Studia Join the beta
Back to Studia

Version 1.0.1 · Effective 19 May 2026

At a glance

Studia is a no-account revision planner. Your study data stays on your device and (optionally) your iCloud. We don't run ads, don't track you, don't sell your data. Our server keeps short-lived operational logs (IP address, request path) for security and debugging only.

Studia — Privacy Policy

Last updated: 19 May 2026

This policy explains what Studia does — and doesn't do — with your information. We've written it in plain English because many of our users are teenagers. If anything here is unclear, email us at help@getstudia.app and we'll explain.

1. Who we are

Studia is an iOS and iPadOS app that helps students plan and track GCSE and A-level revision. The app is made and run by:

Under UK data protection law, Syed Khairi is the data controller for any personal data this app handles.

2. The short version

  • You don't need an account. There's no sign-up, no email, no password.
  • Your study plans, sessions, notes, and photos stay on your device and (if you have iCloud on) in your iCloud account. We can't see any of it.
  • We don't run ads.
  • We don't track you across other apps or websites.
  • We don't sell your data. We don't share it with marketers.
  • Our server keeps short-lived technical logs (your IP address and what curriculum file you requested) for security and debugging. That's it.
  • The app asks for Camera, Photos, Calendar, Notifications and Screen Time only when you choose to use a feature that needs them. You can say no.

3. Who Studia is for

Studia is designed for students aged 13 and over. The App Store rates it 4+.

If you are under 13, please don't use the app. Ask a parent or carer to email us if a younger child has started using it and we'll explain how to delete the data from their device and iCloud.

Because many of our users are under 18, we follow the UK Information Commissioner's Office (ICO) Age Appropriate Design Code (also called the Children's Code). That means:

  • High-privacy defaults — there is no public profile, no sharing feature, no social network.
  • No profiling for advertising or marketing.
  • Minimum data — we only handle what's needed for the planner to work.
  • No dark patterns — streaks, reminders and notifications can all be turned off in your device settings without breaking the app.
  • Clear language at every step, including this policy.

4. What information Studia uses, and why

Here is everything the app handles, where it lives, and the legal reason we can use it.

a) Your study data

This is the bulk of what the app does — your plans, schedules, ratings, reflections, focus sessions, streaks and scores.

  • What: study plans (subject, exam board, exam date, availability, target grade), study sessions (when, what topic, duration), self-ratings (Red/Amber/Green), session feedback (difficulty, recall, focus, mood), pause reasons, streaks, study scores, calendar-export flags.
  • Why: to run the planner — generate your schedule, track progress, decide when to revisit weak topics.
  • Where: on your device, in the app's SwiftData database. If you have iCloud signed in, it syncs to your private CloudKit database on Apple's servers, attached to your Apple ID.
  • Who can see it: only you, on your own devices signed in to your Apple ID. Apple stores it in encrypted form on your behalf. We can't read it.
  • Legal basis: contractual necessity — UK GDPR Article 6(1)(b). We need this data to provide the service you asked for.
  • How long we keep it: until you delete it. You can delete a plan or session inside the app at any time. You can wipe the whole iCloud copy in Settings → Apple ID → iCloud → Studia → Delete Data.

b) Progress photos and captions (optional)

If you choose to add a photo to a session — a picture of your notes, a whiteboard, or whatever — that photo and any caption you type sit alongside your study data. They live in the same place: your device plus your iCloud, never our server.

  • Legal basis: consent (you opt in by tapping Add Photo) and contractual necessity for the feature.
  • How long: until you delete the photo or the plan.

c) Focus-session timer state

When you're in a focus session the app remembers where you are in the timer, your pause count and so on. This is on your device only.

d) Notifications and Live Activities

Local notifications fire when a focus block ends or a break starts. Live Activities show your timer on the lock screen and Dynamic Island. All of this happens on your device — nothing is sent to a server.

e) Calendar export (optional, write-only)

If you choose to export your sessions to Apple Calendar we write events into your calendar. We don't read your existing events and we don't keep our own copy.

  • Legal basis: consent at the moment you tap Export.

f) Screen Time / Family Controls (optional)

Studia's "Study Lock" feature can shield distracting apps during a focus session. It uses Apple's Family Controls framework. We only receive opaque tokens that mean "block these apps" — we never see the names of the apps you pick, your Apple ID, or which apps you actually use.

  • Legal basis: consent at the point you turn the feature on.

g) Curriculum content (downloaded to your device)

The app fetches curriculum data — subject lists, papers, topics, learning objectives — from our backend at studia.mrkhairi.com. This isn't personal data. It's the same content every user gets. We download it to your device so the planner can work offline.

h) Crash logs sent to Apple (only if you opted in)

If you have switched on "Share with App Developers" in your iPhone's Privacy & Analytics settings, Apple sends crash logs to us. Apple controls what's in those logs; we just receive them to fix bugs. You can turn this off any time in iOS Settings.

i) Operational logs from our backend

Every time the app fetches curriculum, our server records a short technical log. This is only for security and debugging — not for analytics, profiling or advertising.

What's logged:

  • Cloudflare edge logs — your IP address, timestamp, the URL you requested, the response code, and your device's user agent. Cloudflare is our CDN / reverse proxy.
  • Directus activity log — the same kind of metadata, written into our PostgreSQL database by the Directus CMS.

We do not link these logs to any individual, combine them with your study data (we can't — we don't have it), share them with third parties, or use them for advertising or analytics.

