Your privacy matters to us. This policy explains how we collect, use, and protect your personal information when you use KidSmart Past Papers.
1. Information We Collect
Personal Information
When you create an account or make a purchase, we may collect:
- Name and email address
- Child's name and age (for educational purposes)
- Payment information (processed securely through Stripe)
- Login credentials (encrypted and stored securely)
Usage Information
We automatically collect information about how you use our service:
- Pages visited and time spent on the site
- Past papers accessed and completed
- Performance data and progress tracking
- Device information and browser type
- IP address and general location (country/city)
2. How We Use Your Information
We use your information to:
- Provide our service: Process orders, deliver past papers, and track progress
- Improve our platform: Analyze usage patterns to enhance user experience
- Communicate with you: Send order confirmations, updates, and support responses
- Ensure security: Prevent fraud and protect your account
- Marketing (with consent): Send relevant educational content and offers
3. Cookies and Tracking
Essential Cookies
Required for the website to function. These cannot be disabled and include:
- Session cookies to keep you logged in
- Shopping cart cookies
- Security and authentication cookies
Analytics Cookies (Optional)
With your consent, we use:
- Google Analytics: To understand site usage and improve our service
- Hotjar: To analyze user behavior and identify usability issues
- Microsoft Clarity: To understand how users interact with our site
You can control analytics cookies using our cookie settings banner or your browser settings.
4. Data Sharing and Third Parties
We do not sell your personal information. We only share data with trusted partners who help us provide our service:
- Stripe: Payment processing (PCI-DSS compliant)
- Google Cloud: Secure hosting and infrastructure
- Email service providers: To send transactional emails
- Analytics providers: Google, Hotjar, Microsoft (only with your consent)
5. Your Rights Under GDPR
If you're in the EU/UK, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate information
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
- Withdraw consent: Remove consent for marketing or analytics at any time
To exercise any of these rights, please contact us at privacy@kidsmartapp.co.uk
6. Data Security
We take data security seriously and implement:
- Industry-standard encryption (SSL/TLS) for all data transmission
- Secure password storage using bcrypt hashing
- Regular security audits and updates
- Access controls and authentication
- Secure backup procedures
7. Children's Privacy
Our service is designed for children preparing for exams, but accounts must be created by parents or guardians. We:
- Do not knowingly collect data directly from children under 13 without parental consent
- Only collect educational data necessary to provide our service
- Allow parents to review and delete their child's data at any time
- Do not use children's data for marketing purposes
8. Data Retention
We retain your data for as long as:
- Your account is active
- Required to provide our services
- Necessary to comply with legal obligations
- Needed to resolve disputes or enforce our terms
You can request deletion of your account and data at any time by contacting us.
9. International Data Transfers
Your data may be processed in countries outside the EU/UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the EU Commission
- Compliance with GDPR requirements
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending an email notification for material changes
11. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us:
Data Protection Officer: For any data protection concerns, you can also contact our Data Protection Officer at dpo@kidsmartapp.co.uk
