Trust & Security
How we keep your study data safe and secure.
🔐 How Your Data Is Protected
Encryption at Rest
Your most sensitive data — birth-chart inputs (date / time / place of birth), the Karmic Genome model derived from them, AI Companion conversation history, journal entries, and lived-event log — is encrypted at rest using Fernet symmetric encryption (AES-128 in CBC with HMAC-SHA-256). Even if our database were accessed by an unauthorised person, this material would not be readable without the encryption keys. Your practice progress, course interactions, and reflection notes are stored securely on encrypted servers.
Encryption in Transit
All communication between your device and SuperStudies is encrypted using HTTPS/TLS. This means your data cannot be intercepted or read while traveling over the internet. Your login credentials and study sessions are protected from the moment you connect.
Secure Deletion
When you delete data from SuperStudies, it's permanently removed from our systems — not just hidden. Parents can request complete deletion of their child's account and all associated data at any time. We don't keep secret copies or archive deleted personal information beyond our disaster recovery window.
👁️ Content Safety Guardrails
SuperStudies uses AI-powered guardrails to keep your study environment safe and appropriate:
Profanity Filtering
Inappropriate language is detected and flagged. We maintain a safe, respectful learning environment for all students.
Prompt Injection Detection
We detect attempts to manipulate the AI Spiritual Companion into behaving inappropriately. The Companion stays focused on practice.
Personal Information Detection
The system detects if you accidentally share email addresses, phone numbers, or other PII. We warn you before sending such data.
Practice Scope
The AI Spiritual Companion is scoped to your practice context. Questions far outside that scope are gently redirected back to reflection.
Redirect to Qualified Humans
Questions about medical, psychiatric, or significant legal / financial decisions are redirected to qualified professionals — even when the seeker frames them spiritually. The Companion is a practice tool, not a substitute for a doctor, therapist, or adviser.
🔑 Who Can Access What
Your Practice Data
Only you can see your own course progress, daily Aspire / Reject / Surrender entries, journal reflections, and astrological surfaces. Your conversations with the AI Spiritual Companion are private to you.
Sensitive Practice Data
Your birth-chart inputs, Karmic Genome model, lived-event log, and any uploaded journal or reflection material are private to your account, encrypted at rest, and never used to train or evaluate AI models. We do not share them with third-party astrology platforms, teachers, or any external party.
Parent / Guardian Access (adolescent practitioner accounts only)
Parents can only see practice progress and receive safeguarding alerts for an adolescent practitioner they have added under their account. They cannot access AI Companion conversation history (respecting the practitioner's privacy as they mature). Parents can request their adolescent practitioner's data or delete the account entirely.
🛡️ Account Security
🔑 Passwordless by Design
SuperStudies uses email magic links — there are no passwords on our platform, period. When you want to sign in, we send a unique, time-limited link to your email. Click it and you're in.
This is a genuine security advantage, not just a convenience feature:
- No passwords to steal — our database contains no password hashes. Even if someone accessed our database, there are no credentials to extract.
- No credential stuffing — attackers cannot use passwords leaked from other sites to access your account here, because there is no password to stuff.
- No phishing for passwords — we never ask for a password, so fake login pages have nothing to harvest.
- Each link is single-use and expires — intercepted or forwarded links cannot be reused.
What We Store for Authentication
The only personal identifier we need to authenticate you is your email address. No passwords, no security questions, no recovery codes. Authentication is handled by Firebase Authentication (Google's enterprise identity platform), which issues a signed, short-lived token that our servers verify on every request.
Brute-Force Protection
If someone repeatedly attempts to sign in with incorrect magic links, the account locks for 1 hour after 5 failed attempts. This prevents automated attacks even in the passwordless model.
Session Security
Your login session is secure and tied to your device. If you log out, your session ends immediately. We automatically log you out after a period of inactivity for extra safety.
📊 What We Don't Collect
We believe less data is safer data. SuperStudies does NOT collect:
- Behavioral tracking: We don't track your mouse movements, clicks, or browsing patterns.
- Location data: We don't know where you are.
- Device fingerprinting: We don't track your device ID or unique identifiers.
- Behavioural ads: We never sell your data to advertisers. Your practice patterns stay private.
- Surveillance metrics: No session length, scroll depth, or engagement signals beyond what's needed to render your practice surfaces.
- Excessive logs: We only keep logs necessary for security and support.
⚖️ Your Data Rights (GDPR)
Under UK GDPR you have legal rights over your data. You'll need to be signed in to use these.
📨 Request a Copy of Your Data Parent or student
Under UK GDPR Articles 15 and 20 you can request a complete copy of all the data we hold about you, in a machine-readable format if you'd like. Email admin@superstudies.co.uk from the email address on your account, and we'll respond within 30 days (usually much sooner).
🗑️ Delete Your Account Parent only
Parents can permanently delete their account at any time — this also deletes every linked adolescent practitioner account they've added, including all course progress, journal entries, AI Companion transcripts, and (where applicable) the Karmic Genome model and birth-chart data (UK GDPR Article 17 — erasure). Adolescent practitioners who want to leave should ask their parent, or contact us at admin@superstudies.co.uk. Request account deletion.
✅ Security Practices
- GDPR Compliance: We meet all UK GDPR requirements for children's data protection.
- ICO Guidance: We follow Information Commissioner's Office guidance on data protection.
- Regular Security Reviews: We continuously review our security practices and fix vulnerabilities.
- Automated Encryption: Sensitive fields are encrypted automatically without manual action.
Questions About Security?
If you have concerns about your data or our security practices, please contact us.
Contact Security TeamFor general support: support@superstudies.co.uk