Privacy Policy
Learn how we collect, use, and protect your personal information
Version: 1.2.0
Effective Date: January 15, 2025
Last Updated: December 29, 2025
How we collect, use, and protect your personal information
1. Introduction
Welcome to The PE Dept. We are committed to protecting your privacy and ensuring you have a positive experience when using our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our physical education planning and curriculum management platform.
By using The PE Dept, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not access or use our services.
2. Information We Collect
2.1 Personal Information
When you create an account or use our services, we may collect:
- Account Information: Full name, email address, password (encrypted)
- Profile Information: School affiliation, role (teacher, coordinator, administrator)
- Professional Details: Subject specialization, years of experience, qualifications
- Contact Information: Phone number (optional), mailing address (for schools)
2.2 Educational Data
For schools and organizations using our platform:
- Student Information: Names, class assignments, year groups, assessment data
- Lesson Plans: Created, modified, and accessed lesson content
- Curriculum Data: Unit plans, learning objectives, assessment criteria
- Usage Data: Lessons viewed, activities saved, curriculum progression
2.3 Automatically Collected Information
When you access our platform, we automatically collect:
- Device Information: IP address, browser type and version, device type
- Usage Statistics: Pages visited, features used, time spent on platform
- Cookies: Session identifiers, preference settings, analytics data
2.4 Third-Party Integrations
If you connect third-party services:
- School Management Systems: Student data, class rosters, timetables
- Google Workspace / Microsoft 365: Email, profile information (with consent)
- Payment Processors: Billing information, transaction history
2.5 Google Sign-In Data
If you choose to sign in using Google ("Sign in with Google"), we receive limited information from your Google account to create and authenticate your The PE Dept account:
- Email address: Your primary Google email, used for account identification and platform communications
- Display name: Your Google profile name, used as your default display name
- Profile photo URL (if public): Your Google profile picture, used as your default avatar
We request only basic profile information. We do NOT request or receive access to:
- Your Google contacts or address book
- Your Google Drive, Docs, Sheets, or other files
- Your Gmail messages or email content
- Your Google Calendar events
- Your Google Photos
- Your location data from Google
- Any other Google services or sensitive data
How We Use Google Sign-In Data:
- To create your The PE Dept user account
- To authenticate you when you log in
- To display your name and photo within the platform
- To send you account-related communications to your email
You can disconnect Google Sign-In at any time by:
When you revoke access, we will no longer be able to verify your identity via Google, but your account data remains until you request deletion.
3. How We Use Your Information
We use your information to:
3.1 Provide and Improve Services
- Deliver PE lesson plans, curriculum resources, and planning tools
- Personalize your experience based on role and preferences
- Maintain and improve platform functionality and performance
- Develop new features and educational content
3.2 Communication
- Send account notifications and important updates
- Respond to your inquiries and support requests
- Provide educational resources and platform tips
- Send marketing communications (with opt-in consent only)
3.3 Analytics and Research
- Analyze usage patterns to improve our services
- Conduct educational research (anonymized data only)
- Generate aggregated statistics for platform optimization
- Identify and fix technical issues
3.4 Legal and Safety
- Comply with legal obligations and regulations
- Protect against fraud, abuse, and security threats
- Enforce our Terms of Service and policies
- Respond to legal requests and prevent harm
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data in the following circumstances:
4.1 Service Providers
We work with trusted third-party service providers who help us operate our platform:
- Hosting Services: Supabase (database), Vercel (hosting)
- Email Services: Resend (transactional emails)
- Payment Processing: Stripe (subscription billing)
- Analytics: Privacy-focused analytics tools (anonymized data)
These providers are contractually obligated to protect your data and use it only for specified purposes.
4.2 School Administrators
If you are part of a school or organization workspace:
- School administrators can view staff and student data within their organization
- Workspace owners can access usage statistics and lesson plans created by team members
- Data visibility is controlled by role-based permissions
4.3 Legal Requirements
We may disclose your information if required to:
- Comply with laws, regulations, or court orders
- Respond to lawful requests from public authorities
- Protect our rights, property, or safety
- Prevent fraud or investigate security issues
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and ensure continued protection of your data.
