logo

Privacy Policy for DojoConnect (UK)

Last Updated: 26 May 2025

1. Introduction

DojoConnect (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share data when you use our app, which provides messaging, calendar/events/tasks, classes, file sharing, subscriptions, and payments. This policy applies to all users aged 6 and above and complies with UK GDPR and the Data Protection Act 2018.

2. Data We Collect

Please see this page where we detail the personal information we collect from each user type, including the sources from which the information was collected, the business purpose for which the information was collected, and the third parties with whom we share or disclose personal information for a business purpose.

We collect:

  • Personal Data: Name, email, Google account details, payment information (e.g., card details), age, location.
  • Business Data: Business profiles, class materials, shared files.
  • Usage Data: IP addresses, device IDs, app interactions (e.g., messages, events).
  • Children’s Data: Limited data from users under 16 (UK GDPR) or 13 (COPPA), with parental consent.
  • Sensitive Data: Financial or class-related data, if applicable.

3. How We Collect Data

We use the personal information we collect from students (or about students from teachers and parents) to provide and improve (as allowed by law) the Service, for educational purposes, security, and safety purposes, or as allowed by law. We will not require children to provide more personal information than is reasonably necessary to participate in the Service. See here for more information on our use of information collected from students and children using the Service. For additional information regarding our use of information collected from instructors, parents, and Admins, see here.

Data is collected via:

  • Google Sign-In for authentication.
  • User inputs (e.g., profiles, payment forms).
  • Automated tools (e.g., cookies, analytics).
  • Third-party services (e.g., payment processors, cloud storage).

4. Purpose and Lawful Basis

We process data to:

  • Provide features (e.g., messaging, calendar, classes) – lawful basis: contract necessity.
  • Process subscriptions and payments – lawful basis: contract necessity.
  • Analyze usage for improvements – lawful basis: legitimate interests.
  • Personalize services – lawful basis: consent.
  • Comply with legal obligations (e.g., tax reporting) – lawful basis: legal obligation.

5. Data Sharing

We Never Sell Personal Information: We will never sell or rent your personal information or non-personal information. We will only disclose personal information as set forth in the Privacy Policy, such as with a limited set of third-party service providers necessary to provide or develop our Services (such as database hosting) or as required by law, and we will be transparent about who these service providers are. We will contractually require that these service providers process personal information in accordance with our instructions and consistent with this Privacy Policy. We ensure that these service providers employ reasonable and comprehensive data protection and security protocols. See here for more details.

We share data with:

  • Third-party providers (e.g., Google for authentication, Stripe for payments) to deliver services.
  • UK authorities, if required by law.

We do not sell data to advertisers or brokers. Data transfers outside the UK comply with UK GDPR (e.g., UK-US data transfer agreements).

6. User Rights (UK GDPR)

You have the right to:

  • Access, rectify, erase, restrict, or port your data.
  • Object to processing or withdraw consent.

Exercise these rights via account settings or by contacting our Data Protection Officer at data.protection@dojoconnect.app. We respond within one month, per UK GDPR.

7. Data Security

We use encryption, pseudonymization, and secure servers to protect data. In case of a breach, we will notify you and the UK Information Commissioner’s Office (ICO) within 72 hours, per UK GDPR.

8. Data Retention

Retention and deletion of Student Data and records is at the direction of the school. We enter into Student Data Protection Addendums with schools or districts that further describe our duties, responsibilities, and commitments with respect to Student Data that we collect or receive. Additionally, we retain student personal information only for as long as necessary for fulfilling educational purposes and legal obligations, or to provide the Service for which we receive or collect the student personal information. We protect students with our industry-leading Student Data Protection Policy: we automatically delete (or de-identify and aggregate) Students’ Accounts if they’re inactive for more than twelve months. Some content within a student account utilized in school or for educational purposes connected to a school or classroom (“Student Account”) will be kept after deletion of the account for school legal compliance reasons (e.g., maintenance of “education records” under the Family Educational Rights and Privacy Act (FERPA) or “Student Data” under state student privacy laws or equivalent laws in international jurisdictions) and will not be deleted until we receive direction from the school. This can include content uploaded by a student, teacher, school leader, or parent.

We store non-student user personal information, including content uploaded by Outside School Child Users, for as long as it is necessary to provide products and Service to you and others. For non-student users (as well as Outside School Child Users), personal information associated with your account will be kept until your account is deleted or until we no longer need the information to provide the Service, whichever occurs first. Additionally, some information is deleted or de-identified automatically after a set period of time. For additional information on our retention periods, see here.

We retain data only as necessary (e.g., 18 months for usage data, unless required by law). You can request deletion via account settings or by contacting us.

9. Children’s Privacy

For users under 16, we obtain verifiable parental consent before collecting data, per UK GDPR. For users under 13, we comply with COPPA (if applicable). We limit data collection and prohibit third-party analytics/ads in kid-directed features.

10. UK GDPR Compliance

We comply with UK GDPR by:

  • Processing data lawfully (e.g., consent, contract necessity).
  • Conducting Data Protection Impact Assessments for high-risk activities (e.g., children’s data).
  • Appointing a Data Protection Officer data.protection@dojoconnect.app
  • Ensuring secure data transfers outside the UK.

11. Google and iOS Compliance

  • Google: We disclose data practices in our Play Store listing and use Google’s Consent SDK for any ad-related data collection.
  • Apple: We provide a privacy manifest detailing data types and usage, per App Store guidelines, and comply with App Tracking Transparency.

12. Policy Updates

We may update this Privacy Policy. Material changes will be communicated via in-app notifications or email at least 7 days in advance. Continued use constitutes acceptance.

13. Contact Us

For questions or to exercise your rights, contact our Data Protection Officer at data.protection@dojoconnect.app. You may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).