Privacy policy

Last updated: 5 May 2026 1. WHO WE ARE MiVoiceApp Ltd ("we", "us", "our") is a company registered in England and Wales under Companies House number 15227377. Our registered address is Prime Apartments, 483 Green Lanes, London, N13 4FG. We operate the MiVoiceApp platform, accessible at https://mivoiceapp.com. Contact us at: info@mivoiceapp.com

2. WHAT THIS POLICY COVERS

This Privacy Policy explains how MiVoiceApp Ltd collects, uses, stores and protects personal data in connection with our platform and website. It applies to: - Professional users: teachers, careers counsellors and other educational professionals who register and use the platform - Visitors to our sales website at https://mivoiceapp.com It does not govern the processing of student data entered by professional users. Professional users are data controllers for student data and are responsible for their own privacy obligations in relation to that data. See Section 5 for more detail. 3. DATA WE COLLECT ABOUT PROFESSIONAL USERS When you register and use MiVoiceApp, we collect and process the following personal data about you. Account data: - Full name - Email address - Password (stored in hashed form; we never hold your plaintext password) Subscription and billing data: - Name and billing address, held by Squarespace, our payment processor. We do not hold your payment card details. Usage data: - Records of your activity within the platform, including interview templates created and reports generated - Technical logs for security and operational purposes We do not collect any special category data about professional users. 4. HOW WE USE PROFESSIONAL USER DATA We use your personal data for the following purposes: - Creating and managing your account: Article 6(1)(b), performance of contract - Providing access to the platform and its features: Article 6(1)(b), performance of contract - Processing your subscription payments: Article 6(1)(b), performance of contract - Communicating with you about your account or the service: Article 6(1)(b), performance of contract - Maintaining platform security and preventing fraud: Article 6(1)(f), legitimate interests - Complying with legal obligations: Article 6(1)(c), legal obligation We do not use your data for automated decision-making or profiling. 5. STUDENT DATA: OUR ROLE AS DATA PROCESSOR Professional users may enter data about students (children) into the platform, including first names, school names, notes, interview responses and uploaded photographs. This data may include or imply information about disabilities or special educational needs, which constitutes special category data under Article 9 of the UK GDPR. For student data, MiVoiceApp Ltd acts as a data processor. The professional user is the data controller. This means: - The professional user determines why and how student data is processed - The professional user is responsible for obtaining appropriate parental or guardian consent before entering student data into the platform - MiVoiceApp Ltd processes student data only on the instructions of the professional user, for the sole purpose of providing the platform's services Our obligations as a processor are set out in our Terms of Service, which includes a Data Processing Addendum in compliance with Article 28 of the UK GDPR. MiVoiceApp Ltd does not independently access, use, analyse or share student data for any purpose other than providing the platform to the professional user. 6. DATA TRANSFERS AND SUB-PROCESSORS We use the following sub-processors in connection with our platform. All are bound by data processing agreements and are required to apply appropriate technical and organisational security measures. Supabase / AWS (eu-west-2) - Purpose: Database storage and platform logic - Data involved: All platform data - Location: Ireland (EU) - Transfer mechanism: EU adequacy; no transfer outside EU StaticHost.eu - Purpose: Frontend hosting - Data involved: No personal data processed - Location: Finland (EU) - Transfer mechanism: EU adequacy; no transfer outside EU CraftMyPDF (Alphacloud Technologies Pte Ltd) - Purpose: PDF report generation - Data involved: Student first name and professional report notes only - Location: EU infrastructure (Frankfurt, Germany) - Transfer mechanism: Standard Contractual Clauses (EU 2021/914) and UK ICO Addendum Alphacloud Technologies Pte Ltd is incorporated in Singapore. Transfers of personal data to CraftMyPDF are governed by Standard Contractual Clauses pursuant to EU Commission Implementing Decision 2021/914, and by the UK ICO Addendum for UK data subjects. All document processing occurs via CraftMyPDF's EU-hosted infrastructure in Frankfurt, Germany. CraftMyPDF's Data Processing Agreement is available at https://craftmypdf.com/data-processing-agreement/. Squarespace - Purpose: Sales website and payment processing - Data involved: Professional user billing data only - Location: United States - Transfer mechanism: Standard Contractual Clauses Squarespace processes only professional user billing data (name, billing address, email) in connection with subscription payments. No student data is processed by Squarespace. We do not transfer any personal data to countries outside the UK or EU except as described above, and only where appropriate transfer mechanisms are in place. 7. DATA RETENTION We retain personal data only for as long as necessary for the purposes described in this policy. - Professional user account data: Duration of active subscription plus 2 years - Student data: Deleted immediately and permanently upon the professional user's request; we hold no independent copy - Financial and billing records: 7 years, as required by law - Security and audit logs: 12 months - Data following account cancellation: Available for export for 30 days, then permanently deleted within 30 days of termination When retention periods expire, data is securely and permanently deleted from our systems and those of our sub-processors. 8. SECURITY We take the security of personal data seriously, particularly given that our platform processes data relating to children. Our security measures include: - All data transmitted to and from the platform is encrypted in transit using TLS - Data is stored in encrypted form at rest within our EU-based infrastructure - Row-Level Security is enforced on our database, ensuring each user can only access their own data - Multi-factor authentication is enforced for all professional user accounts - Access to production systems is restricted to authorised personnel only - Sub-processors are contractually required to maintain equivalent security standards In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR. Affected individuals will be notified where required under Article 34. 9. YOUR RIGHTS As a data subject under the UK GDPR, you have the following rights in relation to your personal data: - Right of access: You may request a copy of the personal data we hold about you. - Right to rectification: You may ask us to correct inaccurate or incomplete personal data. - Right to erasure: You may ask us to delete your personal data where there is no legitimate reason for us to continue processing it. - Right to restriction: You may ask us to restrict processing of your personal data in certain circumstances. - Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format. - Right to object: You may object to processing based on legitimate interests. - Rights relating to automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects. To exercise any of these rights, please contact us at info@mivoiceapp.com. We will respond within one calendar month. There is no charge for exercising your rights. If you are a student (or a parent or guardian acting on behalf of a student) and wish to exercise data subject rights in relation to student data held on the platform, you should contact the professional user (teacher or counsellor) who entered that data, as they are the data controller for that data. 10. COMPLAINTS If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office: Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Website: https://ico.org.uk Telephone: 0303 123 1113 We would welcome the opportunity to address your concern directly before you contact the ICO. Please contact us at info@mivoiceapp.com in the first instance. 11. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time. When we make material changes, we will notify professional users by email and update the "Last updated" date at the top of this document. Continued use of the platform following notification constitutes acceptance of the updated policy. 12. CONTACT MiVoiceApp Ltd Companies House No: 15227377 Prime Apartments, 483 Green Lanes, London, N13 4FG Email: info@mivoiceapp.com Website: https://mivoiceapp.com Governed by the laws of England and Wales. Supervisory authority: Information Commissioner's Office (ICO), https://ico.org.uk