STOCA Logo STOCA.

Privacy Policy (GDPR Notice)

Last Updated: 20/04/2026


Welcome to STOCA (Ste Tutoring & Online Courses Academy). We are committed to protecting your personal data and respecting your privacy. Because our platform is based in the Netherlands, we operate in strict accordance with the General Data Protection Regulation (GDPR).

This policy explains what data we collect, why we need it, and your rights regarding your information.


1. The Data We Collect

To provide you with an interactive learning experience, we collect the absolute minimum amount of personal data required:

  • Account Information: Your email address, chosen username, a securely hashed password, your study program, and student number.
  • Platform Activity: Your quiz scores, completed chapters, reviewed mistakes, and your RSVPs to upcoming sessions.
  • Leaderboard Data: Your total points and calculated level/rank to display on the STOCA Leaderboard.
  • Payment Data: When you purchase premium content, we use **Stripe** to process payments. We do not store your credit card or full billing details on our servers. Stripe provides us with a transaction ID and the status of your payment to unlock your content.

2. Why We Collect It (Purpose & Legal Basis)

Under the GDPR, we must have a valid legal reason to process your data. We process your data based on the Performance of a Contract (by registering, you agree to our Terms & Conditions), your Consent, and our Legitimate Interest to provide a functional educational platform. Specifically, we use it to:

  • Securely manage your account and allow you to log in.
  • Track your academic progress, calculate grades, and show you your past mistakes.
  • Operate the global leaderboard.
  • Process your purchases for premium course parts via Stripe.
  • Manage attendance for interactive STOCA sessions.

3. Third-Party Processors

We do not sell your data. However, we use trusted third-party services to operate the platform:

  • Stripe: Our payment processor. Your payment information is subject to the Stripe Privacy Policy.
  • DiceBear: We use the DiceBear API to generate unique avatars based on your username. No personal identifiers are sent to DiceBear.
  • Email Delivery Service: We use a secure SMTP provider to send you essential account emails (like email verification and password resets). Your email address is only shared for the purpose of delivering these functional emails.

4. How We Store and Protect Your Data

Your data is stored securely in an SQLite database hosted on our servers in the EU. We implement standard security measures, including hashing all passwords. Even we cannot see your actual password.


5. Data Retention

We keep your data for as long as your account is active. If you choose to delete your account via the Account Settings, all your personal data (scores, emails, bookmarks) will be permanently erased. Accounts that remain completely inactive for more than **2 years** may be automatically deleted.


6. Your GDPR Rights

Under European law, you hold ultimate control over your data. You have the right to:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct any inaccurate data (e.g., changing your email or username).
  • Right to Erasure ("Right to be Forgotten"): Use the "Delete Account" button in your settings to permanently remove your data.
  • Right to Data Portability: Request your score and progress data in a machine-readable format.

8. Cookies and Tracking

We use a single, strictly necessary session cookie to keep you securely logged into your account. We do not use third-party tracking or advertising cookies.


9. Contact Us

If you wish to exercise any of your rights or ask questions about this policy, please contact the STOCA admin team at: [email protected].