Privacy policy
Last updated: 6 June 2026
1. Introduction
This privacy policy describes how Test Pathway collects, uses, and protects personal information when you use this website and the Life in the UK practice tests offered through it (together, the “Service”). We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and related UK privacy and electronic communications rules where they apply.
For personal data we are responsible for, we act as the data controller. This notice is intended to meet our obligation to provide clear information about our processing, including what data we hold, why we hold it, how long we keep it, who we share it with, and what rights you have.
If you do not agree with this policy, please do not use the parts of the Service that involve the processing described here. You can use the practice tests without signing in; that path is described in section 3.
2. Who we are
The data controller is Test Pathway.
For all privacy enquiries and requests to exercise your data protection rights, contact us by email at contact@testpathway.com. We do not currently designate a separate data protection officer; general privacy correspondence should be sent to the contact above.
3. Personal data we collect
3.1 Practice tests without an account
If you do not sign in, we do not collect your answers or your per-question results on our servers. The Service may store a summary of each completed test (for example number correct, total questions, pass/fail against the practice threshold, and completion time) in local storage on your device so the site can display your last score. That information remains under your control and is not transmitted to us.
3.2 Optional Google sign-in
If you choose “Continue with Google”, Google (the entity named on Google's consent screen for your region) processes authentication under Google's own terms and privacy notices. We then receive and store identifiers and profile elements Google provides to the Service, typically including your name, email address, profile image URL, an internal user key, authentication session records, and OAuth tokens needed to maintain a secure login. That data is stored in our database (including backups) and linked to your user record.
3.3 Technical data collected automatically
When you use the Service, our hosting infrastructure and application platform may process technical information such as IP address, HTTP request path, approximate timestamps, user agent string, referrer, and similar metadata required to deliver pages, enforce rate limits, investigate abuse, and maintain security. This is standard server logging rather than behavioural advertising.
3.4 Audience measurement (Google Analytics)
If you accept analytics cookies in our banner, we load Google Analytics 4 (Google Ireland Limited / Google LLC) to understand aggregate use of the Service — for example pages viewed, approximate region, browser type, and referral source. Google may set first-party analytics cookies and process pseudonymous identifiers. We configure IP anonymisation where GA4 supports it. If you reject analytics or dismiss the choice by selecting reject, we do not load Google Analytics and do not set analytics cookies for that purpose.
4. Purposes and lawful bases
We only use personal data where UK law allows it. The main bases we rely on are:
- Performance of a contract or steps you ask us to take before a contract — where you sign in, to register and maintain your account and deliver related features.
- Consent — where you choose Google sign-in, where you accept analytics cookies in our banner, or where we introduce other optional non-essential cookies or marketing and ask for your agreement.
- Legitimate interests — operating, securing, and improving the Service; detecting fraud and misuse; and exercising or defending legal claims, where those interests are not outweighed by your rights.
- Legal obligation — where we must retain or disclose information to comply with applicable law, regulation, or competent authority requests.
We do not use your personal data for solely automated decisions that produce legal or similarly significant effects on you.
6. International transfers
Data you provide may be processed in the United Kingdom and in other countries (for example when Google or your hosting region is outside the UK). Where UK data protection law requires safeguards for transfers, we implement appropriate measures such as the UK international data transfer agreement or addendum, standard contractual clauses approved for use in the UK, or another mechanism recognised at the time of the transfer.
7. Retention
- Device storage — until you clear site data or remove the browser profile that holds it.
- Account and authentication data — for the lifetime of your account and a limited period after closure to resolve disputes, comply with law, or protect our systems (typically not longer than necessary for those purposes).
- Server logs — according to the retention settings of your hosting provider; consider documenting the maximum period in your internal policy and mirroring it here once final.
- Google Analytics — according to the retention controls configured in our GA4 property (typically a rolling period such as 14 months unless we change those settings and update this notice).
8. Security
We apply reasonable technical and organisational measures appropriate to the risk, including access controls on production systems, encryption in transit (HTTPS), and secure handling of credentials and secrets. No method of transmission or storage is completely secure; you use the Service at your own risk to the extent permitted by law.
9. Your rights
Under UK data protection law you may have the right to: request access to your personal data; ask us to correct inaccurate data; request erasure; request restriction of processing; object to processing based on legitimate interests; request portability of data you supplied where processing is automated and based on contract or consent; and withdraw consent where processing is based on consent (without affecting the lawfulness of earlier processing).
If you have signed in with Google, you can delete your account (and associated login data we hold) yourself while signed in, using the delete option on your Account page.
To exercise these rights, contact us using the details in section 2 and section 14. We will respond within one month in ordinary cases (that period may be extended for complex requests as the law allows). We may need to verify your identity before disclosing or deleting information.
Further guidance is available from the Information Commissioner's Office (“ICO”) website.
10. Regulator and complaints
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. We would appreciate the chance to address your concerns first, but you may contact the ICO directly if you prefer.
ICO details: ico.org.uk/make-a-complaint; telephone 0303 123 1113; post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
12. Children
The Service is intended for adults preparing for the Life in the UK test. We do not knowingly collect personal data from anyone under 16 through this site. If you believe a child has provided personal data to us via Google sign-in, please contact us and we will take steps to delete it promptly where the law allows.
13. Changes to this policy
We may update this privacy policy to reflect changes in law, our practices, or the features of the Service. When we do, we will revise the “Last updated” date at the top of this page. For materially adverse changes affecting data we hold about signed-in users, we will provide an additional notice where appropriate (for example by email if we hold your address).
14. Contact us
Questions about this policy or our use of personal data should be directed to Test Pathway at contact@testpathway.com.