RateMyModule.ie

Privacy Policy

Last updated: 19 February 2026

1. Introduction

Ratemymodule.ie is committed to protecting your privacy and handling your personal data in a fair, transparent and secure manner.

This Privacy Policy explains how personal data is collected and used when you access or use Ratemymodule.ie (the "Platform"), an Irish-based student platform that allows verified UCD students to anonymously rate and review university modules.

This policy is intended to comply with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the Irish Data Protection Act 2018.

2. Who We Are (Data Controller)

The data controller for personal data processed through the Platform is:

Ratemymodule.ie, operated in Ireland
Platform operator: Raffael Richter

The Platform is an independent student project and is not affiliated with, endorsed by, or operated by University College Dublin (UCD).

3. What Data We Collect

Account Data

When you create and use an account, we process:

  • your @ucdconnect.ie email address;
  • authentication and account identifiers (for example user ID);
  • email verification status and session/authentication records;
  • password credentials managed through Supabase authentication (hashed using bcrypt and not stored in plain text by us).

Review Content

When you submit a review, we process:

  • module code;
  • overall star rating;
  • structured ratings for Workload, Difficulty, Teaching Quality, Assessment Fairness and Interest;
  • optional written feedback;
  • optional lecturer name/tag;
  • optional semester or term taken;
  • review timestamps (such as created and updated dates).

Usage Data

To run and improve the Platform, we may process:

  • module interaction data (including searches and page/module views);
  • upvote activity (for example marking reviews as helpful);
  • moderation/report activity (for example reports submitted on reviews);
  • service diagnostics and feature usage patterns.

Technical Data

We may also process technical and log data such as:

  • IP address and request metadata;
  • browser and device information;
  • date/time logs and referring URLs;
  • cookie or similar identifier data needed for service operation and analytics.

4. How We Use Your Data

We use personal data to:

  • create, verify and manage user accounts;
  • restrict participation features to verified @ucdconnect.ie users;
  • provide core platform functionality, including posting reviews, viewing ratings, upvoting, reporting, and editing/deleting your own content;
  • monitor service reliability, performance and security;
  • prevent, detect and investigate misuse, spam, fraud or abuse;
  • moderate content and process reports;
  • respond to support requests, including deletion requests;
  • comply with legal obligations and protect legal rights.

We use privacy-conscious analytics for service improvement. We do not use your data for advertising, and we do not sell personal data.

We do not carry out solely automated decision-making (including profiling) that produces legal effects or similarly significant effects for users within the meaning of Article 22 GDPR.

5. Lawful Bases for Processing

Under Article 6 GDPR, we rely on the following lawful bases:

  • Contract (Article 6(1)(b)): where processing is necessary to provide the Platform and account features you request.
  • Legitimate Interests (Article 6(1)(f)): for security, moderation, abuse prevention, service analytics, and platform improvement. We apply safeguards including data minimisation, limited access controls, and pseudonymous display of reviews.
  • Legal Obligation (Article 6(1)(c)): where processing is required by applicable law.
  • Consent (Article 6(1)(a)): where required, including for non-essential cookies/analytics technologies. You may withdraw consent at any time.

6. Anonymity & Public Content Clarification

Reviews are displayed anonymously to other users. Your public review does not include your email address or direct account identity.

However, review records are internally linked to your account identifier for moderation, abuse prevention, and handling legal/data protection requests.

If you include personal details in optional text fields, those details may become visible to other users. Please avoid including personal data about yourself or others in review text unless strictly necessary.

7. Cookies & Analytics

We use cookies and similar technologies for essential platform functions (for example login and session security) and privacy-compliant analytics.

We do not use advertising cookies, behavioural advertising trackers, or third-party ad-tech profiling systems.

Where required by law, non-essential cookies/analytics are only set with consent. You can also manage cookies through your browser settings.

8. Data Sharing & Third Parties

We share personal data only where necessary and on a lawful basis, including with:

  • Supabase (authentication and managed database infrastructure);
  • infrastructure providers used by Supabase, including AWS eu-west-1 (Ireland);
  • analytics or technical service providers acting on our instructions;
  • professional advisers where necessary; and
  • public authorities where legally required.

We do not sell personal data and we do not share personal data for advertising purposes.

9. Data Retention

We keep personal data only for as long as necessary for the purposes in this policy.

  • Account data is retained while your account is active.
  • Review, upvote and moderation records are retained for as long as needed to operate, secure and moderate the Platform.
  • Technical logs and analytics data are retained for limited periods proportionate to security and service improvement needs.

You can request deletion of your account and associated reviews by contacting us. We will action valid requests without undue delay, unless retention is required by law or for the establishment, exercise or defence of legal claims.

10. Data Security

We implement appropriate technical and organisational security measures designed to protect personal data, including:

  • encrypted transmission using HTTPS/TLS;
  • managed secure infrastructure and role-based access controls;
  • password hashing via Supabase authentication using bcrypt;
  • measures to detect and respond to unauthorised access and misuse.

Data is stored in a secure Supabase-managed environment hosted in AWS eu-west-1 (Ireland). No method of transmission or storage is completely risk-free, but we take reasonable steps to protect your data.

11. Your GDPR Rights

Subject to applicable law, you have the right to:

  • request access to your personal data;
  • request rectification of inaccurate personal data;
  • request erasure of personal data;
  • request restriction of processing;
  • request data portability;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact us at support@ratemymodule.ie. We may need to verify your identity and will respond in line with GDPR timelines.

You may also lodge a complaint with the Irish Data Protection Commission (DPC): https://www.dataprotection.ie

12. International Transfers (if applicable)

The Platform is operated in Ireland and data is primarily stored within the EEA, including AWS eu-west-1.

If personal data is transferred outside the EEA/UK in limited circumstances, we will ensure appropriate safeguards are in place, such as an adequacy decision or Standard Contractual Clauses (SCCs), together with supplementary measures where required.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational or technical changes.

When updates are made, the "Last updated" date above will be revised. Where changes are material, we will provide a clear notice through the Platform.

14. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact:

Ratemymodule.ie, operated in Ireland
Email: support@ratemymodule.ie

To request deletion of your account and associated reviews, contact us at the same email address.