Last updated: 12/01/26
Chatterdillo is committed to protecting the privacy and security of personal data collected through our speech and language development tool. This policy outlines our practices and compliance measures in accordance with the UK General Data Protection Regulation (UK GDPR).
- User’s/Parent’s/Student’s Name: Only first names (surname or nickname
optional), no other identifiers like addresses or detailed medical histories are
involved.
- Email: Of each User/Parent/Student that signs up to the platform
- Learner/Student’s Name: Only first names (surname or nickname optional), no
other identifiers like addresses or detailed medical histories are involved.
- Date of birth: Of each learner/student added to the platform
- Screener Answers: “Yes/No/Not sure” Answers to our screener questions
related to a learner/student. Screeners are optional.
- Screener Results and Recommendations: Personalised exercise and support
recommendations related to a learner/student based on our optional screener.
We process this data under UK GDPR Article 6(1)(f), which relates to processing necessary for the purposes of legitimate interests pursued by Chatterdillo or a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subjects.
Data collection is minimised and strictly tailored to meet the objectives of providing a personalised user-friendly experience and making suitable exercise & support recommendations based oƯ our screener. We ensure that only essential data is collected and used for these purposes.
Students and their guardians have the right to:
- Access their personal data.
- Request correction of incorrect data.
- Request deletion of their personal data.
- Restrict processing and object to processing (where applicable)
- Withdraw consent at any time (where applicable).
We recognise potential risks such as unauthorised access and data breaches. To mitigate these risks, we have implemented:
- Encryption and hashing of personal data during transmission and storage.
- Role-based access controls and authentication.
- Logging and monitoring of access to school profiles.
- Procedures to detect, investigate and respond to suspected data incidents or breaches.
Personal data is retained only as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. After this period, data is securely deleted or anonymised. We may delete accounts and related data for clean-up purposes if an account has not been active for a long period of time e.g. 2 years. Users reserve the right to request deletion of personal data on request.
All personal data processed by our platform is stored exclusively within the European Economic Area (EEA). Our data storage and processing partners, such as Hetzner, are contracted under formal Data Processing Agreements (DPAs) in line with Article 28 of the UK GDPR, ensuring strict controls and robust safeguards for personal data. No personal data is transferred or processed outside the EEA unless it is subject to adequate legal protections. We regularly review both our data management practices and our partnerships for continued compliance with European data protection laws. We also uphold all rights provided to data subjects under the GDPR, and further details about our data processing agreements are available upon request.
Chatterdillo maintains rigorous data governance policies, ensuring accountability in every aspect of data processing. We conduct regular audits to monitor and improve our data handling practices.
We do not share personal identification data with third parties for their own use. However, we engage carefully selected service providers, such as Hetzner, to store and process data strictly on our behalf, under formal Data Processing Agreements that ensure compliance with data protection laws. These providers do not access, use, or disclose personal identification data for any other purpose.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. The DPO can be contacted with any questions or concerns regarding our data protection practices - contact us
This policy may be updated periodically to reflect changes in our practices or regulatory changes. Continued use of the Service after changes constitutes acceptance of the new terms.
For further information on our data protection practices or to exercise any of your rights, please contact our support team
