Privacy Policy — Eduentry

1. Who we are

Eduentry (“we”, “us”, “our”) is an online academic assessment platform for children aged 6–17. We are operated by the Eduentry team and can be reached at [email protected]. This policy explains what personal data we collect, why, and how you can exercise your rights under the UK GDPR and EU GDPR.

2. Data we collect

Parent / guardian account

Email address and password (hashed)
Full name (provided at registration)
Account creation date and last login

Child profiles

Child’s first name and date of birth (to calculate age-appropriate questions)
Assessment responses, standardised scores, and percentile rankings
Subject-level performance data

Usage data

Pages visited, session duration, browser type (via Google Analytics)
IP address (anonymised after 14 days by Google Analytics)

3. How we use your data

To create and manage your account and child profiles
To generate adaptive questions appropriate for your child’s age and ability
To calculate standardised scores and percentile rankings
To improve the accuracy of our Item Response Theory models
To send essential service emails (password reset, assessment completion)
To analyse aggregate usage patterns and improve the platform

We do not sell your data to third parties, use it for advertising, or share individual-level data with any third party except as described in Section 5.

4. Children’s data

Eduentry is designed for use by parents and guardians on behalf of their children. We do not knowingly allow children to create their own accounts. All child profiles must be created and managed by a verified parent or guardian aged 18 or over.

Assessment responses and scores are linked to the child’s profile and are accessible only to the parent or guardian account holder. We retain this data for as long as the parent account is active, or for 3 years after the last login — whichever comes first.

5. Third parties

Supabase — our database and authentication provider. Data is stored on EU-region servers. Supabase Privacy Policy.

Anthropic Claude API — used to generate assessment questions. Question prompts include the child’s age and subject only — no names or personally identifiable information are sent. Anthropic Privacy Policy.

Google Analytics 4 — anonymised usage analytics. IP addresses are anonymised. You can opt out via Google’s opt-out browser add-on.

6. Legal basis (UK / EU GDPR)

Contract performance — to provide the assessment service you signed up for
Legitimate interests — improving our platform and preventing fraud
Consent — analytics cookies (you may withdraw consent at any time)

7. Your rights

Under UK and EU GDPR, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your account and all associated data
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interests
Restriction — request that we limit how we process your data

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (UK) or your local supervisory authority.

8. Data retention

Account data: retained while your account is active
Assessment scores: retained for 3 years after last login
Analytics data: retained for 14 months (Google Analytics default)
Deleted accounts: all personal data removed within 30 days of deletion request

9. Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. Database access is restricted to authenticated server-side requests only. We conduct regular security reviews of our infrastructure.

10. Changes to this policy

We may update this policy from time to time. We will notify you by email if we make material changes. The “Last updated” date at the top of this page always reflects the most recent version.

11. Contact

For any privacy-related questions, contact us at [email protected].