Privacy Policy
Learnlio (“we”, “us”, “our”) is committed to protecting your privacy and your child’s data. This policy explains what information we collect, why we collect it, and how we keep it safe.
Who we are
Learnlio is an online learning platform designed to support children with dyslexia-friendly, child-led learning in Maths and English.
Data controller identity
Data controller: Learnlio UK . If you have any questions about this policy, contact us at hello@learnlio.co.uk.
Questions? Email us: hello@learnlio.co.uk
What data we collect
Parent / account holder
- Name (if provided)
- Email address
- Login/session details (handled securely by Supabase)
- Subscription and billing status (via Stripe)
Child profiles (entered by parents)
- First name (or nickname)
- Date of birth
- Learning progress and session data
We do not collect
- Child surnames
- Home addresses
- School names
- Photos or videos
- Sensitive personal data
Why we collect this data
We only collect data that is necessary to:
- Create and manage accounts
- Personalise learning for each child
- Track progress over time
- Provide parent reports
- Manage subscriptions and access
Lawful bases (UK GDPR)
We rely on the following lawful bases, depending on the activity:
- Account creation and login: contract (providing the service you request).
- Child profiles and tutoring/lessons: contract and legitimate interests (delivering the learning service safely).
- Screener/setup check: contract and legitimate interests; consent where optional information is provided.
- Billing and payments: contract and legal obligation (tax/accounting records).
- Support messages and contact requests: legitimate interests or contract (to respond to you).
How we store and protect data
- Data is stored securely using Supabase
- Payments are handled by Stripe (we never see card details)
- Connections are encrypted (HTTPS)
- Access is restricted using role-based permissions
Data retention
- Account data: kept while your account is active and for a limited period after closure for support and security.
- Child profiles and learning progress: kept until you delete them or close the account.
- Support messages: kept for [ADD SUPPORT RETENTION PERIOD] to help resolve issues.
- Billing records: kept for [ADD BILLING RETENTION PERIOD] to meet legal and accounting obligations.
International transfers
Some processors (such as Supabase, Stripe, and our hosting/CDN providers) may process data outside the UK. Where this happens, we rely on appropriate safeguards such as UK GDPR transfer mechanisms (for example, standard contractual clauses or the UK IDTA) and provider security measures.
Processors we use
- Supabase: authentication, database, and secure storage.
- Stripe: payments and billing portal.
- Cloudflare or similar CDN/hosting providers: performance and security.
- Google (Text-to-Speech): audio support where enabled.
- OpenAI: optional AI support features where enabled.
- Formspree: contact form delivery (if you use the contact form).
Children’s data
Learnlio is designed for children, but accounts are managed by parents or guardians.
- Children cannot create accounts themselves
- Parents control child profiles
- We do not sell or share child data
- Data is used only to support learning and progress
Cookies
Learnlio uses essential cookies for login and security. We do not use advertising cookies. See our Cookie Policy for details.
Your rights
Under UK GDPR, you have the right to:
- Access your data
- Correct your data
- Request deletion of your data
- Withdraw consent where applicable
To exercise these rights, email: hello@learnlio.co.uk. We aim to respond within one month. If we need longer, we will explain why and keep you updated.
Complaints
You have the right to complain to the UK Information Commissioner's Office (ICO) if you are unhappy with how your data is handled. See the Information Commissioner's Office (ICO) website for guidance.
Changes to this policy
We may update this policy as Learnlio grows. We’ll keep it clear, honest, and child-first.