Privacy Policy
Last updated: 12 July 2026
Adhithi Ltd ("we", "us") is the data controller for this service. We build for children, so we follow the UK GDPR and the ICO's Children's Code: we collect the minimum we need, we never show ads, and we never sell personal data. Contact us about privacy at [email protected].
1. What we collect
| About parents | Name, email address, password (stored hashed). If you sign in with Google, the name and email Google shares with us. |
|---|---|
| About children | First name or display name, year group, exam year, chosen avatar and a sign-in PIN (stored hashed). Child profiles have no email address and no password and are only ever created by a parent. |
| Learning activity | Answers given, scores, time taken, practice streaks, badges and mastery levels — the data that powers progress tracking. |
| Technical | Device type (web/app) and standard server logs (IP address, timestamps) kept for security. |
2. What we use it for
- Providing the service (performance of our contract with the parent): accounts, practice sessions, mock exams, progress reports.
- Keeping the service safe (legitimate interests): security logs, preventing abuse.
- Emails you ask for (consent): verification, password resets and — only if you opt in — progress summaries. Never marketing to children.
Aggregate statistics (for example "children in Year 5 average 64% on this topic") are only shown when the group is large enough that no individual child could be identified (at least 20 children).
3. Children's data
- Parents create and control every child profile and can view, edit or delete it at any time from the account pages.
- Child profiles are never public. There is no chat, no messaging and no contact between users.
- We show no advertising of any kind and use no advertising or analytics trackers.
- Children's learning data is never used to train AI models and is never shared with AI providers.
4. Who we share data with
Only the suppliers that run the service for us: our UK/EU hosting provider and our email delivery provider (to send verification and reset emails to parents). They process data under contract, on our instructions only. We do not sell or rent personal data to anyone. We would only disclose data where the law requires it.
5. How long we keep it
- Account and learning data: for as long as your account exists.
- If you delete your account, your family's personal data is deleted straight away; short-lived backups roll off within 30 days.
- Security logs are kept for up to 90 days.
6. Your rights
You (and your children, exercised through you) have the right to:
- access and portability — download your whole family's data as a file from the account page;
- rectification — correct anything in the account pages, or ask us;
- erasure — delete your family account yourself from the account page, or ask us to;
- object or restrict — contact us about any processing you're unhappy with.
You can also complain to the Information Commissioner's Office at ico.org.uk, though we'd appreciate the chance to help first.
7. Security
All traffic is encrypted (HTTPS). Passwords and PINs are stored hashed, never in plain text. Answers are marked on our servers, and children's sessions use tokens that can only see that child's own data.
8. Changes
If we change this policy in any significant way we will email parents before the change takes effect. The "last updated" date above always shows the current version.