← All policies

GDPR & Data Residency

A school-friendly one-pager. For the long form, see the Data Protection Policy and the Privacy Policy.

Version 1.1 Reviewed: June 2026

Who runs SoloCogs: SoloCogs is the brand name for the online learning platform operated by Portsdown Tuition, a sole-trader business based in Portsmouth, England. Throughout this policy, "Portsdown Tuition", "we", "us", and "our" refer to the operator and legal entity. "SoloCogs" refers to the platform, service, and brand we provide to families, schools, and tutors. The data controller for personal data processed through SoloCogs is Portsdown Tuition.

Contact: hello@solocogs.co.uk

1. Who we are

SoloCogs is a UK-registered education service trading as Portsdown Tuition. We act as a data controller for the personal data we collect from learners and the adults who oversee them. Our registered contact for data matters is hello@solocogs.co.uk.

2. Lawful basis

We process personal data under the UK GDPR using these lawful bases:

3. What we collect

WhoWhatWhy
Adult (parent / tutor / school staff)Name, email, role, billing details (handled by PayPal for B2C and Stripe for B2B, never stored by us)Account, billing, support
LearnerFirst name (or display name only), age band, optional school, the answers they give, their RAG self-ratings, time on task, scientists they have discoveredPersonalised learning, progress reports for the parent
EveryoneAnonymised page usage (GA4 with IP truncation)Improving the platform - opt-in only

We do not collect biometrics, ethnic origin, religion, health data, sexual orientation, location, or political opinions. We do not share data with advertisers.

4. Where the data lives

No personal data is transferred outside the UK or the EU.

5. How long we keep it

6. Student data isolation (technical)

Every row of student data in our database carries the student's owner ID and is protected by row-level security (RLS). RLS policies are enforced by the database itself - meaning even a bug in our application code cannot allow one parent or one school to see another's data. Students cannot read other students' progress; parents only see their own children; teachers only see students linked to their school.

7. Your rights

Under UK GDPR you have the right to:

Send any rights request to hello@solocogs.co.uk. We respond within 1 calendar month.

8. Data Processing Agreement (DPA)

Schools and tutoring providers can request a signed Data Processing Agreement to satisfy their own GDPR obligations. Email hello@solocogs.co.uk with subject "DPA request" - we will return a signed copy within 3 working days.

9. Sub-processors

The third parties that process data on our behalf. A full, dated, versioned list lives at policy-sub-processors.html for procurement records.

Wonde (UK MIS aggregator) will be added when school-roster sync goes live; schools will be notified 30 days in advance.

We notify customers of any change to this list at least 30 days in advance.

10. Breach notification

If a personal data breach occurs and is likely to result in a risk to your rights, we notify the ICO within 72 hours and any affected users without undue delay. Our breach log is kept whether or not external notification is needed.

11. Data Protection Impact Assessment (DPIA)

Because SoloCogs processes children's personal data (Article 8 special-category context under UK GDPR), we maintain a published DPIA. It identifies the risks to learners arising from each kind of processing we do, the safeguards in place, and the residual risk score after those safeguards. Schools attaching SoloCogs to their own information register can use our DPIA as evidence that an impact assessment has been done at the supplier level.

Data protection contact: hello@solocogs.co.uk. Requests for our signed DPA, subject-access copies, or breach details are all welcome.