Privacy Policy

Ignite Learning Studio is operated by Ignite Learning Studio Limited, a private limited company registered in England and Wales (company number 17076528), with its registered office at 2 Hillfield Avenue, London, England, N8 7DT. We are the data controller for personal data processed through the Service.

For privacy questions or to exercise your rights, contact us at hello@ignitelearning.ai.

From parents / account holders:

• Name and email address (when you create an account, whether by email + password or by signing in with Google)
• Subscription and billing status (we don't store card details — these are handled directly by our payment processor, Stripe)
• Communication you send us (e.g. support emails)

If you choose to sign in with Google: we request only your email address, your basic profile (name and, if you have one, the public profile picture), and the openid identifier required for sign-in. We do not request access to your Google Drive, Calendar, Contacts, Photos, Gmail, YouTube, or any other Google service. We do not request offline access. The data we receive from Google is used only to create and manage your Ignite account — we never share it with third parties for advertising, profiling, or any purpose unrelated to providing the Service.

From and about each learner you register:

• First name (or nickname) and year group
• Avatar selection (chosen from our stock set — we do not collect or store photographs)
• Activity data: questions answered, answers given, time taken, topics studied, current XP / level / streak

Automatically collected:

• Essential cookies and session tokens (to keep you signed in)
• Basic device and browser information (e.g. browser type, screen size) needed to render the app correctly
• Aggregated usage information for service improvement (we do not build advertising profiles)

• To provide the learning service (load lessons, track spaced repetition, render progress)
• To manage your account and subscription (sign-in, billing, cancellation)
• To send transactional emails (welcome, trial reminders, billing receipts) — we do not send marketing emails without separate opt-in
• To improve the service (understand which questions or topics need work)
• To comply with legal obligations and enforce our Terms

The lawful bases under UK GDPR Article 6 are: contract (delivering the service you signed up for), legitimate interests (improving the service, security, fraud prevention, transactional comms), and consent (where required, e.g. non-essential cookies).

Ignite is designed for children aged 8 and up to use under parental supervision. The parent or guardian creates and manages the account. We treat children’s data with extra care:

• We collect the minimum necessary to deliver the learning service — first name, year group, and activity data
• We do not show advertising of any kind to children
• We do not profile children for marketing or sell their data
• We do not collect location data, photographs, contacts, or social media information
• We do not provide a public profile, messaging, or any feature that exposes a child to other users
• Parents can review or delete a learner profile at any time from their dashboard

Children should not create accounts themselves. If we become aware that an account has been created without parental involvement, we will close it and delete associated data.

We share personal data only with service providers needed to run the Service. They process data on our behalf under written agreements:

• Supabase — database, authentication, file storage. EU-hosted.
• Stripe — subscription billing and payment processing.
• Resend — transactional email delivery.
• Vercel — application hosting and CDN.

We do not sell personal data, and we do not share it with advertisers or analytics platforms that build cross-site profiles.

Where data is transferred outside the UK or EEA (for example if a service provider operates in the United States), we rely on UK Government adequacy decisions, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with appropriate supplementary measures.

• Account and learner profile data: kept while your account is active, plus 90 days after closure
• Subscription and billing records: kept for 7 years to meet UK tax law (HMRC) requirements
• Transactional email logs: kept for 90 days for delivery troubleshooting, then deleted
• Anonymised, aggregated usage data: may be kept indefinitely for service improvement

Under UK GDPR you have the right to: access your personal data; correct inaccurate data; have your data deleted; restrict or object to processing; data portability; and withdraw consent where processing is based on consent.

To exercise any of these rights, email hello@ignitelearning.ai. We will respond within one month.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have handled your data incorrectly. Their website is ico.org.uk.

We use a small number of essential cookies to keep you signed in and to remember your preferences. We do not use advertising or tracking cookies. See our cookie banner the first time you visit for details.

We protect personal data with appropriate technical and organisational measures, including encryption in transit (TLS), encryption at rest, role-based access control, and routine backups. No system is perfectly secure — if we discover a personal data breach that is likely to result in risk to your rights, we will notify the ICO within 72 hours and inform affected users where required.

We may update this policy from time to time. Material changes will be communicated by email and shown prominently in the app. The “Last updated” date at the top of this page reflects the most recent revision.

For any questions about this policy or your personal data, contact us at hello@ignitelearning.ai.