Privacy Policy

Vocabulary Stories is operated by Snap Digital Ltd, a company registered in England and Wales (Company Number 11648186), with its registered office at 34 Bedford Road, Sutton Coldfield, B75 6AB, United Kingdom ("Snap Digital", "we", "our" or "us").

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Snap Digital Ltd is the data controller for personal data collected through the Vocabulary Stories website and mobile applications (the "Service").

For data-protection enquiries, please contact us at hello@snapdigital.co.uk.

This Privacy Policy explains what personal data we collect, how we use it, the legal basis on which we rely, and the rights you have under UK and applicable laws. Please read it carefully. If you do not agree with this Privacy Policy, please do not use the Service.

Personal data you provide

Personal data you give us directly when you register, join the waiting list, request a story, or contact us — for example your name, email address, and any information you choose to include in messages.

Usage data

Information our servers automatically collect when you use the Service, such as IP address, device and browser type, operating system, access times, and pages viewed. This may be processed in aggregated, pseudonymised form for analytics.

Children's information

The Service is designed for children aged 8–11 used under parental supervision. We collect the minimum personal data necessary to provide the Service to a child, and only after a parent or legal guardian has provided verifiable consent. We design our processing to comply with the UK Children's Code (Age Appropriate Design Code), Article 8 of the UK GDPR, and — where it applies — the U.S. Children's Online Privacy Protection Act (COPPA).

We use the personal data we collect to:

• Create and manage your account and provide the Service to you
• Send service-related communications, such as updates and security notices
• Respond to your enquiries and provide customer support
• Track a child's learning progress within the Service (visible to the parent / guardian who registered them)
• Operate, maintain, secure and improve the Service, including analytics and fraud prevention
• Send you newsletters and marketing communications, where you have given consent
• Comply with our legal and regulatory obligations

We only process personal data where we have a lawful basis to do so under Article 6 of the UK GDPR. The basis we rely on depends on the activity:

• Performance of a contract (Art. 6(1)(b)): to create and manage your account, deliver the Service you have asked for, and handle subscriptions and payments.
• Consent (Art. 6(1)(a)): for marketing emails, optional analytics, and any non-essential cookies. You can withdraw consent at any time without affecting prior lawful processing.
• Legitimate interests (Art. 6(1)(f)): for keeping the Service secure, preventing fraud and abuse, and improving the Service. We balance these interests against your rights and freedoms; you may object at any time (see Section 6).
• Legal obligation (Art. 6(1)(c)): where we must process data to comply with applicable law — for example, retaining records for tax purposes or responding to lawful requests from regulators.

Children under 13. Where we rely on consent to process the personal data of a child under the age of 13, that consent must be given or authorised by a parent or legal guardian (UK GDPR Art. 8(1), as modified by the Data Protection Act 2018 s.9). We take reasonable steps to verify that the consent is given by the holder of parental responsibility.

We use administrative, technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and regular review of our security practices. No system is perfectly secure, and we cannot guarantee absolute security; however, we will notify you and the Information Commissioner's Office (ICO) of any personal data breach where required under UK GDPR Article 33.

If you are in the UK or the EEA, you have the following rights in respect of your personal data:

• Right of access (Art. 15): obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16): correct inaccurate or incomplete data.
• Right to erasure / "right to be forgotten" (Art. 17).
• Right to restrict processing (Art. 18).
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
• Right to object to processing based on legitimate interests, including direct marketing (Art. 21).
• Right to withdraw consent at any time, where processing is based on consent (Art. 7(3)).
• Rights related to automated decision-making (Art. 22): we do not currently make any solely automated decisions that produce legal or similarly significant effects.
• Right to lodge a complaint with a supervisory authority. In the UK this is the Information Commissioner's Office at ico.org.uk/make-a-complaint. We would, however, appreciate the chance to deal with your concerns first — please contact us before approaching the ICO.

Parental rights. A parent or legal guardian may exercise any of these rights on behalf of a child whose data we process.

To exercise any of these rights, email hello@snapdigital.co.uk. We will respond within one month of receiving your request, in line with UK GDPR Article 12(3). We may need to verify your identity before disclosing personal data.

We use cookies and similar technologies on this website. Under the UK Privacy and Electronic Communications Regulations 2003 (PECR), as updated, we will only place non-essential cookies on your device with your prior, informed consent. Strictly necessary cookies, which are required to deliver the Service you have asked for, do not require consent.

The categories of cookies we may use are:

• Strictly necessary cookies: required for the website to function (for example, authentication and security). These are always on.
• Analytics cookies: help us understand how visitors use the Service. Set only with your consent.
• Preference cookies: remember choices you have made, such as language. Set only with your consent.

You can change or withdraw your cookie preferences at any time. Most browsers also allow you to refuse or delete cookies; doing so may affect the functionality of the Service.

We engage carefully selected third parties ("processors") to help us deliver the Service. These processors act on our instructions under written agreements that meet the requirements of UK GDPR Article 28. Current categories include:

• Cloud infrastructure and hosting: Amazon Web Services (AWS), for application hosting and data storage.
• Forms and waiting list: Microsoft Forms, for collecting waiting-list signups and story requests.
• Analytics: aggregated, pseudonymised analytics to help us improve the Service (set only with consent).

We do not sell personal data to anyone and we do not allow our processors to use it for their own purposes.

The Service is intended for children aged 8–11, used with parental supervision. We design and operate it with children's best interests as a primary consideration, in line with the UK Age Appropriate Design Code (the Children's Code) and Article 8 of the UK GDPR.

Where the Service is used by users in the United States, we additionally comply with the Children's Online Privacy Protection Act (COPPA): we do not knowingly collect personal information from a child under 13 without verifiable parental consent.

Parents and guardians have the right to:

• Review the personal information we hold about their child;
• Request that we delete their child's personal information;
• Refuse further collection or use of their child's personal information;
• Consent to use within the Service while prohibiting onward disclosure to third parties.

If you believe we have collected information from a child without proper consent, contact us immediately at hello@snapdigital.co.uk and we will delete it.

We retain personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or for longer where required by law (for example, accounting records). When personal data is no longer needed, we securely delete or anonymise it. You can ask us at any time how long we keep a particular category of data.

Some of our processors (including AWS) may process personal data in countries outside the UK and EEA. Where we transfer personal data outside the UK, we put in place appropriate safeguards required by UK GDPR Chapter V, which may include:

• Transfers to countries the UK government has determined provide an adequate level of protection ("adequacy regulations");
• The UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK Addendum;
• Other safeguards permitted under UK GDPR Article 46.

You may contact us to request a copy of the safeguards used for a specific transfer.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. When we make material changes we will update the "Last Updated" date at the top of this page, and where appropriate notify you by email or in-product notice.

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Snap Digital Ltd (Company No. 11648186)
34 Bedford Road, Sutton Coldfield, B75 6AB, United Kingdom
Email: hello@snapdigital.co.uk
Phone: +44 7356 227929

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

See also our Terms and Conditions.

This section applies only if you are a resident of California. Under the California Consumer Privacy Act (CCPA), you have the right to:

• Know what personal information we collect, use and disclose about you;
• Request deletion of your personal information;
• Opt out of the "sale" of personal information — note that we do not sell personal information;
• Not be discriminated against for exercising your CCPA rights.

To exercise these rights, contact us at hello@snapdigital.co.uk.

By using the Service, you confirm that you have read this Privacy Policy. Where we rely on consent as the lawful basis (for example, for marketing or non-essential cookies), we will ask for it separately and you can withdraw it at any time. For children under 13, parental or guardian consent is required before we collect their personal information.