← Back to Whizlo

Privacy Policy

Last updated: 13 March 2026

1. Who we are

Whizlo is an educational platform for children aged 4-18, operated by Whizlo Ltd (company registration pending). Our registered address will be published here once company formation is complete.

Data Controller: Whizlo Ltd
Contact: privacy@whizlo.com

2. What data we collect

Parent accounts

  • Name and email address (for account login and communication)
  • Password (stored securely using bcrypt hashing — we never see your actual password)
  • Billing information (processed by Stripe — we do not store card details)

Child profiles

  • First name (never surname)
  • Year group and date of birth
  • Learning progress: answers, scores, mastery levels, streaks
  • 4-digit PIN (for child login — stored hashed)

Automatically collected

  • Device type and browser (for responsive design)
  • Pages visited and session duration (for improving the platform)
  • IP address (for security and fraud prevention only — not used for tracking)

3. How we use your data

PurposeLegal basis (GDPR)
Provide the learning platformContract performance
Personalise learning (adaptive difficulty, AI hints)Legitimate interest
Send progress reports to parentsContract performance
Process paymentsContract performance
Improve platform quality and fix bugsLegitimate interest
Send marketing emails (new features, tips)Consent (opt-in)

4. AI and your child's data

Whizlo uses artificial intelligence to generate questions, provide hints, mark answers, and offer tutoring feedback.

  • AI processes your child's answers to provide personalised feedback
  • We use third-party AI providers (DeepSeek, Google Gemini, Groq) to process learning content
  • Only the question and answer are sent to AI providers — never your child's name, age, or personal details
  • AI providers are contractually prohibited from using this data for training their models
  • You can opt out of AI-powered features in your account settings

5. Where your data is stored

Your data is stored on servers operated by Hetzner Online GmbH in Falkenstein, Germany (European Union). Germany has some of the strongest data protection laws in the world, and all data remains within the EU at all times.

Payment processing is handled by Stripe, which is certified under the EU-US Data Privacy Framework.

6. Who we share data with

We never sell your data. We share data only with:

  • Stripe — payment processing (PCI DSS compliant)
  • AI providers — anonymised question/answer data only (see section 4)
  • Hetzner — infrastructure hosting (EU, GDPR compliant)
  • Your child's school — only if you explicitly connect your account to a school

We will never share data with advertisers or data brokers.

7. Children's privacy

We take children's privacy very seriously. Whizlo is designed to comply with the UK Age Appropriate Design Code (Children's Code) and the ICO guidelines on children's data.

  • Children cannot create accounts — only parents or guardians can register
  • Children log in with a simple PIN — no email or personal data required from them
  • We collect the minimum data needed for learning (first name, year group, answers)
  • No advertising, no social features, no third-party tracking
  • Children's data is never used for profiling or marketing
  • All AI interactions are age-appropriate and content-filtered

8. Your rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access — request a copy of all data we hold about you and your children
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Portability — receive your data in a machine-readable format
  • Object — opt out of marketing or AI-powered features
  • Withdraw consent — at any time, via your account settings

You can exercise these rights from Settings → Privacy or by emailing privacy@whizlo.com. We will respond within 30 days.

9. Data retention

  • Account data is kept while your account is active
  • When you delete your account, all personal data is erased within 30 days
  • Anonymised, aggregated analytics (e.g. "85% of Y2 pupils got fractions correct") may be retained indefinitely
  • Payment records are retained for 7 years as required by UK tax law

10. Cookies

We use only essential cookies required for the platform to function (login session, CSRF protection). We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

11. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you by email and display a notice in the app. The "last updated" date at the top of this page will always reflect the latest version.

12. Complaints

If you are unhappy with how we handle your data, please contact us at privacy@whizlo.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO helpline: 0303 123 1113
Website: ico.org.uk