unschoolly
Log in Get Started

Privacy Policy

How we collect, use, and protect your personal data

Last updated: November 30, 2025

unschoolly is operated by unschoolly, a company registered in Estonia, European Union. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and all applicable Estonian and EU data protection laws.

1. Data Controller

Company Name: unschoolly

Country: Estonia, European Union

Data Protection Contact: gdpr@unschoolly.com

2. Information We Collect

2.1 Account Information

  • Parent/Guardian Account: Name, email address, password (encrypted)
  • Child Profiles: First name, age/grade level, interests, learning preferences
  • Payment Information: Processed securely through Stripe (we do not store full payment card details)

2.2 Usage Data

  • Lesson generation history and preferences
  • Learning progress and completion data
  • Badge achievements and gamification progress
  • Feature usage statistics and analytics

2.3 Technical Information

  • IP address, browser type, device information
  • Cookies and similar tracking technologies
  • Log data (timestamps, errors, system activity)

2.4 Communications

  • Support inquiries and correspondence
  • Feedback and feature suggestions
  • Newsletter subscriptions (with consent)

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our educational platform services
  • Legitimate Interest: Analytics, platform improvement, fraud prevention, and security
  • Consent: Marketing communications, optional cookies, and feature requests
  • Legal Obligation: Tax records, payment processing, and regulatory compliance

4. How We Use Your Information

  • Service Delivery: Generate personalized lessons, track progress, manage accounts
  • Communication: Send transactional emails, respond to support requests, provide updates
  • Improvement: Analyze usage patterns to enhance features and user experience
  • Payment Processing: Handle subscriptions, invoices, and referral credits
  • Security: Protect against fraud, abuse, and unauthorized access
  • Legal Compliance: Meet regulatory requirements and legal obligations

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted service providers:

Service Providers We Use:

  • Stripe: Payment processing (PCI-DSS compliant)
  • OpenAI: AI-powered lesson generation (data processed per their privacy policy)
  • Hosting Providers: Infrastructure and database hosting
  • Email Services: Transactional and support emails

All third-party processors are carefully vetted and bound by data processing agreements ensuring GDPR compliance.

6. Children's Privacy

Important: unschoolly is designed for use by parents/guardians on behalf of their children. We collect minimal information about children (first name, age/grade, learning preferences) solely for educational purposes.

  • Only parents/guardians can create accounts and manage children's profiles
  • We do not knowingly collect data directly from children under 16
  • Parents have full control over their children's data and can delete profiles at any time
  • Children's data is processed with parental consent under GDPR Article 8

7. Data Retention

We retain personal data only as long as necessary:

  • Active Accounts: Data retained while your subscription is active
  • Cancelled Accounts: Data deleted within 30 days of cancellation (unless legally required to retain)
  • Financial Records: Retained for 7 years per Estonian accounting regulations
  • Marketing Consent: Until consent is withdrawn

8. Your Rights Under GDPR

As an EU/EEA data subject, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations)

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Restriction of Processing

Limit how we process your data in certain circumstances

Right to Object

Object to processing based on legitimate interests or for marketing

Right to Withdraw Consent

Withdraw consent for processing at any time

Right to Lodge a Complaint

File a complaint with your local supervisory authority or the Estonian Data Protection Inspectorate

To exercise any of these rights, contact us at gdpr@unschoolly.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures:

  • Encryption: HTTPS/TLS for data in transit, encryption at rest for sensitive data
  • Access Controls: Role-based access, multi-factor authentication for staff
  • Regular Audits: Security reviews and vulnerability assessments
  • Secure Hosting: EU-based or GDPR-compliant infrastructure
  • Password Protection: Passwords hashed using bcrypt

10. Cookies and Tracking Technologies

We use cookies to enhance your experience:

Essential Cookies (Required)

  • Session management and authentication
  • Security and fraud prevention
  • Shopping cart and payment processing

Optional Cookies (Require Consent)

  • Analytics to understand usage patterns
  • Preference storage for user interface settings

You can manage cookie preferences in your browser settings. Note that disabling essential cookies may affect platform functionality.

11. International Data Transfers

While we are based in Estonia (EU), some service providers may process data outside the EEA. In such cases, we ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the EU Commission
  • Privacy Shield certification (where applicable)

12. Marketing Communications

We will only send promotional emails if you opt in. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us. Transactional emails (account notifications, receipts, security alerts) are essential and cannot be opted out of.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email or a prominent notice on our platform. The "Last Updated" date at the top indicates when changes were last made.

14. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to report privacy concerns:

Estonian Data Protection Inspectorate

If you believe your data protection rights have been violated, you have the right to lodge a complaint with Estonia's supervisory authority:

  • Name: Andmekaitse Inspektsioon (Data Protection Inspectorate)
  • Website: www.aki.ee
  • Email: info@aki.ee