Email address (used for authentication and account recovery)
Optional display name
Purchase status (verified via Apple)
Child profiles (created by a parent)
First name or nickname
School year group
Exercise records: questions, responses, scores, and timestamps
Progress data: topic completion, badges, and coin balance
What we do NOT collect
Location data
Photos or media
Voice or audio
Device identifiers
Advertising identifiers
3. How We Use This Data
Service delivery — personalised learning experiences and progress tracking
Account administration — authentication and account recovery
App enhancement — aggregated topic difficulty analysis to improve content
4. Legal Basis (UK GDPR)
Contract performance — processing necessary to provide the service you signed up for
Legitimate interests — aggregated analytics to improve the app
Legal obligations — compliance with applicable law
5. Children's Data
Parents create and manage all child profiles. We do not collect data from children under 13 without verified parental consent. If you believe a child's data has been collected without authorisation, please contact us at blueflamegames@proton.me and we will delete it promptly.
Child profile data is only accessible to the parent or guardian account that created it.
6. Third-Party Processors
Google Firebase — authentication and Cloud Firestore database. Data may be stored in the EU or USA. A Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs) is in place.
Apple Inc. — App Store distribution and in-app purchases.
We do not sell your data to any third party.
7. Data Retention
Account and profile data — deleted within 90 days of a removal request
Session logs and progress — automatically removed after 2 years
Purchase records — retained as required for Apple compliance
8. International Transfers
Firebase may store data outside the UK/EEA, including in the USA. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) under the UK GDPR.
9. Your Rights (UK GDPR)
You have the right to:
Access your personal data
Correct inaccurate data
Request deletion of your data
Restrict processing
Data portability
Object to processing based on legitimate interest
To exercise any of these rights, contact blueflamegames@proton.me. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
10. Security
We protect your data with Firebase security rules, HTTPS encryption, and role-based access controls. However, no method of electronic transmission or storage is 100% secure.
11. Changes
If we make material changes to this policy, we will notify you via an in-app notification. Continuing to use the app after changes are posted constitutes acceptance of the updated policy.