transfers
If Lab Novo is acquired or merges with another company, your data may transfer to the new entity under this same Privacy Policy.
---
4. DATA RETENTION
How Long We Keep Your Data:
Active Accounts:
• Account data retained while your account is active
• Order history kept indefinitely for tax and legal compliance
• Usage data retained for 2 years for analytics
Closed Accounts:
• Most data deleted within 30 days of account closure
• Order records retained for 7 years (UK tax law requirement)
• Support tickets retained for 3 years
Newsletter Subscribers:
• Retained until you unsubscribe
• Automatically removed upon unsubscribe request
You can request early deletion by emailing support@labnovo.org (subject to legal retention requirements).
---
5. DATA SECURITY
How We Protect Your Data:
Encryption:
• All data transmitted via HTTPS/SSL encryption
• Passwords hashed with bcrypt (never stored in plain text)
• Database connections encrypted
• Secure cookie storage (HTTP-only, secure flags)
Access Controls:
• Role-based access (admin vs. user permissions)
• Multi-factor authentication for admin accounts
• Regular access audits
Infrastructure Security:
• PostgreSQL database with row-level security
• Regular automated backups
• DDoS protection and firewall on VPS
• Security headers (CSP, HSTS, X-Frame-Options)
Development Practices:
• Regular security updates and patches
• Code reviews and security testing
• TypeScript for type-safe code
• Prisma ORM to prevent SQL injection
Limitations: While we implement industry-standard security, no system is 100% secure. You're responsible for keeping your password confidential.
---
6. YOUR PRIVACY RIGHTS (UK GDPR)
Under UK GDPR and Data Protection Act 2018, you have the following rights:
Right to Access:
• Request a copy of all personal data we hold about you
• We'll provide this in a readable format within 30 days
Right to Rectification:
• Correct inaccurate or incomplete information
• Update your email, name, or preferences anytime
Right to Erasure ("Right to be Forgotten"):
• Request deletion of your personal data
• Subject to legal retention requirements (e.g., tax records)
Right to Restrict Processing:
• Limit how we use your data in certain circumstances
• We'll store but not actively process restricted data
Right to Data Portability:
• Receive your data in machine-readable format (JSON/CSV)
• Transfer data to another service provider
Right to Object:
• Object to marketing communications (opt-out anytime)
• Object to automated decision-making (we don't use this)
Right to Withdraw Consent:
• Withdraw consent for optional data processing
• Won't affect lawful processing done before withdrawal
How to Exercise Your Rights:
Email support@labnovo.org with:
• Subject: "Data Rights Request"
• Your registered email address
• Specific request (access, delete, export, etc.)
• We'll respond within 30 days
Complaints:
If you're unhappy with how we handle your data, you can complain to:
UK Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
---
7. COOKIES & TRACKING
What Cookies We Use:
Essential Cookies (Required):
• Session Cookie: Keeps you logged in securely
• CSRF Token: Prevents cross-site request forgery attacks
• These cannot be disabled without losing functionality
We Do NOT Use:
✗ Third-party advertising cookies
✗ Social media tracking pixels
✗ Cross-site tracking
✗ Behavioral advertising cookies
Your Cookie Controls:
• Most browsers let you block cookies (this will prevent login)
• Clear cookies anytime via browser settings
• We respect "Do Not Track" browser signals
Analytics:
We use minimal, privacy-focused analytics to understand:
• Most popular study resources
• Platform performance and errors
• General geographic regions (country-level only)
We do NOT track individual browsing behavior for advertising.
---
8. THIRD-PARTY SERVICES
Payment Processing (Stripe):
Stripe handles all payment information according to PCI-DSS standards. We receive confirmation of payment success/failure but never see your full card details.
Google OAuth (Optional):
If you sign in with Google, we receive only your email and name. Review Google's Privacy Policy at https://policies.google.com/privacy
Email Links:
Our emails may contain tracking pixels to measure delivery rates and open rates for newsletters. Transactional emails (order confirmations) do not contain tracking.
External Links:
Our platform may link to exam board websites, payment processors, or other third parties. We're not responsible for their privacy practices.
---
9. CHILDREN'S PRIVACY
Lab Novo is designed for students aged 13+. Students under 18 should have parental/guardian consent.
Under 13: We do not knowingly collect data from children under 13. If we discover we've collected such data, we'll delete it immediately.
Parents/Guardians: If you believe your child has provided us information without consent, contact support@labnovo.org and we'll remove it promptly.
---
10. INTERNATIONAL DATA TRANSFERS
Primary Data Location: Our application is self-hosted, with database in United States
Our Infrastructure:
• Database: Neon PostgreSQL (us-east-1 region, United States)
• Application: Self-hosted VPS managed with Coolify
• Files: Cloudinary (multi-region CDN), Supabase (configurable region)
• Payments: Stripe (UK entity with global infrastructure)
Data Transfers: Some services (Stripe, Cloudinary) may process data globally for performance/redundancy. All providers comply with UK GDPR standards or have adequate safeguards (Standard Contractual Clauses).
EU/EEA Users: You have the same protections under EU GDPR, which UK GDPR mirrors.
---
11. UPDATES TO THIS POLICY
We may update this Privacy Policy to reflect:
• Changes in UK law or regulations
• New platform features
• Feedback from users
• Changes in data processing practices
How We Notify You:
• Update the "Last Updated" date at the top
• Email notification for significant changes
• Continued use after changes means you accept the updated policy
Review Regularly: We encourage checking this page periodically to stay informed.
---
12. CONTACT US
Privacy Questions or Requests?
LAB NOVO LIMITED
Company registered in England and Wales
Email: support@labnovo.org
Website: https://labnovo.org
Response Time: 24-48 hours
For Privacy Requests:
• Data access requests
• Account deletion
• Data export
• Complaints about data handling
• Questions about this policy
For General Support:
• Order issues
• Technical problems
• Product questions
• Billing inquiries
---
YOUR TRUST IS IMPORTANT TO US
We're committed to transparency about data practices. We collect only what's necessary to provide Lab Novo's services and protect your information with industry-standard security measures.
Thank you for trusting Lab Novo with your educational journey! 🎓
Last Updated: November 2, 2025
YOUR PRIVACY MATTERS TO US
At Lab Novo, we're committed to protecting your privacy while helping you achieve your academic goals. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at https://labnovo.org/.
LAB NOVO LIMITED ("Lab Novo", "we", "us", or "our") is a UK-registered company subject to UK GDPR and Data Protection Act 2018.
Questions? Email us at support@labnovo.org
---
QUICK SUMMARY
📧 What We Collect: Email, name, payment info (via Stripe), browsing data
🔒 How We Use It: Account management, order processing, platform improvement
🛡️ Security: SSL encryption, secure databases, Stripe payment handling
👤 Your Rights: Access, correct, delete, or export your data anytime
🌍 Data Location: Database in US (Neon PostgreSQL us-east-1), VPS hosting with Coolify
🍪 Cookies: Essential cookies only, no third-party tracking
📧 Marketing: Easy opt-out from our newsletters
---
TABLE OF CONTENTS
1. INFORMATION WE COLLECT
2. HOW WE USE YOUR INFORMATION
3. HOW WE SHARE YOUR INFORMATION
4. DATA RETENTION
5. DATA SECURITY
6. YOUR PRIVACY RIGHTS (UK GDPR)
7. COOKIES & TRACKING
8. THIRD-PARTY SERVICES
9. CHILDREN'S PRIVACY
10. INTERNATIONAL DATA TRANSFERS
11. UPDATES TO THIS POLICY
12. CONTACT US
---
1. INFORMATION WE COLLECT
A. Information You Provide Directly
Account Creation:
• Email address (required for login and order confirmations)
• Name (optional, for personalization)
• Password (encrypted and never stored in plain text)
Authentication Methods:
• Google Sign-In: If you choose Google authentication, we receive your Google email and name
• Email Magic Links: We send secure one-time login links to your email
Purchases:
• Payment information is processed by Stripe (we never store your full card details)
• Billing email for receipts
• Order history and purchase records
Newsletter Subscription:
• Email address (optional)
• Name (optional)
• Subscription preferences
Support Requests:
• Contact information
• Issue descriptions
• Any files you voluntarily submit
Reviews & Feedback:
• Review content
• Ratings
• Your display name (if provided)
B. Information Collected Automatically
Usage Data:
• Pages visited on Lab Novo
• Products viewed and purchased
• Time spent on platform
• Login frequency and times
Technical Data:
• IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Referring website
• Language preferences
Session Data:
• Stored via secure, HTTP-only cookies
• Used for authentication and maintaining your logged-in state
• Automatically cleared when you log out
---
2. HOW WE USE YOUR INFORMATION
Essential Platform Functions:
✓ Create and manage your account
✓ Process your orders and deliver digital products
✓ Send order confirmations and download links
✓ Authenticate your identity securely
✓ Provide customer support
✓ Prevent fraud and maintain platform security
Platform Improvement:
✓ Analyze usage patterns to improve user experience
✓ Fix bugs and technical issues
✓ Test new features
✓ Monitor platform performance
Communications (With Your Consent):
✓ Send newsletters with study tips and new resources
✓ Notify you of new products matching your exam board
✓ Share special offers and discounts
✓ Request feedback on purchased materials
You can opt out of marketing emails anytime by clicking "unsubscribe" or emailing us.
