This Privacy Policy explains how YoungLearners collects, uses, and protects personal data when you use our website at younglearners.co.uk. We are committed to protecting the privacy of all users, especially children. Please read this policy carefully before creating an account.
1. Who We Are
YoungLearners is an online 11-plus exam preparation platform. We are the data controller responsible for your personal data. For all privacy enquiries, please contact us at:
2. Children's Privacy
Our Platform is designed for children preparing for the 11-plus examination, typically aged 9–12. We take the privacy of children very seriously and comply with the UK Children's Code (Age Appropriate Design Code).
For users under the age of 13:
- A parent or guardian must create the account on the child's behalf.
- By creating an account, the parent or guardian confirms they have parental responsibility for the child.
- We collect only the minimum data necessary for the Platform to function.
- We do not use children's data for marketing or profiling purposes.
- We do not knowingly allow children to create their own accounts without parental consent.
If you believe a child under 13 has created an account without parental consent, please contact us immediately at [email protected] and we will delete the account.
3. What Data We Collect
3.1 Account registration data
- First name and last name (used to generate a display username)
- Email address (parent or guardian email for under-13s)
- Account role (student, teacher, or parent)
- Date of account creation
3.2 Usage data
- Question attempts, answers, and scores
- Mock exam results and subject performance
- Streaks, XP points, and gamification progress
- Session timestamps and time spent on platform
3.3 Technical data
- IP address (collected automatically by our hosting provider, Netlify)
- Browser type and version
- Device type
3.4 What we do NOT collect
- Photographs or video
- Location data beyond country
- Payment card details (handled directly by Stripe — we never see card numbers)
- Social media profile data
4. How We Use Your Data
We use the data we collect for the following purposes:
- To create and manage your account
- To provide access to questions, mock exams, and learning tools
- To track progress and display personalised results
- To send account-related emails (e.g. email confirmation, password reset)
- To allow teachers to monitor student progress if a teacher–student relationship exists
- To process subscription payments via Stripe
- To improve the Platform based on usage patterns (aggregated, not individual-level)
We do not use your data for advertising, and we do not sell your data to third parties.
5. Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases:
- Contract: Processing necessary to provide the service you have signed up for.
- Legitimate interests: Platform security, fraud prevention, and improving the service.
- Legal obligation: Where required by law (e.g. responding to lawful requests from authorities).
- Consent: Where we ask for specific optional consent (e.g. marketing emails). You may withdraw consent at any time.
6. Data Sharing
We share data with the following third parties, solely to provide the Platform:
- Supabase (database and authentication) — servers located in the European Union. Supabase processes data under a Data Processing Agreement in compliance with UK GDPR.
- Netlify (website hosting) — servers in the EU/US. Netlify complies with UK data transfer rules.
- Stripe (payment processing) — Stripe is PCI-DSS compliant. We share only the data necessary to process payments. We never see or store card details.
- Resend (transactional email) — used to send account confirmation and password reset emails.
We do not share your data with any other third parties without your explicit consent.
7. Data Retention
- Account data is retained for as long as your account is active.
- If you request deletion of your account, we will delete all personal data within 30 days.
- Aggregated, anonymised usage statistics may be retained indefinitely as they cannot identify individuals.
- Payment records may be retained for up to 7 years as required by UK financial regulations.
8. Your Rights
Under UK GDPR, you (and parents acting on behalf of a child) have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ('right to be forgotten').
- Right to restriction: Ask us to limit how we use your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.
9. Cookies
We use essential cookies to keep you logged in and remember your session. We do not currently use advertising or tracking cookies.
If we introduce analytics cookies in future, we will update this policy and ask for your consent via a cookie banner before any such cookies are set.
10. Security
We take appropriate technical and organisational measures to protect your data, including:
- All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
- Database access is protected by row-level security policies.
- Passwords are never stored in plain text — authentication is managed by Supabase Auth.
- Access to the database is restricted to authorised personnel only.
No system is completely secure. If you believe your account has been compromised, contact us immediately.
11. International Transfers
Our primary data processors (Supabase, Netlify) store data within the UK or EU. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice on the Platform. Continued use of the Platform after changes are published constitutes acceptance of the updated policy.
13. Contact Us