Privacy Policy

Last updated: 3 July 2026

the ElevenEdge team respects your privacy. This policy explains what personal data ElevenEdge collects, why, and the rights you have — including the right to have your data deleted.

Our users are often children. We aim to follow UK GDPR and the ICO’s Age Appropriate Design Code (Children’s Code). This template should be reviewed by a professional before a public launch.

Who we are

The data controller is the ElevenEdge team. For any privacy request, contact muthu@vestaconsulting.co.uk.

What we collect

  • Account details: email address, display name, and (optionally) year group.
  • Password: stored only as a secure one-way hash — we never see your actual password. Accounts created with Google have no password.
  • Practice data: your answers, per-topic skill ratings, Elo, streaks and daily-challenge results.
  • Technical data: a session cookie to keep you logged in, and your IP address when submitting the sign-up/login anti-bot check.

Why we use it and our legal basis

  • To create and secure your account and provide the practice features — performance of a contract.
  • To personalise question difficulty and show your progress — legitimate interests (delivering the core learning experience).
  • To verify your email and protect against abuse — legitimate interests / legal obligation.
  • Where a child uses the Service, we rely on the involvement and consent of a parent or guardian.

Children’s data

We collect the minimum needed to run the practice tool and do not use children’s data for marketing or profiling beyond adapting question difficulty. Public profiles show only a display name, Elo and rank — never your email or detailed per-topic statistics. A parent or guardian can request access to, or deletion of, a child’s data at any time.

Cookies

We use a single essential cookie to keep you signed in, plus local browser storage for your theme preference. We do not use advertising or analytics cookies. See the Cookie Policy for details.

Who we share it with

We do not sell your data. We use a small number of processors to run the Service:

  • Email delivery (e.g. Resend) — to send verification emails.
  • Google — only if you choose “Sign in with Google”.
  • Cloudflare Turnstile — the anti-bot check on sign-up/login.
  • Our hosting/database provider, to store the data above.

How long we keep it

We keep your data while your account is active. When you delete your account, your personal data is removed immediately (see below). Backups, if any, are cycled out on a rolling basis.

Your rights

  • Access a copy of your data, or ask us to correct it.
  • Erasure: delete your account and all associated personal data from Settings → Privacy → Delete account.
  • Object to or restrict certain processing, and complain to the ICO (ico.org.uk).

Contact

For any request, email muthu@vestaconsulting.co.uk.