Privacy Policy

Effective date: 28/09/2025
Organisation: SPENCER (“we”, “us”, “our”).
Contact email: info@spencer3d.org

‍

1. Introduction

1.1 This Privacy Policy explains how SPENCER collects, uses, and protects personal data when you use the SPENCER Parent App.

‍
1.2 We are committed to respecting your privacy and complying with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

‍
1.3 By creating an account and using SPENCER, you consent to the collection and use of your information as described in this Privacy Policy.

‍

2. What SPENCER is

2.1 SPENCER is a digital tool that allows parents and guardians to:

- Create an account and add child profiles.

- Complete the SPENCER questionnaire.

- Receive personalised strategies to try at home.

- Review strategies after a set number of weeks.

‍

2.2 SPENCER is not diagnostic and does not provide medical or clinical advice. The information you provide is used only for educational and supportive purposes.

‍

3. Data we collect

3.1 Parent/Guardian Account Data

- Email address and login credentials.

- Account activity (e.g. sign-up date, last sign-in).

‍

3.2 Child Profile Data (entered by you)

Name or initials (as you choose).

Age or year group.

Questionnaire responses (Likert scale answers).

Selected strategies and any notes or reviews you add.

‍

3.3 App Performance Data

Device and app version information, which may identify your specific device.

Crash logs and performance data.

‍

3.4 Support Enquiries

Messages and contact details you provide when seeking help.

‍

4. How we use your data

4.1 We use your data to:

Provide and operate the SPENCER app.

Store child profiles and questionnaire results.

Deliver recommendations and reminders.

Improve security and app performance.

Respond to support enquiries.

‍

4.2 Data is not sold or shared with advertisers or other third parties except as noted in our subprocessors section.

‍

5. Lawful basis for processing

5.1 Our lawful basis for processing personal data is consent (Article 6(1)(a) UK GDPR).
5.2 By creating an account and using SPENCER, you consent to the collection and use of your data for the purposes set out in this policy.

‍
5.3 You may withdraw consent at any time by:

Deleting your account, to do this contact us at info@spencer3d.org or use the in-app functionality
.

6. Children’s information

6.1 Parents and guardians may choose to enter information about their children.

‍
6.2 This information is limited to names/initials, age bands, questionnaire answers, and strategies.

‍
6.3 SPENCER is not diagnostic. The information is not classified as special category data under UK GDPR.

‍
6.4 We nonetheless apply strong safeguards to protect children’s data.

‍

7. Where your data is stored

7.1 All data is hosted and processed in the United Kingdom on Google Cloud Platform servers.

‍
7.2 Data is encrypted in transit and stored securely.

‍
7.3 We do not transfer your data outside the UK.

‍

8. Sub-processors

8.1 We use carefully selected sub-processors:

Google Cloud Platform (Firebase): Authentication, database, storage, crash/performance logging.

FlutterFlow: For software development and development hosting

‍

9. Data retention

9.1 Data is retained only for as long as necessary:

- Account and child profiles: kept until you delete them or your account.

- Backups/logs: retained temporarily for operational security.

‍
9.2 When no longer required, data is permanently deleted or anonymised.

‍

10. Your rights

10.1 Under UK GDPR, you have the following rights:

- Access: to know what data we hold.

- Rectification: to correct inaccuracies.

- Erasure: to delete your data.

- Restriction: to limit certain processing.

- Data portability: to receive a copy in a usable format.

Withdraw consent: at any time, without affecting prior processing.

‍

10.2 To exercise your rights, contact info@spencer3d.org
.
10.3 You also have the right to complain to the UK Information Commissioner’s Office (ICO).

‍

11. Security

11.1 We use industry-standard security measures including:

- Encryption in transit and at rest.

- Strict access controls and role-based permissions.

- Regular audits and monitoring.
‍

11.2 Despite our efforts, no system can be guaranteed 100% secure.

‍

12. Third-party links

12.1 SPENCER may contain links to external websites.
‍

12.2 We are not responsible for the privacy practices of third parties.

‍

13. Changes to this Privacy Policy

13.1 We may update this policy from time to time.
‍

13.2 Updates will be posted here with a new “Effective date”.
13.3 For material changes, we will notify you by email or in-app.

‍

14. Contact us

‍

If you have questions, concerns, or requests relating to this policy, please contact:
Email: info@spencer3d.org

‍