← All policies

Privacy Policy

Version 1.2 Reviewed: June 2026 Next review: June 2027

Who runs SoloCogs: SoloCogs is the brand name for the online learning platform operated by Portsdown Tuition, a sole-trader business based in Portsmouth, England. Throughout this policy, "Portsdown Tuition", "we", "us", and "our" refer to the operator and legal entity. "SoloCogs" refers to the platform, service, and brand we provide to families, schools, and tutors. The data controller for personal data processed through SoloCogs is Portsdown Tuition.

Contact: hello@solocogs.co.uk

1. Who We Are

Data Controller: Portsdown Tuition (sole trader), trading as SoloCogs, Portsmouth, England.

ICO Registration: ZB916444 - searchable on the ICO public register.

If you have any questions about how we handle your personal data, please contact us via the contact page.

2. What Data We Collect

Account holders (parents/carers)

How we use your email address: we use it for (1) account login + password reset; (2) essential service emails such as billing receipts, subscription renewals, and safeguarding referrals where applicable; (3) limited service announcements about platform changes that materially affect you. We do NOT use your email for marketing without explicit opt-in, do not sell it, and do not share it with third parties except the strictly-necessary processors listed in section 5.

Student accounts

Student password recovery email (optional)

To let a student reset their own password without waiting for an adult, a parent / carer or school admin can add a recovery email address for that specific student. This is usually the child's own school email or a family-shared address. It is opt-in, off by default, and can be cleared at any time from the parent-settings page on SoloCogs.

Purpose limitation - what we use it for:

What we never use it for:

Retention: the recovery email is stored only as long as it is needed for the purpose above. It is deleted within 30 days of:

Lawful basis: contract performance (article 6(1)(b) UK GDPR) - the recovery email exists only because the parent / carer or school admin chose to set it up to fulfil our agreed service of getting their child back into their account quickly.

All users

Analytics data - only if you accept the cookie banner

If you accept analytics via the cookie banner, we use Google Analytics 4 (loaded via Google Tag Manager) to collect anonymised usage signals - which pages get viewed, where users come from, what device or browser is used, and which features get clicked. We do not pass your name, email, account ID, or any other personally identifying field to Google Analytics. The data is held by Google as an independent processor and is restricted to anonymised page-view and event-level signals.

If you reject the cookie banner, no analytics cookies are set and no analytics events are sent. See the Cookie Policy for the full list of GA4 cookies.

Payment information

We never see or store your card details. All payment processing is handled by PayPal (PayPal (Europe) S.a r.l. et Cie, S.C.A.), a separately accredited payment provider under PCI DSS. PayPal acts as an independent data controller for the financial data you give them. When you pay, your browser hands the payment information directly to PayPal; we receive only a confirmation that the payment succeeded plus the subscription tier you bought - no card number, no expiry date, no CVV. You can read PayPal's own privacy notice at paypal.com/uk/legalhub/privacy-full.

If PayPal sends you transactional emails (receipts, dispute notifications, etc.) those are sent by PayPal under their own terms, not by us.

3. How We Use Your Data

We collect and process personal data only for the following purposes:

What we infer about you

To deliver the learning experience, SoloCogs derives a number of inferences from your data - things we work out about you that you did not type in. Per the ICO Children's Code (standard 12 on profiling), we list these here so you know exactly what we calculate:

What these inferences are NEVER used for: targeted advertising; profiling for commercial decisions; gating access to content (you can always study anything you want, regardless of your "mastery"); sharing with third parties for any purpose other than the parent / tutor / school relationship the account was set up under; training third-party AI models.

Who can see your inferences: you, the parent on your account, any tutor your parent has invited, and a school's nominated data contact if your account was rostered from a school via Wonde. Nobody else, including other SoloCogs users.

Per UK GDPR Article 22, no decision with legal or similarly significant effects is made about you on a solely automated basis - all inferences are informational.

4. Legal Basis for Processing

Where we process special category data (including data about a child's health or wellbeing), we rely on the substantial public interest condition under Schedule 1 of the Data Protection Act 2018, specifically in relation to safeguarding of children.

5. Who We Share Data With

We do not sell, rent, or trade personal data. We share data only with the following sub-processors, each under a written data processing agreement as required by UK GDPR Article 28. The full, dated, versioned list lives at policy-sub-processors.html for procurement records.

Wonde (UK MIS aggregator) will be added when school-roster sync goes live; affected customers will be notified at least 30 days in advance.

6. Data Retention

7. Your Rights Under UK GDPR

You have the right to:

To exercise any of these rights, please contact us via the contact page. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

9. Children's Data

A significant proportion of our users are under 18. We take additional care with children's data:

9.1 If you are under 18 and want to access or remove your data

You still have all the rights listed in Section 7 above - but the way you exercise them is a little different to make sure you're properly supported and that any safeguarding considerations are taken into account.

First step - speak to a trusted adult. If you have questions about your data, want to see what we hold (a Subject Access Request), or want to ask for it to be deleted, please speak to one of the following first:

If you would prefer to contact us yourself, you absolutely can - email hello@solocogs.co.uk and we'll work with you and your parent/carer to make sure the request is handled properly.

9.2 Why we may keep some data even if you ask us to delete it

In some circumstances, the law requires (or strongly encourages) us to keep certain data even if you ask for it to be erased. The main reasons are:

Where we cannot delete data for one of the reasons above, we will tell you which reason applies and how long we expect to keep it.

9.3 If you are 18 or over

You can exercise any of your data rights directly. Email hello@solocogs.co.uk and we will respond within 30 days as set out in Section 7.

10. Cookies and Local Storage

SoloCogs uses strictly-necessary cookies (for sign-in and security), browser local storage (for preferences and progress), and - only if you opt in via the cookie banner - Google Analytics 4 cookies for anonymised usage analytics. See our separate Cookie Policy for the full list of cookies, what each one does, and how to change your consent decision.

11. Changes to This Policy

We will notify registered users of any material changes to this policy via email and by updating the version number and review date above. Continued use of the platform after notification constitutes acceptance of the updated policy.

Data protection questions? Contact us via the contact page. For complaints, you can also contact the ICO at ico.org.uk.