Log inStart free trial
FeaturesPricingFAQBlogAbout
Log inStart free trial
Privacy

How 11+ Daily handles account, study and subscription data.

What we collect, why we collect it, how long we keep it, and the rights families have over that data.

Last updated May 2026

This Privacy Policy explains how 11+ Daily collects, uses and protects personal information when you use the service. We are committed to protecting privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR) and the Information Commissioner's Office (ICO) Age Appropriate Design Code (the "Children's Code").

1. Who we are

11+ Daily is operated by EggHead Studios Ltd, the data controller responsible for personal information processed through the service.

  • Company: EggHead Studios Ltd, registered in England and Wales
  • Company number: [COMPANY NUMBER]
  • Registered office: [REGISTERED OFFICE ADDRESS]
  • ICO registration number: [ICO REGISTRATION NUMBER]
  • Contact: support@11plusdaily.co.uk or our contact form

2. Who this service is for, and children's data

11+ Daily is designed for children aged 8 to 11, but it is built around a parent or guardian account. Accounts must be created and held by a parent or legal guardian aged 18 or over. The parent or guardian is the account holder and the person whose contact details we hold. The child does not create or hold their own account, and we do not ask for or store the child's name, date of birth, age or contact details.

We are open about the fact that the study activity recorded under an account (such as sessions completed, scores and streaks) reflects the learning of the child the parent is preparing. We treat this information with care, keep it linked to the parent's account rather than to an identified child, and use it only to provide progress tracking within the service.

In line with the Children's Code, we have assessed the impact of the service on children through a data protection impact assessment and have designed it to be high privacy by default. We collect only the minimum data needed to provide the service. We do not show advertising, we do not profile children or use nudge techniques to extend use, we do not collect location data, and we do not sell or share children's data with third parties for marketing purposes.

If you believe we have collected data about a child without appropriate parental consent, please contact us via our contact form or at support@11plusdaily.co.uk and we will delete it promptly.

3. What data we collect

We collect the following information when you use 11+ Daily:

  • Account information: username, email address and a hashed password
  • Study and usage data: sessions completed, scores, streaks, bookmarks, project activity and the exam preferences you choose (such as exam month, year and board)
  • Subscription data: whether you hold a Pro subscription, the plan and its expiry date. Payments are processed through our payments provider, RevenueCat. Card details are handled by Stripe for purchases made on the web, or by Apple or Google for in-app purchases on mobile, and are never seen or stored by us
  • Communications: contact form submissions and emails you send us for support, including your name, email address, selected reason, message content and limited anti-abuse data
  • Technical and security data: limited information needed to keep the service secure and prevent abuse, such as data processed by our bot-protection provider on the public contact form

We do not collect your postal address or phone number. We do not use advertising or tracking cookies, and we do not run analytics on the service.

4. How we use your data and our lawful bases

We use your data to:

  • provide and maintain the 11+ Daily service and your account
  • track study progress and show personalised statistics
  • process subscriptions and send receipts and renewal reminders
  • send transactional emails such as password resets, email verification and account security notices
  • respond to support queries and contact enquiries
  • keep the service secure and prevent abuse of the public contact form
  • comply with our legal and accounting obligations

Our lawful bases under UK GDPR are:

  • Performance of a contract with the account holder, to provide the service you signed up for, manage your account and process subscriptions
  • Legitimate interests, to keep the service secure, prevent fraud and abuse, and maintain a clear support record, balanced against your rights and especially the interests of children
  • Legal obligation, to retain records we are required to keep, for example for tax and accounting

5. Marketing emails and your choices

During your free trial we may send a small number of product emails covering progress updates, trial-end reminders and guidance on getting the most out of the service. These rely on the soft opt-in under Regulation 22 of PECR, because you provided your email address while signing up for a free trial of our paid service. Every marketing email includes an unsubscribe link, and you can opt out at any time using that link or by contacting us. Transactional emails (password resets, verification, account security and billing) are necessary to provide the service and are sent regardless of marketing preferences.

6. Cookies and local storage

We use only strictly necessary cookies and similar local storage, for the sole purpose of keeping you signed in and operating the service securely. We do not use cookies or similar technologies for analytics, tracking or advertising, so no cookie consent banner is required.

7. Third parties we use

We use a small number of trusted service providers (processors) to operate 11+ Daily. They act on our instructions under data processing agreements:

  • Neon, database hosting. Data is stored in the UK (Amazon Web Services London region, eu-west-2)
  • Cloudflare, hosting, content delivery and bot and abuse prevention (Cloudflare Turnstile) on the public contact form
  • RevenueCat, subscription management
  • Stripe, payment processing for web purchases. Stripe handles card data and we receive subscription status only
  • Apple and Google, payment processing and delivery for in-app purchases made on mobile
  • Resend, transactional and product email delivery

We do not sell personal data to any third party.

8. International data transfers

Account and study data is stored in the UK. Some of our providers (including Cloudflare, RevenueCat, Stripe, Apple, Google and Resend) are based in or process limited data outside the UK, including in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards, such as UK adequacy regulations where they apply, or the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, so that your data continues to be protected to UK standards. You can request more detail about these safeguards using the contact details in section 1.

9. Data retention

We retain account data for as long as the account is active. If you request deletion, we will delete personal data within 30 days unless we are required to keep some records for legal or accounting reasons, for example subscription payment records, which we retain for up to seven years. Contact form submissions are retained for up to 24 months so we can respond to enquiries, spot repeated abuse patterns and maintain a clear support record. We do not keep children-related study data for longer than is needed to provide the service.

10. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Restrict or object to certain processing
  • Opt out of marketing emails at any time, while keeping transactional emails active
  • Data portability, meaning receiving your data in a machine-readable format

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects. To exercise any of these rights, contact us through our contact form or at support@11plusdaily.co.uk. We will respond without undue delay and within one month. You also have the right to complain to the Information Commissioner's Office (ico.org.uk), although we would welcome the chance to resolve any concern first.

11. Security

Passwords are hashed using bcrypt and never stored in plain text. All data is transmitted over HTTPS. We take reasonable technical and organisational measures to protect your data, but no system is completely secure. Please use a strong, unique password. If a personal data breach occurs that is likely to result in a risk to your rights, we will notify the ICO and, where required, affected users in line with our legal obligations.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in the app before they take effect. Continued use of the service after the changes take effect means you accept the revised policy.

13. Contact

For any questions about this Privacy Policy or your data, contact us through our contact form or at support@11plusdaily.co.uk.