GDPR statement
TaleBuzzer is designed to be GDPR-compliant by default. Privacy by design is built into every technical decision we make.
Our lawful basis for processing
We process parent account data under contract performance.
We process notification preferences under explicit consent, which you can withdraw at any time.
We process anonymised analytics under our legitimate interests in improving the service.
Data minimisation principles
We apply the following across all data collection:
- No child email addresses collected
- No geolocation data collected
- Child analytics anonymised before any processing
- Passwords hashed using bcrypt (cost factor 12+)
- Child PINs hashed and never stored in plain text
- No card data stored in TaleBuzzer systems
- UK child data stored exclusively in AWS London region
Your rights under UK GDPR
Right of access: Request a copy of your personal data at any time.
Right to rectification: Correct inaccurate data through your account settings.
Right to erasure: Request deletion of your account. Child profiles deleted within 7 days.
Right to data portability: Request your data in machine-readable format.
To exercise these rights: privacy@talebuzzer.com. We respond within 30 days.
Data transfers
All personal data is stored within the UK or EEA. Where processors are based outside these areas, we ensure appropriate safeguards are in place including standard contractual clauses.
Contact
Data protection enquiries: privacy@talebuzzer.com
You may also lodge a complaint with the ICO at ico.org.uk.