Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name (teachers/parents)
• Email address
• Password (encrypted)
• School or organisation name (optional)
• Year or teaching subject (optional)

Student Information (provided by teachers/parents):

• Full name
• Gender
• Year Group
• Class
• SEN (Special Educational Needs) Status
• Pupil Premium Status
• EAL (English as an Additional Language) Status
• Assessment results and progress data

Payment Information:

• Processed securely through Stripe (we do not store credit card details)
• Billing address
• Transaction history

1.2 Information Collected Automatically

Usage Data:

• Assessment results (where applicable)
• Time spent on platform
• Features used
• Login timestamps

Technical Data:

• IP address
• Browser type and version
• Device type
• Operating system
• Cookies and similar tracking technologies

Essential Cookies (Always Active):

• Authentication (keeps you logged in)
• Security (CSRF protection)
• Preferences (remembers your settings)
• Cookie consent choice

Optional Cookies (ReadingFluency only, requires consent):

• Google Analytics (usage analytics)
• Performance monitoring
• Error tracking

1.3 Local Browser Storage (Parchmentpad)

Parchmentpad stores whiteboard data locally in your browser by default:

• Slide content and drawings
• Imported presentations
• User preferences and settings

This data remains on your device unless you explicitly choose to save to your Wild Schooling account or export to cloud storage. Clearing your browser data will remove locally stored presentations.

1.4 File Downloads (Parchmentpad)

You may download your Parchmentpad presentations to your computer in various formats (.parchment, .png, .pdf, .svg). Once downloaded, these files are stored on your device and are no longer within Wild Schooling's control. You are responsible for the security and backup of downloaded files.

1.5 Cloud Storage Integrations (Parchmentpad)

You may choose to save your Parchmentpad presentations directly to third-party cloud storage services including:

• Google Drive
• Microsoft OneDrive

When you connect a cloud storage service:

• You will be asked to authorise Wild Schooling to access your storage
• We only access folders/files you explicitly choose
• Your files are transferred directly to your cloud storage account
• We do not store copies of files you save to cloud storage
• You can revoke access at any time through your Google/Microsoft account settings

1.6 Imported Files (Parchmentpad)

Parchmentpad allows you to import presentation files you have created in other applications. When you import a file:

• The file is processed entirely in your browser
• File contents are not uploaded to our servers during import
• Only you can see and access your imported content
• Imported content follows the same storage rules as other Parchmentpad data

We support import of files in common presentation formats. Third-party application names and trademarks belong to their respective owners. Import functionality enables you to access your own content and does not imply any affiliation with or endorsement by third-party software providers.

2. How We Use Your Information

2.1 Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: To provide the Services you subscribed to
• Consent: For marketing communications and optional features
• Legitimate Interest: For service improvement, security and fraud prevention
• Legal Obligation: To comply with applicable laws

2.2 Purposes of Processing

We use your information to:

• Provide the Services: Create accounts, track progress, generate reports
• Process payments: Handle subscriptions and billing
• Improve the Services: Analyse usage patterns and user feedback
• Communicate with you: Service updates, support responses, educational tips
• Ensure security: Prevent fraud, protect against malicious activity
• Comply with legal obligations: Respond to legal requests, enforce Terms

3. Your Rights and Choices

3.1 GDPR Rights (UK/EU Users)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure ("Right to be Forgotten"): Request deletion of your data
• Restriction: Limit how we process your data
• Portability: Receive your data in portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent at any time

3.2 Exercising Your Rights

To exercise any of these rights:

• Email: support@wild-schooling.com
• Include: Your name, email and specific request
• Response time: Within 30 days
• Verification: We may request identity verification

4. Data Security

We implement appropriate technical and organisational measures:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access controls: Limited employee access on need-to-know basis
• Authentication: Secure password requirements, hashed storage
• Regular security audits: Monitoring for vulnerabilities
• Secure hosting: Enterprise-grade infrastructure

4.1 Data Breach Response

In the unlikely event of a data breach:

• We will notify the ICO within 72 hours
• We will notify affected users without undue delay
• We will provide clear information about the breach and steps to protect yourself
• We will take immediate action to contain and remediate the breach

4.2 Administrator Access

Platform administrators employed by wild-schooling.com have access to data across all schools for the purposes of system maintenance, security monitoring, technical support, and content management. All administrator access is logged and audited.

5. Children's Privacy

5.1 Age Restrictions

• Users under 13: Require parental consent
• Teacher/parent controls: Adults manage student accounts
• Limited data collection: We collect minimal data from students

5.2 Student Data Protection

• We comply with UK Data Protection Act 2018 and GDPR
• Student data is used only for educational purposes
• Parents/teachers can request student data deletion
• We do not show advertising to children
• We do not sell or share student data for marketing

6. Data Retention

6.1 Retention Periods

Active Accounts:

• Account data: Retained while account is active
• Assessment data: Retained while account is active
• Usage logs: Retained for 12 months

Deleted Accounts:

• Personal data deleted within 30 days
• Some data retained for legal compliance (e.g., payment records for tax purposes: 7 years)
• Anonymised usage statistics may be retained indefinitely

7. International Data Transfers

7.1 Data Storage Location

• Primary data stored on EU-based servers
• If we transfer data outside the EU/EEA, we will update this policy and seek consent where required

7.2 Third-Party Services

We use the following third-party services to provide our Services:

• Supabase (Database): EU region - SOC 2 Type II certified, GDPR compliant, data hosted in EU
• Stripe (Payment Processing): USA - covered by EU-US Data Privacy Framework
• Vercel (Hosting): USA - ISO 27001 certified, GDPR compliant
• Google Analytics (ReadingFluency only, with consent): USA - EU-US Data Privacy Framework
• Resend (Transactional emails): For password resets, account notifications, and system alerts – USA, covered by EU-US Data Privacy Framework and UK Extension. Subject to Resend's Privacy Policy
• Google Drive (Parchmentpad, optional, user-initiated): For saving presentations – subject to Google's Privacy Policy
• Microsoft OneDrive (Parchmentpad, optional, user-initiated): For saving presentations – subject to Microsoft's Privacy Policy

8. Communications and Marketing

8.1 Types of Communications

Essential Service Communications (Cannot opt out):

• Account security alerts
• Payment confirmations and billing notices
• Critical service updates
• Legal notices and policy changes
• Support responses to your inquiries

Optional Marketing Communications (You can opt out):

• Educational tips and strategies
• New feature announcements
• Product updates and improvements
• Educational resources and webinars
• Special offers and promotions

8.2 Consent and Opt-Out

How to Opt Out:

• Click "Unsubscribe" link in any marketing email
• Update preferences in your account settings
• Email us: support@wild-schooling.com

9. Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Any data analysis is used only for:

• Generating educational reports
• Tracking student progress
• Improving our Services

10. Contact Information

10.1 Data Controller

• Name: Simon Sharp (operating as Wild Schooling)
• Email: support@wild-schooling.com
• Address: 10 Bellingham Drive, Reigate, Surrey, RH2 9BB
• ICO Registration: C1790660

10.2 Response Times

• General inquiries: 5 working days
• GDPR rights requests: 30 days
• Data breach notifications: 72 hours

10.3 Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with:

• Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Telephone: 0303 123 1113

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or prominent website notice at least 30 days before changes take effect.

Continued use of the Services after changes constitutes acceptance of the new Privacy Policy.