Privacy Policy
Last updated: February 2026
Summary for parents: This website is designed for classroom use only. We only collect children's first names and their maths scores - no surnames, emails, or other personal details. Each child has their own PIN code to log in, and when logged in, they only see their own name - other children appear as generic usernames (e.g., "Star", "Moon", "Penguin") to protect everyone's privacy. Your child's school or educator is responsible for their data and has an agreement with us about how it's protected.
A note on terminology: Throughout this policy, we use "school" to refer to any organisation or individual using the Service (including schools, tutoring practices, home educators, and other educational settings). Similarly, "school lead" means the account administrator, and "teacher" means any staff member with a teaching role on the platform.
Who we are
Mr Sear's MTC is a web-based Multiplication Tables Check practice application created and operated by Daniel Sear. The Service is invite-only — access is provided by Sear Education to schools, tutors, home educators, and other educational professionals.
When your organisation uses this service:
- Your organisation is the "data controller" - they decide to use the app and are responsible for the data
- Mr Sear's MTC is the "data processor" - we handle the data on the organisation's behalf, following their instructions
Organisations using this service are covered by our Data Processing Agreement which sets out how we protect and handle data.
Lawful basis for processing
The lawful basis for processing depends on your setting:
- Schools — Processing is necessary for the school to perform its task of providing education (public task, UK GDPR Article 6(1)(e)). Schools do not need parental consent to use educational tools, but parents are informed about data use through the school's privacy notice.
- Tutors, home educators, and other settings — Processing is necessary for the purposes of providing the educational service (legitimate interests, UK GDPR Article 6(1)(f)). Where appropriate, consent may also be relied upon.
Information we collect about children
We collect and store the following information about children:
- First names only - We do not collect surnames or full names
- Individual PIN codes - A unique 4-digit code for each child to log in securely
- Display alias - A friendly generic username (e.g., "Star", "Moon") shown to other children to protect privacy
- Test level - Which multiplication tables each child is working on
- Practice scores - Shown on the classroom leaderboard (reset regularly)
- Test results - Used to track progress and decide if a child should move up a level
- Response times - How quickly each question is answered, used to identify which times tables need more practice
- Achievement data - Crown counts awarded for battle victories (gold and silver crowns)
- Session status - Whether a child is currently logged in and active (used for classroom management)
Information we collect about teachers
Teachers create accounts to manage their classes. We collect:
- Email address - Used for account login and invitations
- Display name - From your login provider (e.g., Google account name)
- Class information - Which class(es) you manage
- Organisation membership - Which school or organisation you belong to
- IP address - Logged for security auditing purposes (retained for 90 days)
- Action logs - Records of account actions for security (retained for 90 days)
Note: We do not log children's IP addresses.
What we do NOT collect about children
- Email addresses
- Surnames or full names
- Home addresses
- Photographs
- Dates of birth
- Any other personal identifiers
How we protect the information
- Individual PIN codes - Each child has their own unique 4-digit PIN to log in, ensuring only they can access their account
- Class password protected - Access also requires a class password that is only shared with the class
- Privacy-protected names - When a child is logged in, they see their own name but all other children appear as generic usernames (such as "Star", "Moon", "Penguin", "Rainbow") - children cannot see each other's real names
- Secure storage - Data is stored securely using Google Firebase: main data in Firestore (London, UK) and live session data in Realtime Database (Belgium, EU)
- No public access - Information cannot be seen without the class password and individual PIN
- Educational use only - Data is used exclusively for educational purposes
Who can see the information
- The classroom teacher - Can see all children's real names, scores, and progress in their class
- School leads - If a teacher joins a school group, school leads can see aggregated statistics across classes (e.g., how many children are at each level). School leads can also view individual classes and pupil names for oversight purposes.
- Children in the class - Can only see their own real name; other children appear as generic usernames. Children can see the leaderboard scores but not who the real names are behind the generic usernames.
