Curious Minds Lab

Student / Parent Privacy Notice

Effective date

28 May 2026

Company

CURIOUS MINDS LAB LTD

Company number

16606770

Contact

privacy@cmlab.co.uk

1. Plain English Summary

Curious Minds Lab helps teachers create interactive curriculum learning activities. Students can complete assigned missions using a teacher-issued login code.

Students do not need an email address. They cannot message other students, upload images, or type unrestricted free-text responses.

CML records limited learning activity so teachers can see progress, support learning, and understand how a mission was completed.

2. Who This Notice Is For

  • Students using CML through a school, teacher, or approved educational setting.
  • Parents and carers.
  • Teachers and school leaders who explain CML to families.

3. What Data We May Process

  • A student display name, pseudonym, or school-managed reference.
  • A teacher-issued login code.
  • Class membership and assigned missions.
  • Mission progress, such as chapter position and completion.
  • Structured branch choices made inside a mission.
  • Quiz responses and whether answers were correct or incorrect.
  • Educational event timestamps.
  • Teacher review, approval, and classroom evidence records.

4. What We Do Not Ask Students For

  • Email addresses.
  • Home addresses.
  • Photos or image uploads.
  • Free-text personal stories.
  • Student-to-student messages.
  • Health, disability, ethnicity, religion, biometric, or mental-health information.

5. Why We Use This Data

  • Let students access missions assigned by their teacher.
  • Save progress so a student can continue a mission.
  • Help teachers understand completion, engagement, and quiz outcomes.
  • Support curriculum evidence and lesson review.
  • Keep access restricted to the right class, teacher, and organisation.
  • Improve the safety, quality, and educational usefulness of CML.

6. How Student Access Works

  • Student accounts are created and managed by authorised teachers or school staff.
  • Students use a teacher-issued code or PIN.
  • Students only see missions assigned to them.
  • Students cannot self-register.
  • Students cannot access teacher or admin areas.

7. AI and Student Data

Teachers use CML to generate curriculum learning activities. These activities are reviewed and approved before students use them.

Student interaction telemetry is not sent to OpenAI for mission generation.

CML does not use student data for advertising, commercial profiling, or psychological profiling.

8. Who Can See Student Data

  • The student's teacher or authorised school staff.
  • Organisation administrators where permitted.
  • CML administrators for safeguarding, security, governance, and platform support.
  • Privileged CML and organisation admin access is protected by MFA where required.

9. Who We Use To Run The Platform

  • Supabase for database, authentication, and row-level security.
  • Vercel for hosting and deployment.
  • OpenAI for teacher-led AI content generation.
  • Resend for teacher and administrator emails.
  • Student accounts do not use student email addresses.

10. How Long We Keep Data

CML keeps student data only for as long as needed for education, safeguarding, governance, legal, security, or operational reasons.

  • Student account records: while the school/class relationship is active plus 12 months after inactivity or school departure.
  • Student class membership: active class period plus 12 months.
  • Student mission progress: current academic year plus 12 months.
  • Educational event telemetry: 12 months maximum unless aggregated or anonymised earlier.
  • Evidence Pack aggregates: academic year plus 2 years unless the school requests earlier deletion.
  • Safeguarding, moderation, legal, security, or accounting records may be kept for longer where required.

11. Student and Parent Rights

Students, parents, and carers may have rights to request access, correction, deletion, restriction, objection, or information about how data is used.

Requests can be sent to privacy@cmlab.co.uk. Where a request concerns a student, CML may need to confirm the request with the relevant school before disclosing, changing, or deleting data.

12. Safeguarding and Safety

  • No student-to-student communication.
  • No unrestricted chat.
  • No student image uploads.
  • No unrestricted student free-text submissions.
  • Teacher approval before classroom use.
  • Assignment-aware access.
  • Audit and moderation records.

13. Questions

For privacy questions, contact privacy@cmlab.co.uk.