Schools & Institutions

1. Intended use

GCSESpark supports GCSE learning (Years 10-11) with guided practice, explanations, and progress tracking. It is not a replacement for teacher-led instruction.

2. Safeguarding and student safety

GCSESpark has no public profiles and no user-to-user messaging. Schools remain responsible for supervision and for applying school safeguarding policies. See Safeguarding & Child Safety.

3. Data protection roles

For individual direct-to-consumer use, GCSESpark typically acts as data controller for the service. For institutional deployments, roles (controller/processor) depend on how the school configures and uses the service. We can provide additional information to support your assessment.

4. What data is processed

Typical data includes account email, learning preferences, diagnostic responses, and session content entered by the student. We also process technical logs for security and reliability. See Privacy Notice.

5. Security and access control

• Encryption in transit and at rest.
• Least-privilege access to production systems.
• Monitoring and logging for abuse prevention and reliability.

6. International transfers

Data may be processed outside the UK/EU. Where required, we rely on appropriate safeguards (e.g., SCCs/IDTA or equivalent). See Privacy Notice.

7. Procurement questions

If you need documentation (e.g., security questionnaire responses, DPIA support, data retention details, or a data processing addendum where applicable), contact schools@gcsespark.co.uk.