Privacy Policy

Last updated: March 2026

This Privacy Policy explains how TheoryTest.online ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

TheoryTest.online is the data controller for the personal data collected through this website. If you have any questions about this policy or how we handle your data, please contact us at hello@theorytest.online.

2. What Data We Collect

We collect the following personal information when you use our services:

  • Identity data: First name, last name, date of birth
  • Contact data: Email address
  • Driving licence data: Provisional driving licence number (16-character DVLA format)
  • Booking preferences: Preferred test centre, preferred date range, preferred test time, accessibility requirements
  • Account data: Email address and encrypted password
  • Usage data: Practice test results, scores, question responses, and progress through the study platform
  • Technical data: IP address, browser type, and pages visited (standard web server logs only — we do not use tracking cookies)

We do not collect or store your payment card details. All payment processing is handled securely by Stripe (see Third Parties below).

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery: To create and manage your account, process your order, and book your DVSA theory test on your behalf
  • Communications: To send you your login credentials, booking confirmation, and test date details by email
  • Pass guarantee: To track your practice test results and determine eligibility for the pass guarantee refund
  • Customer support: To respond to your enquiries and resolve any issues
  • Legal obligations: To comply with applicable laws and regulations

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Contract performance: Processing is necessary to provide the booking service and study platform you have purchased
  • Legitimate interests: To maintain and improve our services and prevent fraud
  • Legal obligation: To comply with applicable UK law

5. Third-Party Service Providers

We share your data with the following trusted third-party processors, strictly to deliver our service:

  • Stripe, Inc. — Payment processing. Stripe handles all card transactions and is PCI DSS Level 1 certified. We never see or store your card details. Stripe Privacy Policy →
  • Supabase, Inc. — Secure cloud database and authentication. Your account data, order details, and test results are stored on Supabase's infrastructure. Data is encrypted at rest and in transit.
  • Resend, Inc. — Transactional email delivery. Used solely to send you your login details, booking confirmations, and service emails.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

6. Data Retention

We retain your personal data for as long as necessary to provide the service and fulfil our legal obligations:

  • Account data is retained while your account is active and for 2 years thereafter
  • Order and booking records are retained for 6 years for financial and legal compliance
  • Practice test results are retained for the duration of your account

You may request deletion of your account at any time (see Your Rights below).

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data transmitted to and from our website
  • Encrypted password storage (never stored in plain text)
  • Row-level security on our database so users can only access their own data
  • Restricted admin access to customer records

8. Cookies

We use only essential session cookies necessary for the site to function (for example, to keep you logged in). We do not use advertising, tracking, or analytics cookies. You can control cookies in your browser settings; however, disabling session cookies may prevent you from logging in.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Ask us to correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention obligations)
  • Right to data portability: Receive your data in a structured, commonly used format
  • Right to restriction: Ask us to restrict processing of your data in certain circumstances
  • Right to object: Object to processing based on legitimate interests

To exercise any of these rights, email us at hello@theorytest.online. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. International Transfers

Some of our third-party service providers (Stripe, Supabase, Resend) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in accordance with UK GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: