Privacy Policy
Last updated: 16 May 2026
1. Who we are
Twiz Kids (“we”, “us”, “our”) is operated as a sole trader / small business based in England. We are the data controller for the personal data described in this policy. You can contact us at hello@twiz.kids.
2. What data we collect and why
Adult (parent/guardian) accounts
| Data | Purpose | Legal basis |
|---|---|---|
| Name and email address (from Google sign-in) | Account identification and service communications | Contract performance |
| Profile picture (from Google, optional) | Displayed in the app to personalise your experience | Legitimate interest |
| Authentication tokens (from Google OAuth) | Keeping you securely signed in | Contract performance |
Child accounts and data
Child data is entered by the adult account holder and is processed under the adult's consent on behalf of the child. We collect only what is necessary to run the service:
| Data | Purpose | Legal basis |
|---|---|---|
| Child's first name | Personalising the child's practice interface | Contract performance |
| Date of birth | Age-appropriate content and fact difficulty | Contract performance |
| School name | Contextualising content (e.g. curriculum year) | Contract performance |
| Spelling word lists | Generating practice sessions for that child | Contract performance |
| Times tables settings | Generating times tables practice sessions | Contract performance |
| Practice session results (correct/incorrect per word or fact) | Adapting future sessions to focus on areas of difficulty; progress display for parents | Contract performance |
| Gmail address (only if parent invites child to have their own login) | Linking the child's Google account to their profile | Contract performance |
We do not collect behavioural analytics, device fingerprints, location data, advertising identifiers, or any other data beyond what is listed above.
3. Cookies and local storage
We use only strictly necessary cookies. Specifically:
- A session cookie set by our authentication system (Auth.js / NextAuth) to keep you securely signed in. This cookie is essential for the service to function and does not require your consent under UK GDPR.
We also use your browser's local storage to remember small preferences (such as whether you have dismissed the app install prompt). This stores no personal data and is cleared when you clear your browser storage.
We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.
4. How we use your data
We use your data only to:
- Provide and improve the Twiz Kids service;
- Personalise practice sessions for each child;
- Communicate with you about your account (e.g. if you contact us with a query).
We do not use your data for advertising, profiling, or any automated decision-making that produces legal or similarly significant effects.
5. Sharing your data
We do not sell, rent, or share your personal data with third parties for their own purposes.
We use the following service providers, who process data on our behalf under data processing agreements:
- Google (OAuth): Handles sign-in authentication. Google receives only what is necessary for the sign-in flow.
- Vercel: Hosts the Twiz Kids application. Data is stored in their infrastructure within the EU/EEA region.
- Supabase / Prisma: Provides the database that stores account and practice data, hosted in the EU/EEA.
- Anthropic (Claude): Used to generate reward facts shown to children after sessions. We do not send any personal data (names, school details, or practice results) to Anthropic.
6. How long we keep your data
We keep your data for as long as your account is active. When you delete your account, we permanently delete:
- Your account and profile information;
- All child profiles linked to your account;
- All spelling lists, times tables settings, and practice session records;
- All authentication tokens and linked accounts.
One narrow technical exception: If you have used the photo-import feature to upload an image of a spelling list, a low-level cache stores an anonymous hash of the image alongside the extracted word list. This cache contains no name, account reference, or any other identifying information — it cannot be linked back to you or your child. It exists solely to avoid re-processing identical images. This data is not personal data under UK GDPR.
Aside from this technical exception, nothing is retained after account deletion.
7. Children's privacy
Twiz Kids accounts may only be created by adults aged 18 or over. Children do not sign up directly — their data is entered and managed by the adult account holder, who provides consent on the child's behalf.
We apply the following protections to child data:
- Child data is only accessible to adult guardians linked to that child, and to us as the data controller.
- Children can only access their own practice interface — they cannot view other children's data, account settings, or billing information.
- We do not display advertising to children and do not build behavioural profiles of children.
- We minimise child data to what is strictly necessary for the educational service.
8. Your rights under UK GDPR
As a UK resident, you have the following rights:
- Right of access: You can request a copy of the personal data we hold about you and your children.
- Right to rectification: You can correct inaccurate data at any time through the app settings, or by contacting us.
- Right to erasure: You can delete your account and all associated data at any time from the app settings.
- Right to restriction: You can ask us to restrict processing of your data in certain circumstances.
- Right to data portability: You can request a machine-readable export of your data.
- Right to object: You can object to processing based on legitimate interests.
- Rights related to automated decision-making: We do not make automated decisions with significant legal effects, but you may contact us if you have concerns.
To exercise any of these rights, please email us at hello@twiz.kids. We will respond within one calendar month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Security
We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed authentication tokens, and access controls. No method of transmission over the internet is completely secure; if you believe your account has been compromised, please contact us immediately at hello@twiz.kids.
10. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or by a notice within the app. Continued use of Twiz Kids after the effective date constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or requests, please contact us at hello@twiz.kids.
See also our Terms of Service and FAQ.