EduNest Privacy Policy

Last updated: May 2025

EduNest ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform.

1. Who We Are

EduNest is operated by Scott Baxter, a sole trader based in the UK. We provide AI-powered educational tools to teachers, childminders, and other education professionals.

2. What Personal Data We Collect

  • Name
  • Email address
  • Telephone number
  • Account credentials (securely hashed)
  • Usage data (e.g. tool interactions, timestamps)
  • Billing information (handled by Stripe)

We do not intentionally collect personal data about children.

3. How We Use Your Data

  • Provide and improve our services
  • Respond to enquiries and support requests
  • Send relevant updates or notifications
  • Process payments via Stripe
  • Monitor and improve platform performance

4. Data Storage & Retention

  • Generated content is stored for up to 30 days
  • Prompts and AI interactions are stored for 28 days
  • Personal account data is retained for as long as your account remains active

All data is stored securely and access is limited to essential personnel.

5. Third-Party Services

  • Stripe for payments and billing
  • OpenAI and Claude (Anthropic) for AI-generated content

No personally identifiable data (e.g. names, emails) is sent to AI providers. We do not sell or share your data with advertisers.

6. Cookies and Analytics

  • Maintain login sessions
  • Track basic usage metrics (anonymously)

You can control cookies via your browser settings.

7. Legal Basis for Processing (UK GDPR)

  • Consent – when you create an account
  • Contract – to deliver the services you've signed up for
  • Legitimate interest – to improve our platform and provide support

8. Your Rights

  • Access your data
  • Correct inaccurate data
  • Request deletion (right to be forgotten)
  • Withdraw consent
  • Object to processing in certain cases

To exercise any of these rights, email us at [email protected].

9. Data Security

We use encryption, secure infrastructure, and access controls to protect your data. While no system is 100% secure, we take all reasonable steps to prevent loss, misuse, or unauthorised access.

10. Data Transfers

Our servers and providers may operate outside the UK. Where data is transferred internationally, we ensure it is protected by suitable safeguards (e.g. UK GDPR-compliant clauses).

11. Changes to This Policy

We may update this Privacy Policy as our services evolve. Any changes will be posted here. We encourage you to review this page regularly.

12. Contact

If you have any questions or concerns, please contact:
Email: [email protected]