Privacy Policy
Last updated: 1 March 2026
1. Who We Are
ThesisPath Academic Support ("ThesisPath", "we", "us", or "our") operates the website at https://mythesispath.com. We provide personalised academic support services for postgraduate students undertaking Masters and PhD research.
We are the data controller for the personal information we collect through this website and our services. If you have any questions about this policy or how we handle your data, please contact us at [email protected].
2. What Personal Data We Collect
We collect and process the following categories of personal data:
| Data Category | Examples | How Collected |
|---|---|---|
| Identity data | Full name, username | Account registration, OAuth login |
| Contact data | Email address | Account registration, contact form |
| Academic data | Degree level, field of study, university, thesis drafts | Client portal, document uploads |
| Communication data | Messages, session notes, feedback | Portal messaging, live chat |
| Payment data | Subscription plan, transaction ID (no card details stored) | Stripe payment processor |
| Technical data | IP address, browser type, pages visited, session duration | Cookies, Google Analytics (with consent) |
| Enquiry data | Name, email, message content, degree level | Contact / consultation request form |
3. Legal Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we rely on the following lawful bases for processing your personal data:
- Contract performance — to provide the academic support services you have engaged us for, including scheduling sessions, delivering feedback, and managing your project progress.
- Legitimate interests — to operate and improve our website, prevent fraud, and communicate service updates, where these interests are not overridden by your rights.
- Consent — for non-essential cookies (including Google Analytics) and marketing communications. You may withdraw consent at any time.
- Legal obligation — where we are required to retain records for tax, accounting, or regulatory compliance purposes.
4. How We Use Your Data
We use your personal data for the following purposes:
- Creating and managing your client account and portal access.
- Scheduling, conducting, and following up on weekly one-on-one video sessions.
- Delivering written feedback on thesis drafts and research documents.
- Tracking your research progress and updating milestones.
- Processing subscription payments and issuing receipts via Stripe.
- Responding to enquiries submitted through the contact form.
- Sending service-related notifications (session reminders, feedback ready alerts).
- Improving our website and services through aggregated, anonymised analytics data.
We will never sell, rent, or trade your personal data to third parties for marketing purposes.
5. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. When you first visit, our cookie consent banner gives you full control over which categories of cookies are set.
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Session authentication, security, cookie preferences | No — necessary for the site to function |
| Analytics | Google Analytics 4 — visitor counts, page views, behaviour | Yes — only set after consent |
You can change your cookie preferences at any time by clicking "Manage Preferences" in the cookie banner, which reappears when you clear your browser's local storage.
6. Who We Share Your Data With
We share your personal data only with trusted third-party service providers who process it on our behalf under data processing agreements. These include:
- Stripe — payment processing. Stripe is PCI-DSS compliant. We do not store your card details. See Stripe's Privacy Policy.
- Google Analytics — website analytics (only with your consent). See Google's Privacy Policy.
- Google Meet / Calendly — video session scheduling and delivery. These services have their own privacy policies which apply when you use them.
- Cloud storage provider — secure storage of uploaded thesis documents and feedback files.
We do not transfer your personal data outside the UK or European Economic Area (EEA) unless appropriate safeguards are in place (such as Standard Contractual Clauses).
7. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Active client accounts — for the duration of your engagement with us plus 2 years.
- Payment records — 7 years, as required by HMRC for tax purposes.
- Contact enquiries — 12 months from the date of enquiry.
- Analytics data — aggregated and anonymised; individual session data retained for 14 months by Google Analytics.
- Deleted accounts — personal data is removed within 30 days of an account deletion request.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you (Subject Access Request). |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. |
| Restriction | Ask us to pause processing your data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent | Withdraw consent for analytics cookies or marketing at any time without affecting prior processing. |
To exercise any of these rights, please email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data lawfully.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include encrypted data transmission (HTTPS/TLS), secure authentication via OAuth, access controls limiting data to authorised personnel, and encrypted cloud storage for uploaded documents.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.
10. Children's Privacy
Our services are intended for postgraduate students and are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us immediately at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered clients by email. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Data Protection contact: