← All policies

Data Protection Policy

Version 1.0 Reviewed: April 2026 Next review: April 2027 Owner: Jazz (Data Controller)

Who runs SoloCogs: SoloCogs is the brand name for the online learning platform operated by Portsdown Tuition, a sole-trader business based in Portsmouth, England. Throughout this policy, "Portsdown Tuition", "we", "us", and "our" refer to the operator and legal entity. "SoloCogs" refers to the platform, service, and brand we provide to families, schools, and tutors. The data controller for personal data processed through SoloCogs is Portsdown Tuition.

Contact: hello@solocogs.co.uk

1. Purpose and Scope

This policy sets out how Portsdown Tuition (the operator of SoloCogs, Portsmouth) complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all personal data processed through SoloCogs, regardless of format.

2. Data Protection Principles

All personal data processed by SoloCogs must comply with the following principles (UK GDPR Article 5):

  1. Lawfulness, fairness and transparency - data is processed lawfully and transparently
  2. Purpose limitation - data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes
  3. Data minimisation - data collected is adequate, relevant, and limited to what is necessary
  4. Accuracy - data is accurate and kept up to date
  5. Storage limitation - data is kept no longer than necessary for its purpose
  6. Integrity and confidentiality - data is processed securely, protecting against unauthorised access, loss, or destruction
  7. Accountability - the data controller (Portsdown Tuition) is responsible for and able to demonstrate compliance

3. Data Controller

Portsdown Tuition (sole-trader operator of SoloCogs) is the data controller for all personal data processed through this platform. As a small organisation, a Data Protection Officer (DPO) is not legally required; however, data protection responsibility rests with Portsdown Tuition directly.

4. Categories of Data Processed

Standard personal data

Special category data

Special category data is processed only where there is a lawful basis to do so, including safeguarding obligations under the Children Act and Schedule 1 of the Data Protection Act 2018.

5. Lawful Bases for Processing

SoloCogs processes data on the following lawful bases:

6. Data Security Measures

SoloCogs implements the following technical and organisational security measures:

7. Third-Party Processors

SoloCogs uses the following third-party processors who may process personal data on our behalf:

Any future third-party processors will be assessed for GDPR compliance before engagement, and a Data Processing Agreement (DPA) will be in place before any personal data is shared.

8. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions). Supabase EU data centres are used where possible to minimise international transfers.

9. Data Retention Schedule

10. Data Breach Response

In the event of a personal data breach, SoloCogs will:

  1. Contain and assess the breach as quickly as possible
  2. Determine whether notification to the ICO is required (required within 72 hours where the breach is likely to result in risk to individuals' rights and freedoms)
  3. Notify affected individuals where there is a high risk to their rights and freedoms
  4. Document the breach, its effects, and the remedial action taken

To report a suspected data breach, contact Jazz immediately via the contact page.

11. Data Subject Rights

Individuals whose data we process have the following rights under UK GDPR. Requests will be responded to within one calendar month:

12. Policy Review

This policy is reviewed annually and updated following any significant change to legislation, platform processing activities, or data breach incidents.

Data protection enquiries: Contact Jazz via the contact page. You also have the right to complain to the ICO at ico.org.uk or 0303 123 1113.