Legal Compliance:
✓ Comply with UK laws and regulations
✓ Respond to legal requests and prevent illegal activity
✓ Enforce our Terms of Service
✓ Protect our intellectual property rights
---
3. HOW WE SHARE YOUR INFORMATION
We Do NOT sell or rent your personal data to third parties.
We share data only with:
A. Essential Service Providers
Stripe (Payment Processing):
• Handles all payment transactions securely
• PCI-DSS Level 1 certified
• Processes card details (we never see your full card number)
• Privacy Policy: https://stripe.com/privacy
Self-Hosted VPS (Web Hosting):
• Hosts our Next.js application on our own Virtual Private Server
• Managed using Coolify for deployment and monitoring
• Provides full control over hosting infrastructure
Neon (Database Hosting):
• Hosts our PostgreSQL database in US East (us-east-1)
• Stores encrypted user data and order records
• Privacy Policy: https://neon.tech/privacy-policy
Cloudinary (Image & File Storage):
• Stores product images and some digital content
• Delivers content via secure CDN
• Privacy Policy: https://cloudinary.com/privacy
Supabase (File Storage):
• Stores purchased PDF study materials securely
• Generates time-limited secure download links
• Privacy Policy: https://supabase.com/privacy
Gmail SMTP (Email Delivery):
• Sends transactional emails (login links, order confirmations)
• Delivers our newsletter (if you subscribe)
• Uses Gmail with secure app passwords via nodemailer
B. Legal Obligations
We may disclose your information if required by:
• Court orders or legal processes
• Law enforcement requests
• Protection of our legal rights
• Prevention of fraud or illegal activity
C. Business Transfers
If Lab Novo is acquired or merges with another company, your data may transfer to the new entity under this same Privacy Policy.
---
4. DATA RETENTION
How Long We Keep Your Data:
Active Accounts:
• Account data retained while your account is active
• Order history kept indefinitely for tax and legal compliance
• Usage data retained for 2 years for analytics
Closed Accounts:
• Most data deleted within 30 days of account closure
• Order records retained for 7 years (UK tax law requirement)
• Support tickets retained for 3 years
Newsletter Subscribers:
• Retained until you unsubscribe
• Automatically removed upon unsubscribe request
You can request early deletion by emailing support@labnovo.org (subject to legal retention requirements).
---
5. DATA SECURITY
How We Protect Your Data:
Encryption:
• All data transmitted via HTTPS/SSL encryption
• Passwords hashed with bcrypt (never stored in plain text)
• Database connections encrypted
• Secure cookie storage (HTTP-only, secure flags)
Access Controls:
• Role-based access (admin vs. user permissions)
• Multi-factor authentication for admin accounts
• Regular access audits
Infrastructure Security:
• PostgreSQL database with row-level security
• Regular automated backups
• DDoS protection and firewall on VPS
• Security headers (CSP, HSTS, X-Frame-Options)
Development Practices:
• Regular security updates and patches
• Code reviews and security testing
• TypeScript for type-safe code
• Prisma ORM to prevent SQL injection
Limitations: While we implement industry-standard security, no system is 100% secure. You're responsible for keeping your password confidential.
