Privacy Policy
Draft policy for the closed beta. This page requires review by a qualified solicitor and formal ICO registration before public launch - it is not yet final legal copy. If you are looking for a shorter, child-focused explanation, see our child privacy notice.
1. Who we are
BrightEleven is the data controller for the personal data described in this policy, in line with UK GDPR.
2. What we collect
From the parent account holder:
- Name and email address
- Billing information (processed by our payment provider - we do not store full card details)
- Marketing preference (opt-in only)
From a child profile, created and consented to by the parent:
- First name only - no surname, no date of birth
- Year group, avatar choice, and an optional exam date/region
- Learning and performance data: questions answered, accuracy, time spent, mastery levels, and points/streak/badge history
3. Why we collect it
To provide the service (adaptive practice, progress dashboards, the gift and streak system), to communicate with you about your account and billing, and - only with explicit opt-in - to send marketing communications.
We do not use child data for advertising, do not sell personal data, and do not build behavioural advertising profiles from any child-facing activity.
4. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you and your children
- Correct inaccurate data
- Export your data
- Request deletion of your account and all associated child data
Self-serve data export and account deletion are available from your account settings. On deletion, all associated child data is removed within 30 days.
5. Data retention
We retain account and learning data for as long as your account is active, and for a limited period afterwards only where needed for legal or accounting purposes. Deleted accounts are fully removed within 30 days as described above.
6. Data storage and security
Data is stored with infrastructure providers offering industry-standard encryption at rest and in transit. Access is restricted to what's needed to operate the service.
7. Third parties
We use a small number of third-party processors strictly to operate the service: a payment processor for billing, and an email provider for account and transactional emails. We do not share data with third parties for their own marketing purposes.
8. Contact and complaints
Questions about this policy, or requests relating to your data, can be sent to the support address shown in your account settings. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).