- Sear Education staff - Authorised staff (including the developer) may access data where necessary for service operation, maintenance, technical support, or legal compliance. We do not routinely access individual pupil data.
The class password and individual PINs are only shared with the class for educational use and should not be shared outside the classroom.
Third-party services
This website uses the following services:
- Google Firebase Firestore - Main database for pupil names and results (London, UK)
- Google Firebase Realtime Database - Live session status (Belgium, EU)
- Google Firebase Authentication - Teacher login (may involve processing outside UK/EU with appropriate safeguards)
- Google Firebase Hosting - Serves the website (global CDN)
- Google Cloud Functions - Server-side processing such as sending invitation emails and account management (US, with appropriate safeguards). Pupil data is stored in the UK and EU; Cloud Functions may transiently process data as part of these operations.
- Google Fonts - For displaying text (Nunito Sans font)
- Zoho Mail - For sending invitation emails to teachers via SMTP (teacher email addresses only)
- jsDelivr and Cloudflare CDNs - Open-source libraries (for charts, PDF exports, and browser compatibility) are loaded from these services. They receive standard connection data (IP address, browser info) but no pupil data.
No children's data is shared with any third-party services beyond what is necessary for secure storage. Where data may be processed outside the UK, appropriate safeguards (Standard Contractual Clauses and UK Addendum) are in place.
Children's privacy (UK Children's Code)
This website is designed with children's privacy in mind:
- Minimal data collection - only what's needed for the maths practice
- No advertising or tracking
- No social features or messaging
- Individual PIN codes - each child has their own secure login
- Generic usernames - children cannot see each other's real names, only friendly aliases like "Star", "Moon", or "Penguin"
- Password and PIN protection to prevent unauthorised access
- Data can be deleted upon request
Browser storage
This website stores some preferences locally on your device (in your browser's localStorage):
- Theme preference (light/dark mode)
- Accessibility settings (reduced motion, particle effects)
- Login session information (so you don't have to log in every time)
This data stays on your device and is not sent to our servers. You can clear it at any time by clearing your browser data.
Your rights
Under UK GDPR, you have the right to:
- Request access to your child's data (or your own data if you are a teacher)
- Request correction of any inaccurate data
- Request deletion of your child's data (or your own account)
- Withdraw consent at any time
Data retention
- Practice scores - The leaderboard resets regularly (e.g., after each battle); teachers may download scores for tracking progress
- Test and practice results - Detailed question-by-question data (including response times) is automatically deleted after 20 days. Summary statistics (score, date, level) are retained for the academic year to track progress.
- Names and test levels - Kept for the current academic year only, then deleted automatically
- Teacher accounts - Retained while the account is active; deleted upon request
- Teacher action logs and IP addresses - Automatically deleted after 90 days
If a child leaves the class, their data will be removed upon request.
Deletion and recovery
Classes: When a school lead or teacher deletes a class:
- The class is immediately removed from view
- All associated data (pupil names, test results, practice scores, progress data) is retained securely for 30 days in case of accidental deletion
- After 30 days, all data is permanently and automatically deleted and cannot be recovered
- If a deletion was made in error, contact info@mrsearmtc.uk within 30 days to request restoration
Teachers: When a school lead removes a teacher, the teacher's account and access are deleted immediately and permanently. When a teacher deletes their own account through the Service settings, their account is also deleted immediately and permanently. In both cases, audit logs containing the teacher's IP address and action history are retained separately for 90 days per the audit log retention policy before automatic deletion.
When an organisation's account is deleted by the service administrator, all data (teachers, classes, pupils, and results) is permanently deleted immediately with no recovery period.
Contact
If you have any questions about this privacy policy or wish to exercise your rights (such as requesting deletion of your child's data):
- For organisation-related queries - Contact your school or educator directly, as they are the data controller
- For technical or service queries - Contact Sear Education at info@mrsearmtc.uk
Changes to this policy
This privacy policy may be updated from time to time. The "last updated" date at the top of this page will reflect any changes.
Back to Classroom