---
6. YOUR PRIVACY RIGHTS (UK GDPR)
Under UK GDPR and Data Protection Act 2018, you have the following rights:
Right to Access:
• Request a copy of all personal data we hold about you
• We'll provide this in a readable format within 30 days
Right to Rectification:
• Correct inaccurate or incomplete information
• Update your email, name, or preferences anytime
Right to Erasure ("Right to be Forgotten"):
• Request deletion of your personal data
• Subject to legal retention requirements (e.g., tax records)
Right to Restrict Processing:
• Limit how we use your data in certain circumstances
• We'll store but not actively process restricted data
Right to Data Portability:
• Receive your data in machine-readable format (JSON/CSV)
• Transfer data to another service provider
Right to Object:
• Object to marketing communications (opt-out anytime)
• Object to automated decision-making (we don't use this)
Right to Withdraw Consent:
• Withdraw consent for optional data processing
• Won't affect lawful processing done before withdrawal
How to Exercise Your Rights:
Email support@labnovo.org with:
• Subject: "Data Rights Request"
• Your registered email address
• Specific request (access, delete, export, etc.)
• We'll respond within 30 days
Complaints:
If you're unhappy with how we handle your data, you can complain to:
UK Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
---
7. COOKIES & TRACKING
What Cookies We Use:
Essential Cookies (Required):
• Session Cookie: Keeps you logged in securely
• CSRF Token: Prevents cross-site request forgery attacks
• These cannot be disabled without losing functionality
We Do NOT Use:
✗ Third-party advertising cookies
✗ Social media tracking pixels
✗ Cross-site tracking
✗ Behavioral advertising cookies
Your Cookie Controls:
• Most browsers let you block cookies (this will prevent login)
• Clear cookies anytime via browser settings
• We respect "Do Not Track" browser signals
Analytics:
We use minimal, privacy-focused analytics to understand:
• Most popular study resources
• Platform performance and errors
• General geographic regions (country-level only)
We do NOT track individual browsing behavior for advertising.
---
8. THIRD-PARTY SERVICES
Payment Processing (Stripe):
Stripe handles all payment information according to PCI-DSS standards. We receive confirmation of payment success/failure but never see your full card details.
Google OAuth (Optional):
If you sign in with Google, we receive only your email and name. Review Google's Privacy Policy at https://policies.google.com/privacy
Email Links:
Our emails may contain tracking pixels to measure delivery rates and open rates for newsletters. Transactional emails (order confirmations) do not contain tracking.
External Links:
Our platform may link to exam board websites, payment processors, or other third parties. We're not responsible for their privacy practices.
---
9. CHILDREN'S PRIVACY
Lab Novo is designed for students aged 13+. Students under 18 should have parental/guardian consent.
Under 13: We do not knowingly collect data from children under 13. If we discover we've collected such data, we'll delete it immediately.
Parents/Guardians: If you believe your child has provided us information without consent, contact support@labnovo.org and we'll remove it promptly.
---
10. INTERNATIONAL DATA TRANSFERS
Primary Data Location: Our application is self-hosted, with database in United States
Our Infrastructure:
• Database: Neon PostgreSQL (us-east-1 region, United States)
• Application: Self-hosted VPS managed with Coolify
• Files: Cloudinary (multi-region CDN), Supabase (configurable region)
• Payments: Stripe (UK entity with global infrastructure)
Data Transfers: Some services (Stripe, Cloudinary) may process data globally for performance/redundancy. All providers comply with UK GDPR standards or have adequate safeguards (Standard Contractual Clauses).
EU/EEA Users: You have the same protections under EU GDPR, which UK GDPR mirrors.
---
11. UPDATES TO THIS POLICY
We may update this Privacy Policy to reflect:
• Changes in UK law or regulations
• New platform features
• Feedback from users
• Changes in data processing practices
How We Notify You:
• Update the "Last Updated" date at the top
• Email notification for significant changes
• Continued use after changes means you accept the updated policy
Review Regularly: We encourage checking this page periodically to stay informed.
---
12. CONTACT US
Privacy Questions or Requests?
LAB NOVO LIMITED
Company registered in England and Wales
Email: support@labnovo.org
Website: https://labnovo.org
Response Time: 24-48 hours
For Privacy Requests:
• Data access requests
• Account deletion
• Data export
• Complaints about data handling
• Questions about this policy
For General Support:
• Order issues
• Technical problems
• Product questions
• Billing inquiries
---
YOUR TRUST IS IMPORTANT TO US
We're committed to transparency about data practices. We collect only what's necessary to provide Lab Novo's services and protect your information with industry-standard security measures.
Thank you for trusting Lab Novo with your educational journey! 🎓