Privacy Policy | Tracker+

Who We Are

ICT & Data Services Group Limited ("we", "us", "our") is a company registered in England and Wales (company number 07557591). Our registered address is 5 Campsall Drive, Sheffield, S10 5FZ.

We develop and provide Tracker+, an educational data analysis platform for primary schools and multi-academy trusts.

For any privacy-related queries, please contact us at privacy@ictdsg.com.

Important: How Tracker+ Works

Tracker+ (the main platform) does not store your school's pupil data. Tracker+ is software that schools install and run on their own systems. Your pupil data stays entirely within your school's control — we never have access to it, and it never comes to us.

This makes us different from many educational software providers. For our core Tracker+ platform, we are a software provider, not a data processor for your pupil information.

Note: Our "Reports to Parents" service works differently — see the dedicated section below for details on how pupil data is handled in that service.

This privacy policy covers:

This website — what we collect when you visit our site, enquire about our products, or contact us
Tracker+ AI features — how data is handled when schools choose to use AI-powered analysis within Tracker+
Reports to Parents — our standalone AI report writing service

Website Data Collection

Information You Provide

When you interact with our website, we may collect:

Demo booking requests: Name, email address, phone number, and school name
Try AI demo: Email address and school name when you use our interactive AI demonstration
Support enquiries: Name, email address, school name, and your message
General correspondence: Any information you provide when contacting us

We use this information to respond to your enquiries, arrange demonstrations, and provide customer support.

Colleague Referrals

Our Try AI demo includes an option to share the experience with a colleague. If you choose to refer someone:

We collect your name (optional) and your colleague's email address
We send a single email inviting them to try the demo, identifying you as the referrer
We do not add referred individuals to marketing lists — they receive only the referral email
If they wish to receive further communications, they can choose to sign up themselves

Our legal basis for this processing is legitimate interest. We believe that a professional referral from a colleague in an educational context is reasonable and expected, and that the referred individual would likely want to know about a tool their peer found valuable. Referred individuals can contact us at any time to request deletion of their data.

Analytics

We use Google Analytics to understand how visitors use our website. This helps us improve our content and user experience. Google Analytics collects anonymised data about your visit, including pages viewed and time spent on site. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Cookies

Our website uses only essential cookies required for the site to function. We do not use advertising or tracking cookies beyond Google Analytics.

Tracker+ AI Features

Tracker+ includes optional AI-powered features such as report writing and predictive analysis. When schools choose to use these features:

Data is protected using proprietary techniques before leaving your system
No pupil names or directly identifiable information is transmitted
No Special Category Data (such as ethnicity or SEN details) is ever sent
We cannot identify individual pupils from the data that is processed
Your school remains the data controller at all times

AI analysis is provided by our partner, Anthropic, who process data in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and the UK Addendum, ensuring compliance with UK GDPR requirements for international data transfers.

Schools using AI features should have a Data Processing Agreement in place with us. Contact hello@ictdsg.com to request one.

Reports to Parents Service

"Reports to Parents" is our standalone AI-powered report writing service. Unlike the main Tracker+ platform, this service does store limited pupil data to provide its functionality.

What Data We Collect

When you use Reports to Parents, we collect and store:

Teacher account information: Name, email address, school name, encrypted password
Pupil names: First name, surname, and preferred name (if provided)
Teacher notes: The information you enter about each pupil (achievements, targets, topics studied)
Generated reports: The AI-generated report text
Payment information: Transaction records (payment details are processed securely by SumUp and not stored by us)

What We Do NOT Collect

Dates of birth or ages
Addresses or contact details of pupils or parents
Special Category Data (ethnicity, SEN status, medical information, etc.)
Assessment data or attainment levels
Any data beyond what you explicitly enter into the report form

How Pupil Names Are Protected

We take special care to protect pupil identities:

Names are never sent to AI: Pupil names are replaced with placeholders before any data is sent to our AI provider (Anthropic). The AI never sees real pupil names.
Client-side replacement: Names are reinserted into reports only in your browser, after the AI processing is complete.
Secure storage: Names are stored in our secure database with encryption at rest and in transit.

Data Processing Role

For the Reports to Parents service, we act as a Data Processor on behalf of your school (the Data Controller). Schools are responsible for ensuring they have appropriate grounds under UK GDPR to share pupil names with us for this purpose.

Data Storage

Reports to Parents data is stored securely using Supabase, with servers located in the European Union. All data is encrypted in transit (TLS) and at rest.

Data Retention

Draft reports: Retained until finalised or deleted by the user
Finalised reports: Retained for the duration of your account plus 1 year, to allow for reference and audit purposes
Account deletion: When you delete your account or request deletion, all associated pupil data and reports are permanently removed within 30 days

Individual Teachers

Individual teachers using the service should follow their school's policies regarding the use of external software tools. The data collected is limited to pupil names and your own professional observations — no sensitive or special category data is requested or stored.

Legal Basis for Processing

We process personal data on the following legal bases:

Contract: To fulfil our obligations when you purchase or use our products
Legitimate interests: To respond to enquiries, improve our services, and maintain security
Consent: Where you have explicitly agreed to receive marketing communications

Data Retention

We retain personal data only for as long as necessary:

Enquiry data: Deleted after 2 years if you don't become a customer
Customer records: Retained for 7 years after the end of our business relationship for legal and accounting purposes
Tracker+ AI processing: No pupil data is retained — processing is transient and data is cleared after each request
Reports to Parents: See the dedicated section above for retention periods specific to that service

Your Rights

Under UK GDPR, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Ask us to correct inaccurate data
Erasure — Request deletion of your data in certain circumstances
Restriction — Ask us to limit how we use your data
Portability — Receive your data in a structured, machine-readable format
Object — Object to processing based on legitimate interests

To exercise any of these rights, contact privacy@ictdsg.com.

If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Data Security

We take appropriate technical and organisational measures to protect personal data, including:

Encrypted connections (HTTPS) for all website traffic
Secure authentication for all systems
Regular security reviews and updates
Staff training on data protection

Third Parties

We may share data with:

Anthropic — For AI-powered analysis features (pupil names are never shared; see privacy protections above)
Supabase — Database hosting for Reports to Parents service (EU servers)
SumUp — Payment processing for Reports to Parents
Google — For website analytics
Mailchimp — To manage enquiries and send communications
Netlify — Website and application hosting

We do not sell personal data to third parties.

Changes to This Policy

We may update this privacy policy from time to time. We will notify customers of significant changes via email. The "last updated" date at the top of this page indicates when it was last revised.

Contact Us

For any questions about this privacy policy or our data practices:

ICT & Data Services Group Limited
5 Campsall Drive
Sheffield
S10 5FZ

Email: privacy@ictdsg.com