Plain-English summary: We collect only what we need to run TraceTales. We never sell your data or your child's data to third parties. Reading recordings stay private on your device. We comply with UK GDPR and the ICO's Children's Code. For questions, email privacy@tracetales.co.uk.
1. Who we are
TraceTales ("we", "us", "our") is the data controller for personal data processed through this website and the TraceTales iOS/iPadOS application. Our contact details are:
If you have any concerns about how we handle your data, please contact us in the first instance. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
2. What information we collect
2.1 Information you provide
- Account information: email address, password (stored as a one-way hash), and display name when you create a parent account.
- Child profile information: child's first name, year group, and chosen avatar. We do not collect dates of birth, surnames, or any identifying information about your child.
- Support communications: any information you include when contacting our support team.
- Launch notification sign-up: email address if you opt in to be notified when the app launches.
2.2 Information generated by use
- Learning activity data: which subjects were accessed, levels completed, badges earned, stars awarded, and mood check-ins.
- Reading recordings: audio recordings made when your child reads aloud. These are stored locally on your device and are not transmitted to our servers unless you explicitly choose to share them.
- Progress data: lesson completions, streak counts, and National Curriculum objective tracking.
2.3 Technical information
- Device type and operating system version (for compatibility and debugging).
- App version number.
- Anonymous crash and performance reports via Apple's MetricKit framework.
- Standard web server logs (IP address, browser type, pages visited) when you use this website.
3. Children's data
TraceTales is designed for children aged 3โ11. We take the protection of children's data extremely seriously and comply with the ICO's Age Appropriate Design Code (Children's Code).
- We do not require children to create accounts. All accounts are held by parents or carers.
- We do not collect children's surnames, dates of birth, photos, or any directly identifying information.
- Children's learning data (progress, recordings, mood logs) is accessible only to the parent or carer who set up the account.
- We do not use children's data for advertising, profiling, or any purpose other than delivering the app's educational features.
- Parental consent is required before a child profile can be used. The Parent PIN system ensures only adults can access or modify account settings.
- We do not knowingly collect data from children without verified parental consent.
4. How we use your information
We use the information we collect to:
- Provide, maintain, and improve the TraceTales app and website.
- Personalise the learning experience for each child profile.
- Display progress reports and National Curriculum tracking in the Parent Dashboard.
- Enable you to share teacher summary reports.
- Send essential service communications (e.g. account security alerts, policy updates).
- Respond to your support requests.
- Debug and fix technical issues using anonymised crash reports.
- Contact you about the app launch if you have opted in to notifications.
We do not use your data or your child's data for advertising, behavioural profiling, or to sell to third parties.
5. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
- Performance of a contract: processing your account information and learning data to provide the service you have subscribed to.
- Legitimate interests: anonymous crash reporting and performance monitoring to maintain and improve the app, where this does not override your rights.
- Consent: launch notification emails (you can withdraw this at any time by emailing privacy@tracetales.co.uk).
- Legal obligation: where we are required to retain or disclose information by law.
6. Who we share data with
We share your data only where necessary:
- Apple Inc.: the app is distributed through the App Store and uses Apple's StoreKit for in-app purchases. Apple's privacy policy applies to their processing. Crash reports are submitted via Apple's MetricKit.
- IONOS: our website hosting provider, located in the European Economic Area (EEA). IONOS processes web server logs.
- Legal authorities: where required by law, court order, or to protect the safety of a child.
We do not use third-party analytics services, advertising networks, or social media trackers on this website or in the app.
7. How long we keep your data
- Account data: retained for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days.
- Learning data: retained for as long as the child profile exists. Deleting a child profile permanently deletes all associated data.
- Reading recordings: stored locally on your device only. They are deleted when you delete them in the app, or when you uninstall the app.
- Support communications: retained for up to 2 years for reference, then deleted.
- Launch notification emails: deleted within 30 days of the app launch, or immediately upon your request.
- Web server logs: retained for up to 90 days for security and debugging, then deleted.
8. Security
We take the security of your data seriously. Our measures include:
- Passwords are stored using industry-standard one-way hashing (never in plain text).
- All data in transit between the app and any servers is encrypted using TLS 1.2 or higher.
- Reading recordings are stored using iOS's standard encrypted file system and never leave your device without explicit action.
- The Parent Dashboard is protected by a PIN chosen by you.
- We conduct regular reviews of our security practices.
No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at privacy@tracetales.co.uk.
9. Your rights under UK GDPR
As a data subject, you have the following rights. To exercise any of these, please contact privacy@tracetales.co.uk:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): request deletion of your data where there is no lawful reason for us to continue processing it.
- Right to restriction: ask us to restrict processing of your data in certain circumstances.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests.
- Rights related to automated decision-making: TraceTales does not make automated decisions that significantly affect you.
We will respond to all valid requests within one month. You also have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint/.
10. Cookies
This website uses a minimal number of cookies:
- tt_cookie_consent (essential): remembers whether you have accepted or declined our cookie notice. Expires after 1 year.
- tt_logged_in, tt_email (session): set when you sign in to the Parent Dashboard demo. These are session cookies deleted when you close your browser.
We do not use advertising, tracking, or third-party analytics cookies. The Google Fonts service is loaded from Google's CDN and may set its own cookies subject to Google's Privacy Policy.
You can manage cookies through your browser settings at any time. Disabling the consent cookie may cause the cookie banner to reappear on each visit.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
We aim to respond to all privacy enquiries within 5 working days.