Privacy Policy

TrueViQ is operated by Digitally Inherent Pvt Ltd ("we", "us", "our"), a product of conduit488.ai. We are the data controller for personal information collected through our platform.

Data Protection Officer: privacy@trueviq.co.uk

ICO Registration: We are registered with the UK Information Commissioner's Office.

Parent Account Information:

• Full name
• Email address
• Password (encrypted)
• Payment information (processed securely by Stripe, not stored by us)

Child Profile Information (minimal by design):

• First name only (no surnames)
• Year group (e.g., Year 5)
• Target exam type (e.g., 11+)
• Selected avatar

✓ We do NOT collect: Children's surnames, dates of birth, school names, photos, or any other identifying information beyond first name.

Learning Data:

• Questions answered and responses
• Session duration and timestamps
• Progress and performance metrics
• Topic strengths and areas for improvement

Technical Data:

• Device type and browser
• IP address (for security purposes)
• Usage patterns (to improve the service)

We never: Sell your data, use children's data for marketing, or share personal information with advertisers.

If you choose to, you may provide information about your child's special educational needs or disabilities (SEND) to enable accessibility accommodations on TrueVIQ.

What we collect:

• SEND category (e.g., dyslexia, dyscalculia, visual needs) — optional, parent-provided
• Display preferences (font size, dyslexia-friendly font, high contrast mode)
• Accommodation settings (text-to-speech, extra time, reading guide)

Legal basis: Explicit parental consent (UK GDPR Article 9(2)(a)). SEND information is classified as special category data. We only collect it when you actively choose to provide it.

How we use it:

• To enable accessibility features (larger text, read-aloud, extra time in timed activities)
• To configure display accommodations (dyslexia-friendly font, high contrast, reduced motion)
• Never for marketing, profiling, or sharing with third parties

Your control:

• SEND information is entirely optional — you can skip it during setup
• "Prefer not to say" is always available
• You can change or remove SEND preferences at any time in Settings > Accessibility
• Removing SEND information does not affect your child's account or progress data

Data processing:

• SEND preferences are stored alongside your child's profile in our database
• Text-to-speech uses your device's built-in speech engine — no data is sent to any external service
• SEND data is never logged, exported, or included in analytics

Data minimisation: We collect only the minimum information needed to provide accessibility accommodations. We do not request medical evidence, formal diagnoses, or detailed health information.

We only share data with essential service providers:

• Supabase: Database hosting and authentication (EU/UK data centres)
• Stripe: Payment processing (PCI DSS compliant)
• Resend: Transactional emails only
• Anthropic (Claude): AI-powered explanations (no personal data shared, only question content)
• Google (Analytics 4 & Ads): Web analytics and advertising measurement — only active when you accept analytics/advertising cookies via our cookie banner. We never share child profile data or learning progress with Google. See our Cookie Policy for details.

All providers are bound by data processing agreements and must meet GDPR standards. We do not sell or rent personal information to any third party.

• Encryption: All data is encrypted in transit (TLS) and at rest
• Access Controls: Row-Level Security ensures users can only access their own data
• Regular Audits: We conduct security reviews and address vulnerabilities promptly
• Secure Authentication: Industry-standard password hashing and optional OAuth
• UK/EU Hosting: Data is stored in secure, GDPR-compliant data centres

Some of our service providers process data outside the UK. Where this happens, we ensure appropriate safeguards are in place as required by UK GDPR:

• Supabase: EU data centres — covered by UK adequacy decision for the EU
• Stripe: US-based payment processor — transfers under Standard Contractual Clauses (SCCs) and PCI DSS compliance
• Anthropic (Claude AI): US-based — no personal data shared; only anonymised question content is sent for explanation generation
• Vercel: Hosting provider — edge network with UK/EU points of presence; governed by Data Processing Addendum
• Google LLC (Analytics 4 & Ads): US-based — transfers under Standard Contractual Clauses. Only activated with your explicit consent via our cookie banner. No child profile data or learning progress is sent to Google.

We regularly review these arrangements and will update this policy if transfer mechanisms change. You may request details of the safeguards in place by contacting our Data Protection Officer.

• Active Accounts: Data retained while your account is active
• Account Deletion: Personal data deleted within 30 days of account closure
• Anonymized Analytics: We may retain anonymized, aggregated data for service improvement
• Legal Requirements: Some data may be retained longer if required by law (e.g., financial records for 7 years)

We use two categories of cookies:

Essential cookies (always active — required for the platform to work):

• Authentication & login session
• User preferences
• Your cookie-consent choice (so we remember it)

Analytics & advertising cookies (only active with your consent):

• Google Analytics 4 — measures site usage so we can improve the platform
• Google Ads — measures advertising effectiveness and may serve relevant ads to parents

You will see a cookie banner when you first visit TrueViQ. You can accept or reject non-essential cookies, and change your choice at any time. Children never see targeted advertising and are never profiled by Google or any third party. See our Cookie Policy for full details including cookie names, expiry times, and how to manage them.

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by email and update the "last updated" date above.