  • Legal basis: legitimate interest — UK GDPR Article 6(1)(f) — running the service safely.
  • How long: Directus activity logs are purged after 90 days. Cloudflare edge logs follow Cloudflare's own retention.
  • Note: under UK GDPR an IP address counts as personal data even though we don't know who you are.

j) What we do not collect

To be explicit, Studia does not collect or store:

  • Your name, email address, phone number or postal address.
  • Your precise location.
  • Contacts, microphone, health data, or browsing history.
  • Behavioural / usage analytics (we don't know which buttons you tap).
  • Advertising identifiers (IDFA) or any cross-app tracking.
  • Device identifiers beyond what iOS gives Apple for CloudKit sync.

5. iCloud and CloudKit

If you're signed in to iCloud on your device, Studia syncs your study data to your own private CloudKit database. This is part of Apple's iCloud service:

  • The data is encrypted between your device and your iCloud account.
  • Only your Apple ID can read it.
  • We have no access to it. There is no admin panel where we can look at your study plans.
  • Apple is the processor for this data. Where it physically lives (US, EU, etc.) depends on your iCloud region — Apple decides. See Apple's Privacy Policy for details.

If you turn iCloud off, your data only lives on the device.

6. The Studia backend (studia.mrkhairi.com)

Our backend is a self-hosted Directus + PostgreSQL instance, sitting behind Cloudflare.

  • It stores only curriculum content — subjects, exam papers, topics, learning objectives, learning resources.
  • It does not store any study plans, sessions, ratings, photos, names, emails or account identifiers.
  • The app reads from it. It never writes to it.

Cloudflare sees the IP address of each request because it sits in front of our server. That's how CDNs work. Cloudflare's privacy terms apply to that processing.

7. Device permissions

The app asks for these only when you use the feature that needs them. You can change your mind in iOS Settings → Studia.

  • Camera — to take a photo for your progress gallery.
  • Photo Library — to pick an existing photo for your progress gallery.
  • Calendar (write only) — to export sessions to Apple Calendar.
  • Notifications — to warn you when a focus block or break is ending.
  • Family Controls / Screen Time — for the optional Study Lock feature.
  • Live Activities — to show your focus timer on the lock screen and Dynamic Island.

None of these are required. The planner works without them.

8. Our Children's Code commitments

Because Studia is used by under-18s, we commit to:

  • No profiling for marketing or advertising.
  • High-privacy defaults — there's nothing public to switch off because nothing is public.
  • Minimum data — we don't ask for anything beyond what the planner needs.
  • Clear, age-appropriate language in this policy and in the app.
  • No dark patterns — every notification, streak and reminder can be turned off without breaking the app.
  • Parents and carers can contact us at help@getstudia.app about a child's use of the app. Because there's no account, we may need to walk you through deleting data from the device and iCloud rather than doing it server-side.

9. Your rights

Under UK GDPR and (if you live in the EU/EEA) EU GDPR you have the right to:

  • Access — ask for a copy of any personal data we hold about you.
  • Rectification — ask us to correct anything wrong.
  • Erasure — ask us to delete data.
  • Restriction — ask us to stop using it.
  • Portability — ask us for a copy in a portable format.
  • Object — object to processing based on legitimate interest (our server logs).
  • Withdraw consent — turn off any optional feature in iOS Settings.

Because we don't hold study data on our servers, most of these rights are exercised directly on your device:

  • Delete a plan, session or photo in the app.
  • Wipe your iCloud copy in Settings → Apple ID → iCloud → Studia → Delete Data.
  • Uninstall the app to remove everything from the device.

For server logs (the Cloudflare / Directus logs in section 4(i)) email us at help@getstudia.app. Note that without your IP address and an approximate timestamp we can't usually find a specific log row.

You can complain to the UK Information Commissioner's Office at ico.org.uk. If you live in the EU/EEA you can complain to your local data protection authority.

10. International users

Studia is available on the App Store worldwide.

  • UK/EU/EEA: this policy is written for UK GDPR; the EU GDPR has near-identical rights and we honour them the same way. We don't currently have an Article 27 EU representative — we don't process EU residents' data on a large scale and almost everything stays on the user's device. We'll review this if usage grows.
  • California / United States: we don't "sell" or "share" personal information as those terms are used in the CCPA / CPRA. There is no targeted advertising in the app.
  • Everywhere else: the same principles apply — minimal data, no tracking, on-device processing where possible.

Where your study data physically lives is set by Apple's iCloud region for your Apple ID.

11. Security

  • All network traffic uses HTTPS (TLS 1.2 or higher), terminated at Cloudflare.
  • On the device, the app relies on iOS's built-in data protection.
  • CloudKit data is encrypted by Apple between your device and iCloud.
  • Our backend stores only curriculum content and short-lived operational logs. There is no user database to breach.

No system is perfect. If we ever discover a breach that affects personal data we will follow the ICO's 72-hour notification rules.

12. How long we keep things

What Where How long
Study plans, sessions, photos, ratings Your device + your iCloud Until you delete them
Curriculum cache Your device Replaced on the next refresh
Directus activity log Our PostgreSQL database 90 days, then purged
Cloudflare edge logs Cloudflare Per Cloudflare's own retention
Crash logs (if you opted in) Apple → us As long as the bug is open

13. Changes to this policy

If we change something important we'll update the Last updated date at the top and flag the change in the app. If a change affects your rights we'll explain what changed and why.

14. Contact

For any privacy question, parent/carer query, or data-rights request:

help@getstudia.app

Questions? Email help@getstudia.app .

No account. No email. No tracking.

Your plans, sessions and photos stay on your device and your private iCloud. No ads, no data selling — built to the UK Children's Code.

Revise the way your brain is actually wired.

Studia is in TestFlight beta for iPhone and iPad. Get an evidence-based plan for your AQA science exams today.

Join the TestFlight beta