Privacy policy - Grammarsaurus

This Privacy Policy is applicable to any personal information, which is given by You to Us (“User Information”) via this web site. This Policy is devised to help you feel more confident about the privacy and security of your personal details.

“You” shall mean you, the user of the Site. “We/Us” means Grammarsaurus “Users” means the users of the Site collectively and/or individually as the context allows.

We process personal data only in strict compliance with the Data Protection Act 1998 and associated legislation including GDPR.

Data Collection

When using the Site and its services You may encounter areas where You may be asked to enter User Information. Such User Information will be used in accordance with this Privacy Policy and for the purposes for which it was collected, for any other purposes specified at the collection point.

What data we collect

School data

We collect the school name and address plus minimal contact details. We collect this data for billing purposes.

User account data

This applies to all account holders including teachers.

Name – Our system asks for a name for all users. This is for your convenience and a pseudonym is perfectly acceptable.

Username – All users have a unique username that can be changed at any time by you only. This username is publicly visible in certain places such as where a user owns a list and that list is found in search and makes comments on resources.

IP Addresses – We collect this data for security purposes.

Email – Email address is requested for all teacher accounts to allow system communications.

Password – We collect or generate a password for all users to access Grammarsaurus. We only store an encrypted form of the user password so that in the event of a data breach no password data will be accessible. It is down to the user to store their chosen password securely according to the school’s data protection policy.

Cookies

You should be aware that by using the site, information and data may be automatically collected through the use of Cookies. “Cookies” are small text files that store basic information that a web site can use to recognise repeat site visits and, as an example, recall your name if this has been previously supplied. We may use this information to observe your internet use and to compile data in order to improve the Site, target the advertising and assess general effectiveness of such advertising.

Cookies do not attach to Your system or damage Your files.

How We May Use Your Data

By entering Your User Information via this Site You accept that we may retain Your User Information and that it may be held by Us or any third party company which processes it on Our behalf. We shall be entitled to use Your User Information for the following purposes:

market research, including statistical analysis of user behaviour.
in order to enable Us to comply with any requirements imposed on Us by law or court order; and
in order to send You periodic communications (this may be by e-mail), about features, products and services, events and special offers related to our similar products and services.
Please also note that we do not disclose Your User Information to third parties to enable them to send You direct marketing.

Security & Privacy By Design

Security and Data Retention Security is very important to Us. Secure Socket Layer (“SSL”) encryption technology is used for protection of information in transit for any sensitive transactions such as payments. Additional security procedures are in place to protect the confidentiality, integrity and availability of Your User Information.

By policy, we only collect personal data strictly necessary for the operation of our system and in many cases anonymised data can be used.

We will comply with all relevant Data Protection legislation in relation to the period for which We retain your User information.

All Grammarsaurus data is stored and processed in the UK

Right to access

You have a right to access a copy of Personal Information stored in Our system about You or Your school. This information is available on request via support@grammarsaurus.co.uk

Right to be forgotten

You have a right to be forgotten and your Personal Information may be deleted by request. Note that we automatically delete Personal Information after 12 months of inactivity. Note that we do not delete school records as this is not individual Personal Information and this information is required for financial reporting.

Data breaches

We commit to notify users within 72 hours of any breach of Personal Information affecting them.

Consent

In order to sign up for Grammarsaurus you are required to explicitly accept our Terms including that you agree to the handling of Your Personal Information in accordance with this policy.

GDPR compliance not otherwise covered

Our organisation fully complies with GDPR regulations. We have completed internal data audits and have appointed a “Data Protection Officer” to monitor our on-going compliance. If you have any specific queries not covered by this policy please contact support@grammarsaurus.co.uk

Please note that our Sites do not provide students with any means to communicate directly with each other. There are no chat rooms connected with our products and services. This includes our gaming platform, Morphs.

Morphs – Data Protection and GDPR Compliance Statement

Provided by Grammarsaurus Ltd

1. Overview

Morphs is an educational spelling game developed and operated by Grammarsaurus Ltd for use in schools. The platform allows teachers to input and manage pupil spelling data in order to support learning and track progress.

Grammarsaurus is committed to ensuring that all personal data processed through Morphs is handled securely, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This document explains how data is handled within Morphs and the safeguards in place to protect pupil information.

2. Roles and Responsibilities

Under UK GDPR definitions:

Schools and educational institutions act as the Data Controller for the pupil data they input into Morphs.

Grammarsaurus Ltd acts as the Data Processor, processing data only on behalf of the school and according to their instructions.

Grammarsaurus does not use pupil data for marketing or any purpose other than providing the Morphs service.

3. Data Collected

Morphs is designed using a data minimisation approach. Only the minimum data required for the educational functionality of the platform is collected.

Typical data entered by teachers may include:

Pupil first name or identifier
Class or group
Spelling progress and game performance data
Teacher account information (name, email, school)

No sensitive personal data categories are required or requested.

Schools are responsible for ensuring that any data entered complies with their own internal data protection policies.

4. Access Control

Morphs is designed to ensure strict separation of school data.

The system operates so that:

Teachers and school staff can only access pupil data that they have entered or that belongs to their school account.
Schools cannot access or view data belonging to other schools.
Access is controlled through authenticated user accounts and permission-based access systems.

This ensures pupil data remains restricted to authorised staff within the relevant school.

5. Data Security

Grammarsaurus takes appropriate technical and organisational measures to ensure the security and integrity of all data stored within Morphs.

Security measures include:

Secure data storage and hosting environments
Encryption of data in transit using HTTPS
Controlled access to systems and databases
Regular monitoring and maintenance of infrastructure
Secure authentication processes for user accounts

These measures help protect against unauthorised access, data loss, or misuse.

6. Data Storage and Accuracy

Grammarsaurus maintains systems to ensure that data stored within Morphs is handled accurately and reliably.

Data is stored securely within managed infrastructure.
Schools maintain control over the accuracy of pupil information entered into the system.
Teachers can update or correct data where necessary.

Grammarsaurus ensures that the platform stores and processes data accurately in accordance with GDPR principles.

7. Data Retention

Data within Morphs is retained only for as long as necessary to provide the educational service.

Schools may request:

Export of their data
Correction of stored data
Deletion of pupil or account data

When a school account is closed, associated data can be securely deleted in accordance with data retention policies.

8. Data Subject Rights

Under UK GDPR, pupils and staff whose data is processed through Morphs have certain rights, including:

The right to access their data
The right to request correction of inaccurate data
The right to request deletion of data
The right to restrict processing in certain circumstances

Requests should normally be made through the relevant school (the Data Controller), who may then contact Grammarsaurus if required.

9. Data Sharing

Grammarsaurus does not sell, rent, or share pupil data with third parties.

Data may only be processed by trusted infrastructure providers required to deliver the Morphs platform (such as secure hosting providers), and only under appropriate data processing agreements.

10. Data Breach Procedures

Grammarsaurus maintains procedures for identifying, managing, and reporting data breaches.

If a breach involving school data occurs:

The issue will be investigated immediately.
Affected schools will be notified without undue delay.
Where required, the incident will be reported to the Information Commissioner’s Office (ICO) in accordance with UK GDPR requirements.

11. Compliance Commitment

Grammarsaurus is committed to ensuring that Morphs operates in line with the core principles of GDPR: