1. Introduction
This Privacy Policy explains how ictgames ltd (“we”, “us”, “our”) collects, uses, and protects personal data in connection with the website and subscription service at ictgames.com (“the Service”).
ictgames provides online educational games for primary-aged children. We care about the privacy of everyone who uses the Service, and especially about the children who play our games. We have designed the Service so that we collect no personal data about the children who use it.
We are the “data controller” for the personal data described in this policy. That means we are responsible for how it is handled. For any privacy question or request, contact us at contact@ictgames.com.
2. The data we collect — and the data we deliberately do not
2.1 Data we do NOT collect
We have built the Service to be privacy-first. In particular:
- We do not collect any personal data about children. Pupils and children play the games using shared login credentials. We do not ask for, or store, any child’s name, age, email, contact details, location, schoolwork, scores, progress, or any other information about them.
- We do not build profiles of users.
- We do not sell, rent, or trade personal data to anyone.
- We do not serve third-party advertising on the Service, and we do not use advertising trackers.
2.2 Data we do collect
We collect a small amount of personal data, only from the adult who creates and manages a subscription account (“the account holder”):
- Email address — used to create the account, send login credentials, send subscription and renewal reminders, and respond to enquiries.
- Password — stored only in encrypted (hashed) form; we cannot see your actual password.
- Username — for Class and School subscriptions, the username chosen at signup. This is a label of the account holder’s choosing (such as a school or class name) and is not required to identify any individual.
2.3 Payment data
All payments are processed by our payment provider, Paddle.com (see Section 4). We do not collect or store your card details or other payment information — these are handled entirely by Paddle. We receive only confirmation of your subscription status and the limited information needed to administer your account.
3. How we use your data and our legal basis
Under UK data protection law, we must have a lawful basis for using personal data. We use the account holder’s data as follows:
| What we do | Why | Lawful basis |
|---|---|---|
| Create and manage your account | To provide the Service you signed up for | Performance of a contract |
| Send login credentials and the PDF card sheet | To enable you to use the Service | Performance of a contract |
| Send subscription confirmations and renewal reminders | To administer your subscription | Performance of a contract / legitimate interests |
| Respond to your enquiries | To provide customer support | Legitimate interests |
| Keep records for tax and accounting | To comply with the law | Legal obligation |
| Protect the Service from misuse | To keep the Service secure and fair | Legitimate interests |
We do not use your data for marketing without your consent, and we do not carry out any automated decision-making or profiling.
4. Paddle as Merchant of Record
Our payments are processed by Paddle.com Market Limited (“Paddle”), which acts as the Merchant of Record for all purchases. This means Paddle is the seller of record and handles payment processing, billing, and tax.
When you make a purchase, you provide your payment information directly to Paddle, and Paddle’s own Privacy Policy governs how they handle it. We recommend you review Paddle’s Privacy Policy at paddle.com. Paddle shares with us only the information we need to provide and administer your subscription.
5. Who else we share data with (our processors)
We use a small number of trusted service providers (“data processors”) to run the Service. They process data only on our instructions and are bound by data protection obligations. They are:
- Paddle — payment processing and billing (as described above).
- Resend — to send transactional emails (such as login credentials and renewal reminders) reliably.
- Cloudflare — to run the subscription system and account database, and to deliver content securely and manage the domain.
The games themselves are served as static content from our website host, which does not process any personal data about account holders or children.
We choose providers that offer strong security and data-protection standards. Where any provider processes data outside the UK, we ensure appropriate safeguards are in place as required by UK data protection law.
We do not share your personal data with any other third parties, except where we are required to do so by law.
6. How long we keep your data
We keep the account holder’s personal data for as long as your subscription is active, and for a reasonable period afterwards to allow for renewal (see our Terms regarding the renewal grace period) and to meet our legal and accounting obligations.
After this, we delete or anonymise personal data that we no longer need. Records required for tax purposes are kept for the period required by law (generally six years).
You can ask us to delete your account and data at any time (see Section 8).
7. How we protect your data
We take the security of personal data seriously. Our measures include:
- Passwords stored only in encrypted (hashed) form, never in plain text.
- Encrypted connections (HTTPS) across the Service.
- Access controls limiting who can see account data.
- Reputable, security-conscious service providers for hosting, email, and payments.
- A deliberately minimal approach to data collection — the less we hold, the less there is to protect.
No online service can be guaranteed completely secure, but we work to protect your data using appropriate technical and organisational measures.
8. Your rights
Under UK data protection law, you have the following rights in relation to your personal data:
- Access — to ask for a copy of the personal data we hold about you.
- Rectification — to ask us to correct inaccurate or incomplete data.
- Erasure — to ask us to delete your data (“the right to be forgotten”).
- Restriction — to ask us to limit how we use your data.
- Objection — to object to certain uses of your data.
- Portability — to ask for your data in a portable format.
- Withdraw consent — where we rely on consent, to withdraw it at any time.
To exercise any of these rights, contact us at contact@ictgames.com. We will respond within the time limits required by law (normally one month). There is usually no charge.
If you are not satisfied with how we have handled your data, you have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or by calling their helpline. We would, however, appreciate the chance to address your concerns first.
9. Children’s privacy
The Service is designed for use by primary-aged children, and protecting them is central to how we operate.
- We collect no personal data about children. Children play the games using shared credentials that contain no personal information about them.
- Home accounts must be set up by a parent or guardian (aged 18 or over) on behalf of children in their care.
- Class and School accounts are set up by a teacher, tutor, school, or institution.
- We operate the Service in a manner consistent with the UK Children’s Code (Age Appropriate Design Code) and the US Children’s Online Privacy Protection Act (COPPA).
- We do not show advertising to children, do not use advertising or tracking technologies, and do not profile children in any way.
If you believe we have inadvertently collected personal data about a child, please contact us at contact@ictgames.com and we will delete it promptly.
10. Cookies
We use only the cookies necessary to make the Service work. We do not use advertising cookies, and we do not use tracking cookies that would require your consent.
Our cookie
- ictg_sid — keeps you logged in as you move around the Service. This cookie is strictly necessary: without it, you could not log in or stay logged in. It is signed and secured (HttpOnly, Secure). It lasts for 30 days if you tick “remember me” when logging in; otherwise it is deleted when you close your browser.
Payment cookies
- When you make a payment, our payment provider Paddle sets its own cookies on its checkout pages. These are covered by Paddle’s own cookie and privacy policies, available at paddle.com.
Because we use only strictly necessary cookies, we do not need to ask for your consent to set them, and we do not display a cookie consent banner. We tell you about our cookies here for transparency.
If this changes in future — for example, if we introduced privacy-friendly analytics — we would update this policy and ask for your consent where required.
11. Changes to this policy
We may update this Privacy Policy from time to time. The current version is always published at ictgames.com/privacy.html, with the “last updated” date at the top. Where changes are significant, we will notify account holders by email.
12. Contact us
For any question about this Privacy Policy or your personal data:
ictgames ltd
Company number: 09937230
Email: contact@ictgames.com
Our registered office address is held on the public Companies House register and is available on request.
You can also contact the UK Information Commissioner’s Office (ICO) at ico.org.uk.