Privacy Policy

Account data (parents/guardians): email address, name, subscription status, and billing information. Payments are processed securely by Stripe — we do not store card details on our servers.

Child profile data: first name or nickname, school year group, and practice history (topics, scores, XP, badges, streaks). We do not collect a child's date of birth, school name, or any sensitive personal data.

Security PIN data: if you choose to set a 4-digit PIN for a child profile or for the parent view, we store only a cryptographic hash (bcrypt) of that PIN — never the PIN itself. The hash cannot be reversed to recover the original PIN.

Usage data: pages visited, features used, session durations, device type, and browser. This is collected in anonymised or pseudonymised form for service improvement only.

Technical data (all visitors including guests): year group selected and session count. This is collected each time a practice session is started or a login occurs. No IP addresses or location data are stored.

Waitlist and notify-me emails: if you submit your email address via a "Notify me" or early access form (for example, to be informed when a new area guide or the 11+ platform launches), we store that email address solely to send you the requested notification. No account is created and no other personal data is collected at that point.

Cookies: see our Cookie Policy for details.

• Create and manage user accounts.
• Provide learning activities, quizzes, and progress tracking.
• Personalise practice content using AI (Plus and Family plans).
• Send transactional emails (account confirmation, password reset, subscription receipts).
• Send a one-time notification email when a product or area you requested to be notified about becomes available. This is based on our legitimate interests in fulfilling the notification you explicitly requested. You can request removal from the waitlist at any time by emailing [email protected].
• Generate parent progress reports and alerts.
• Improve the platform and user experience.
• Comply with legal obligations.

• Contractual necessity — to provide the service you have signed up for.
• Legitimate interests — to improve the service, prevent fraud, ensure security, and to send launch notifications you have explicitly requested. You have the right to object to legitimate-interests processing at any time by emailing [email protected].
• Legal obligation — to comply with applicable laws.
• Consent — for non-essential cookies (you can withdraw consent at any time via our Cookie Policy).

• Essential cookies — required for secure authentication and session management.
• Analytics cookies — anonymous pageview data via Vercel Analytics. No personal data is collected; data is aggregated and not linked to individual users.

• Supabase — database and authentication provider (EU/UK data centres, GDPR compliant).
• Google — optional sign-in via Google OAuth. If you choose to sign in with Google, your Google account email and profile name are shared with us solely to create and identify your account. Google's privacy policy applies to data held by Google.
• Anthropic — AI question generation. Prompts contain no personal data — only year group, subject, and topic.
• Stripe — secure billing and payment processing (PCI-DSS compliant).
• Resend — transactional email delivery (account confirmation, password reset, receipts). Only your email address is shared for the purpose of delivering that email.
• Vercel Analytics — anonymous pageview analytics. No personal data is shared; data is aggregated and not linked to individual users.
• Sentry — error monitoring. All text content and user identifiers are masked before transmission. No child data is readable in error reports.
• Legal authorities — if required by applicable law.

• Account data — retained while the account is active, plus up to 2 years, or as required by law. Inactive accounts may be deleted after 24 months of inactivity.
• Child practice history — deleted immediately when a child profile is deleted.
• Application error and event logs — automatically deleted after 90 days.
• Anonymous usage counts (guest session counts, login counts) — automatically deleted after 12 months.
• Waitlist and notify-me emails — automatically deleted 12 months after submission, or immediately on request by emailing [email protected].

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — restrict processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — at any time, for consent-based processing.

Self-serve data export: logged-in users can download a full copy of their data at any time via the Download my data button in Settings. The export includes your account details, all child profiles, practice sessions, subject stats, custom topics, and login history in JSON format.

Self-serve deletion: logged-in users can delete their account and all associated data instantly via the Delete account button in Settings. This permanently removes your account, all child profiles, sessions, XP, and badges with no delay.

For all other rights, email [email protected]. We will respond within 30 days.

• Secure encrypted connections (HTTPS) across all services.
• Controlled access to systems and data using role-based permissions.
• Secure authentication via Supabase Auth.
• Optional 4-digit PINs for child profiles and the parent view, stored as one-way bcrypt hashes.
• Error monitoring with all personal data masked before transmission.
• Automated data deletion to minimise retention of unnecessary data.