indeparent
We're in beta! Learn more...
Back to Legal
Privacy Policy
Last updated: 15/12/2025

See Terms of Service for “Definitions” and “Interpretations”.

  1. Data Security

    1. Our Commitment. We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect the personal information we hold—including your profile data, child profiles, and review history—from unauthorised access, accidental loss, disclosure, or destruction. These measures include admin access controls, role-based server and database rules to restrict data access to authorised users and cloud monitoring technologies to block “identity spoofing”.

    2. No Liability for Unforeseeable Breaches. To the fullest extent permitted by applicable law, Indeparent excludes liability for any loss or damage resulting from a data breach, hacking, or cyber-attack that occurs despite our implementation of reasonable and appropriate security measures. We are not responsible for the circumvention of any privacy settings or security measures contained on the Service.

    3. Your Responsibility. You are responsible for keeping your password and account details confidential. We ask you not to share your password with anyone. If you suspect any unauthorised use of your account, please contact us immediately.

    4. Child Data. Under the Age Appropriate Design Code and GDPR this data is always treated as sensitive, is stored securely, and will never be published.

  2. Lawful Basis

    1. Indeparent processes data based on 'Legitimate Interests' (specifically, to provide the service, prevent fraud, and maintain the integrity of our journalism) or "Consent" (for marketing).

  3. The "Journalism Exemption"

    1. Indeparent processes and displays information according to the data protection exemption for Journalism, Art, and Literature (freedoms of expression).

    2. We may publish certain personal details that have been submitted in User Reviews if they are in the public domain and are in the public interest (e.g. the name of a Headteacher at a school).

  4. Anonymity vs. Disclosure

    1. Reviews and profile data are anonymous by default unless explicit consent has been granted. Authorised employees of Indeparent can however see this data and are authorised to access it for the purposes of model training, quality control, testing, or any other purpose.

    2. Indeparent will disclose your personal information and reviews if compelled to do so by a valid court order (e.g., a Norwich Pharmacal Order). The user will be notified in these circumstances. 

    3. We reserve the right to disclose your personal information (including IP address and identity) to law enforcement agencies, social services, or school safeguarding officers without a court order if:

      1. We reasonably believe disclosure is necessary to prevent physical harm or a crime (Safeguarding);

      2. We are reporting a suspected criminal offence committed via our platform; or

      3. We are compelled to do so by a valid court order.

    4. There is a carve-out for business transfers to this clause.

  5. Data Retention

    1. We may keep review data indefinitely to maintain the integrity of the Indeparent Score.

    2. User Account Data: We will only retain your personal profile and account data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you delete your account, your personal profile data is deleted immediately from live systems.

    3. Journalistic Archives: We retain anonymised Review Data and the Indeparent Score history indefinitely. This is to maintain the integrity of our historical scoring and to support the public interest in the preservation of educational standards records.

  6. Business Transfers

    1. As we continue to develop our business, we may sell or buy assets. If Indeparent, or substantially all of its assets, are acquired by a third party, user data (including Profile Data, Child Profiles, and Review History) will be one of the transferred assets.

    2. Any new owner will continue to use your personal data in accordance with this Privacy Policy and the protections outlined herein, including the commitment to anonymity and security.

  7. Categories of personal data

    1. In addition to the profile data you voluntarily provide, we automatically collect:

      1. Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, and operating system.

      2. Usage Data: Information about how you use our website (via Google Analytics). See our Cookie Policy for more information.

      3. Identity Data: User IDs and session tokens required for authentication.

  8. Third-Party Recipients

    1. We share data with trusted third-party service providers to run our platform. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

      1. Hosting & Infrastructure: Google Firebase (USA/EU) for database hosting and authentication and other trusted technical service providers necessary to operate the Service.

      2. Analytics: Google Analytics (USA/EU) for understanding site usage.

      3. Communication: [Insert Email Provider, e.g., SendGrid/Mailchimp] for sending system emails.

  9. International Transfers

    1. Many of our external third parties (such as Google) are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

      1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.

      2. Where we use certain service providers (like Google), we may use specific contracts approved for use in the UK (Standard Contractual Clauses/IDTA) which give personal data the same protection it has in the UK.

  10. Your Legal Rights

    1. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

      1. Request access to your personal data.

      2. Request correction of your personal data.

      3. Request erasure of your personal data.

      4. Object to processing of your personal data.

      5. Request restriction of processing your personal data.

      6. Request transfer of your personal data (Portability).

    2. Important Note on Journalistic Material: Please note that these rights are not absolute. Specifically, the Right to Erasure and Right to Restriction may not apply to School Reviews or the Indeparent Score history where we rely on the exemption for Journalism, Art, and Literature (Data Protection Act 2018, Schedule 2, Part 5) to protect freedom of expression and the integrity of our archives.

  11. Contact Us

    1. You can contact us at info@indeparent.com.