GDPR Statement

Last updated:

For schools, DPOs, and data protection leads

Our approach to data protection is simple: the safest way to protect data is not to hold it in the first place. So we only ever store the small amount of information the game actually needs to work, and we deliberately avoid collecting anything that would let a pupil be identified by the wider world. No email addresses, no contact details, and no pupil’s name on any screen another pupil can see.

Last updated: 14/05/2026 Version: 1.0

This document is intended for school Data Protection Officers, business managers, and IT leads evaluating Animal Bonds for use with pupils. It accompanies our Privacy Policy and Data Processing Agreement and provides the technical and procedural detail your compliance review will need.

If you require additional documentation (DPIA, DPA template, security questionnaire response), please email hello@animalbonds.co.uk.

1. Controller and processor relationships

When pupils use Animal Bonds via a school account:

  • The school is the data controller for pupil personal data.
  • Animal Bonds (operated by Franklin Works) is the data processor, acting on the school’s documented instructions per UK GDPR Article 28.

A signed Data Processing Agreement is required before any pupil data is processed. Our template is published at /privacy/dpa and is also available on request.

2. Data we process on behalf of schools

CategoryExamplesPurpose
Pupil real nameSet by school admin; recommended format is first name plus surname initial (e.g. “Alex S.”)Identifying pupils on teacher and parent dashboards
Pupil display nameAuto-generated animal-noun combination (e.g. “OtterRiver”); set at pupil’s first sign-inPupil-to-pupil identity in multiplayer; protects pupil identity from other pupils
Class or year groupE.g. Year 3Organising pupils into their class
Player IDRandomly generated internal identifierInternal only
Educational performanceNumber bond questions answered, response times, accuracy, mastery levelsAdaptive learning; teacher dashboard
TechnicalBrowser type, device type, session timestampsService delivery, debugging
Adult accounts (parents, teachers, school admin)Name; role; class or pupil assignmentsAccount access, dashboard

Visibility of names within the Service

Whose nameReal name visible toDisplay name visible to
The pupil themselvesNo-one, including the pupilThemselves
Other pupils (via multiplayer)No-oneAll pupils in the same class or school during multiplayer
Teachers (own class/school)Teachers within the same schoolSame
School administratorThemselves and other admins at the same schoolSame
Linked parentsLinked parents (own child only)Same

A pupil never sees their own real name on the Service. Other pupils never see a pupil’s real name. The display name is the only pupil-to-pupil identity exposed by the Service.

No email addresses are collected from parents, teachers, or pupils. Adult access to the Service is provided through login credentials issued by the school administrator. Where the school needs to communicate with parents, the school does so using its existing communication channels.

We do not process:

  • Email addresses, postal addresses, or phone numbers from any user
  • Pupil parental contact details
  • Pupil photographs, videos, or voice recordings
  • Special category data (Article 9): no health, religious, ethnic, biometric, or similar data
  • Free-text input from pupils (the game uses tap/touch interactions only; no chat or messaging)

3. Lawful basis

For pupil data processed on the school’s instructions, the school determines the lawful basis (typically public task under Article 6(1)(e) for state schools, or legitimate interests for independent schools). Animal Bonds, acting as processor, processes only on the school’s documented instructions.

4. Sub-processors

We use the following sub-processors. Schools will be notified at least 30 days before any change.

Sub-processorServiceData locationTransfer mechanism
Vercel Inc. (USA)Web hosting and edge deliveryUSA primary; UK/EU edge cacheUK Addendum to EU SCCs
Supabase Inc. (USA, with EU infrastructure)PostgreSQL database, authenticationLondon (eu-west-2) or Dublin (eu-west-1)UK Addendum to EU SCCs; data resident in UK/EU
Stripe Payments UK LtdPayment processing (school invoicing only)UK/EUUK GDPR-compliant; UK-regulated entity

5. International transfers

Pupil data is held in the UK or EU. All transfers outside the UK are protected by the International Data Transfer Addendum (UK Addendum to EU SCCs) for transfers to the United States.

6. Retention

DataRetention while school subscribesRetention after school ends use
Pupil profile and gameplay dataDuration of subscriptionReturned or deleted within 30 days, at school’s choice
Teacher accountsDuration of subscriptionDeleted within 30 days
Aggregated, non-identifying analyticsIndefinitelyIndefinitely (no longer personal data)
Audit logs (security)12 months rollingRetained per legal obligation, then deleted

7. Security measures

7.1 Organisational

  • Production database access is limited to Andrew Franklin.
  • No personal data on local devices; all access via cloud admin consoles.
  • Annual review of this document.

7.2 Technical

  • TLS 1.2+ for all connections; HSTS enforced on all subdomains.
  • Database encryption at rest (AES-256, managed by Supabase).
  • Row-level security on the database: pupils can only ever read their own row; teachers can only read pupils linked to their school.
  • Pupil data is held on managed, encrypted PostgreSQL infrastructure (Supabase) with provider-level durability and redundancy.
  • Dependency vulnerability scanning (npm audit) prior to deployment.
  • Web Application Firewall and DDoS mitigation provided by Vercel.

8. Data subject rights

Schools, parents, and pupils may exercise their rights under UK GDPR Articles 15 to 22 by contacting hello@animalbonds.co.uk. Standard response time: 30 days, with a written interim response within 5 working days.

9. Breach notification

In the event of a personal data breach affecting school pupil data:

  • We will notify the affected school’s DPO within 24 hours of becoming aware of the breach.
  • We will provide all information needed for the school to assess its own ICO notification obligation.

10. ICO Children’s Code

A separate Children’s Code compliance statement is available at /privacy/childrens-code. The Service is designed with the best interests of the child as the primary consideration. Default settings are the most privacy-protective available. No advertising. Minimal data collection.

11. Data Protection Impact Assessment

A Data Protection Impact Assessment has been undertaken for the Service and is being finalised ahead of pilot deployment. It will be reviewed annually or following any significant change.

12. Contact

Franklin Works, Walkford. BH23 5LS hello@animalbonds.co.uk

Back to Compliance Hub