5. Your Privacy Rights
Depending on your location, you have the following rights:
5.1 GDPR Rights (EU/UK Users)
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete information
- Deletion: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Opt out of marketing or optional data processing
5.2 CCPA Rights (California Users)
- Right to know what personal information we collect
- Right to request deletion of your information
- Right to opt out of data "sales" (we do not sell data)
- Right to non-discrimination for exercising your rights
5.3 COPPA Compliance (Children Under 13)
Our platform is not intended for children under 13. We do not knowingly collect data from children under 13 without verifiable parental consent. If you believe we have collected such information, please contact us immediately.
5.4 FERPA Compliance (Educational Records)
For US schools, we comply with FERPA regulations regarding student educational records. Schools maintain ownership and control of student data.
6. How to Exercise Your Rights
To exercise any of these rights:
- Email: [email protected]
- In-App: Visit Settings → Privacy & Data
- Mail: The PE Dept, Data Protection Team, 8 Lewis Road, Swanscombe, Kent, DA10 0JH
We will respond to verified requests within 30 days.
7. Data Security
We implement industry-standard security measures:
7.1 Technical Safeguards
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Authentication: Secure password hashing (bcrypt), optional 2FA
- Access Controls: Role-based permissions, least-privilege principle
- Monitoring: 24/7 security monitoring and intrusion detection
7.2 Organizational Safeguards
- Employee training on data protection and privacy
- Limited access to personal data based on job requirements
- Regular security audits and penetration testing
- Incident response plan for data breaches
7.3 Your Responsibility
- Use strong, unique passwords
- Enable two-factor authentication
- Log out of shared devices
- Report suspicious activity immediately
8. Data Retention
We retain your data for as long as necessary:
- Active Accounts: Data retained while your account is active
- Inactive Accounts: Deleted after 2 years of inactivity (with notice)
- Legal Obligations: Some data retained longer for compliance (e.g., financial records)
- Backups: Backup data deleted within 90 days of account deletion
You can request immediate deletion by contacting us.
9. International Data Transfers
The PE Dept operates globally. Your data may be transferred to and processed in:
- United Kingdom: Primary data center location
- European Union: EU-based service providers
- United States: Cloud hosting and analytics providers
We ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs)
- Privacy Shield Framework (where applicable)
- GDPR-compliant data transfer mechanisms
10. Cookies and Tracking
We use cookies and similar technologies:
10.1 Essential Cookies
- Session management and authentication
- Security and fraud prevention
- Platform functionality (required for service)
10.2 Analytics Cookies
- Usage statistics and performance monitoring
- Feature usage and user behavior (anonymized)
- Error tracking and debugging
10.3 Marketing Cookies
- Advertising and campaign tracking (with opt-in consent only)
- User preference tracking for personalized content
You can manage cookie preferences in your browser or platform settings. See our Cookie Policy for details.
11. Third-Party Links
Our platform may contain links to external websites or services. We are not responsible for the privacy practices of third-party sites. Please review their privacy policies before providing any information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to your registered address
- In-app notification when you next log in
- Prominent notice on our website
The "Last Updated" date will reflect the most recent version. Continued use of our services after changes constitutes acceptance.
13. Children's Privacy (COPPA)
The PE Dept is designed for use by educators and school administrators. Our platform is not directed at children under 13.
- Under 13: No accounts permitted without school/parent authorization
- Ages 13-16: Parental consent required (GDPR compliance)
- School Use: Student data managed by schools under FERPA/GDPR
If you believe a child under 13 has created an account without authorization, please contact us immediately at [email protected].
14. Contact Us
For privacy-related questions or concerns:
Response Time: We aim to respond to all privacy inquiries within 48 hours.
15. Supervisory Authority
If you are located in the EU/UK and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local supervisory authority:
- UK: Information Commissioner's Office (ICO)
- EU: Your national data protection authority
16. Definitions
- Personal Data: Information relating to an identified or identifiable individual
- Processing: Any operation performed on personal data (collection, storage, use, deletion)
- Controller: The entity determining the purposes and means of processing
- Processor: An entity processing data on behalf of a controller
Our Role
The PE Dept acts in different capacities depending on the data and context:
- As Data Controller: For individual users and their account data, The PE Dept is the data controller. We determine how and why your personal data is processed.
- As Data Processor: For schools and organizations using workspace plans, The PE Dept acts as a data processor. Schools are the data controllers for student and staff data, and we process this data on their behalf in accordance with our Data Processing Agreement.
This Privacy Policy was last updated on January 15, 2025.
By using The PE Dept, you acknowledge that you have read and understood this Privacy Policy.
