Website · Legal
Privacy and
cookies policy.
How Secret Galactic Code Academy collects, uses, protects and deletes personal information, including information relating to children and learners.
1. Scope
This policy applies to the SGCA public website, platform portals, admissions enquiries, learner and family accounts, teacher and administrator services, communications and associated educational activities. It does not replace a school or partner organisation’s own privacy notice where that organisation acts as a separate controller.
This document describes the intended SGCA privacy framework. Processing arrangements, contracts and deployed services must be reviewed before production launch or material change.
2. Who is responsible for personal data?
Secret Galactic Code Academy is an educational platform operated within the InfiniCoreCipher project structure. Questions for the data controller, data-protection lead or DPO contact route should be sent to info@sgca-academy.co.uk. Include “Data Protection” in the subject line.
3. Information we may collect
- Account information: name, username, age range, role, organisation and contact details.
- Parent or guardian information and evidence of authority or consent where required.
- Learning records: missions, submissions, progress, badges, assessment feedback and support preferences.
- Teacher, school and organisation information needed to manage classes and licences.
- Admissions, support and communication records.
- Technical and security data such as device type, browser, timestamps, IP address, authentication and diagnostic logs.
- Cookie choices and limited analytics where permitted.
SGCA does not ask users to submit passwords, medical records or special-category data through public contact forms. Where accessibility information is genuinely required, only the minimum necessary information should be collected with appropriate safeguards.
4. Why we use information
Information may be used to provide accounts and educational services, maintain progress, support learners, administer schools and licences, respond to enquiries, protect platform security, meet legal obligations and improve accessibility. Depending on the context, the lawful basis may be performance of a contract, legal obligation, legitimate interests, consent, or a public/education task managed by a partner organisation. Consent can be withdrawn where consent is the lawful basis, without affecting earlier lawful processing.
5. Children’s privacy, UK GDPR and COPPA
SGCA is designed for young learners and applies heightened protection to children’s information. In the UK, parental authorisation is required for consent-based online services offered directly to children under the applicable digital-consent age. School-managed access may rely on a different lawful basis determined by the school and its agreements.
For users in the United States, COPPA applies to child-directed online services and services with actual knowledge that they collect personal information online from a child under 13. SGCA must not knowingly collect such information without the required notice and verifiable parental consent, except where a limited legal exception applies.
- Collect only data reasonably necessary for participation.
- Give parents or guardians clear notice of collection and use.
- Obtain and record appropriate consent or organisational authority.
- Allow authorised adults to review, correct or request deletion of a child’s information.
- Do not use behavioural advertising directed at children.
- Do not require unnecessary disclosure as a condition of learning.
8. Retention and security
Personal data is retained only for as long as needed for the stated purpose, account administration, safeguarding, legal claims, finance or statutory obligations. Retention periods should be documented by record category. SGCA applies role-based access, authentication, encryption where appropriate, backups, logging, minimisation and incident response. No security system can guarantee absolute protection.
9. Your data-protection rights
Subject to legal conditions and exemptions, individuals may have rights to be informed, access data, correct inaccurate data, request erasure, restrict processing, receive portable data, object, and obtain safeguards concerning solely automated decisions. A parent, guardian or authorised representative may exercise rights for a child where legally appropriate. Identity and authority may need to be verified.
10. Contact, complaints and changes
Send privacy requests to info@sgca-academy.co.uk. You may also complain to the UK Information Commissioner’s Office or the relevant supervisory authority. Material policy changes will be dated and communicated through an appropriate website or account notice.
Official guidance: ICO individual rights, FTC COPPA rule.
