Last updated: March 2026 · Applies to satsgoals.com
1. Who we are
SATs Goals! ("we", "us", "our") operates the website at satsgoals.com — an online
revision platform for Year 6 pupils. For the purposes of UK GDPR, we are the data controller.
Contact us at [email protected]
or via our contact form.
2. What data we collect
Account data: your email address, family name, and a hashed password.
Children's progress data: quiz results, XP, streaks, wrong answers, and star ratings — all linked to a parent-created child profile (first name or nickname only; no date of birth or other identifiers).
Usage data: approximate location (city and country, derived from your IP address at sign-in), browser type, and page-visit times for analytics. Raw IP addresses are never stored.
Feedback & contact messages: any message you send us via the feedback or contact forms, including your email if you provide it.
Session cookies: strictly necessary cookies to keep you signed in. See our Cookie Policy.
3. Legal basis for processing
Contractual necessity — account data and progress data are needed to provide the service.
Legitimate interests — aggregate usage analytics help us improve the service without identifying individuals.
Legal obligation — we retain certain records as required by law.
4. Children's data
SATs Goals! is designed for use by parents and guardians on behalf of their children.
We do not knowingly collect personal information directly from children under 13.
Children are represented in our system only by a first name or nickname chosen by the parent.
No date of birth, school name, or contact details for children are collected or stored.
5. How we use your data
To create and manage your account.
To track and display your child's revision progress.
To send important service communications (e.g. password reset links).
To respond to feedback and support requests.
To monitor usage trends and improve the service.
6. Data sharing
We do not sell, rent, or trade your personal data. We may share data with:
Hosting providers — our servers are hosted on infrastructure providers under data processing agreements (DPAs).
Email service providers — used solely to deliver transactional emails.
Law enforcement — only where required by law.
7. Data retention
Account and progress data: retained while your account is active, deleted within 30 days of an account deletion request.
Usage analytics logs: retained for 12 months.
Feedback and contact messages: retained for up to 2 years for service improvement purposes.
8. Your rights under UK GDPR
You have the right to:
Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your data ("right to be forgotten").
Restriction — ask us to pause processing your data in certain circumstances.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.
To exercise any of these rights, use our contact form
and select GDPR as the request type. We will respond within 30 days.
If you are not satisfied with our response you have the right to lodge a complaint with the
Information Commissioner's Office (ICO).
9. Security
We use HTTPS throughout, bcrypt-hashed passwords, HTTP-only secure cookies, and restrict admin
access to authorised email addresses. No security measure is 100% guaranteed; we encourage
you to use a strong, unique password.
10. Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the
most recent revision. Continued use of the service after changes constitutes acceptance.