S
Sound Read Spell← Back

Privacy Policy

Last updated: 21 April 2026

This Privacy Policy explains how Sound Read Spell (“we”, “us”, “our”) collects, uses and protects personal data when you use our website and learning service (the “Service”). We are the data controller for the personal data we collect about you.

1. Who we are

Sound Read Spell is operated by [REPLACE: legal trading name] of [REPLACE: registered address, if applicable], United Kingdom. If you have any questions about this policy or how we handle your data, please contact us at soundreadspell@gmail.com.

2. What data we collect

We collect and process the following personal data:

  • Account details — email address, password (stored as a one-way hash), and the date your account was created.
  • Subscription and trial state — whether your free trial is active, when it started, and whether you are on a paid subscription.
  • Progress data — which sounds, words, sentences and passages have been practised, stored on your device and associated with your account.
  • Technical data — standard server logs (request URL, timestamp, IP address, browser type) retained for security and debugging purposes.

3. How we use your data

  • To create and run your account and deliver the Service.
  • To remember your progress between sessions and devices.
  • To manage trials, subscriptions and access rights.
  • To send essential service emails (confirmation, password reset, account notices).
  • To keep the Service secure and detect misuse.
  • To comply with our legal obligations.

4. Lawful basis

Under UK GDPR, we process your personal data on the following bases:

  • Contract — processing that is necessary to provide the Service you have signed up for.
  • Legitimate interests — keeping the Service secure, preventing fraud, and improving the product. We will always balance these interests against your rights.
  • Consent — where we ask you to opt in (for example, any future marketing emails). You can withdraw consent at any time.
  • Legal obligation — where we have to process data to meet a legal requirement.

5. Children’s data

The Service is designed for young children to use with a parent or carer. Accounts can only be created by an adult aged 18 or over. We do not knowingly collect personal data directly from children. If you believe a child has submitted personal data without your consent, please contact us and we will delete it.

6. How we share data

We do not sell your personal data. We share data only with service providers who help us run the Service, under contracts that require them to protect your data:

  • Supabase — authentication and database hosting.
  • Google / Firebase — application hosting.
  • Email delivery providers — for confirmation and password-reset emails.
  • Payment processor — if and when we take payments, via a regulated provider such as Stripe. We do not store your card details.

Some of these providers are based outside the UK (for example in the United States). Where that is the case, we rely on appropriate safeguards such as the UK International Data Transfer Addendum or Standard Contractual Clauses.

7. Cookies and local storage

We use strictly necessary cookies to keep you signed in and to preserve your session. We also store small amounts of data in your browser’s local storage to remember your in-progress practice position. We do not use advertising or tracking cookies.

8. How long we keep data

We keep your account data for as long as your account is active, plus a reasonable period afterwards so that you can reactivate, and to meet tax and legal obligations. If you delete your account, we will delete or anonymise your personal data within a reasonable time, except where we are required to keep it by law.

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased in certain circumstances.
  • Restrict or object to how we use your data.
  • Receive a copy of your data in a portable format.
  • Withdraw consent where we rely on consent.

To exercise any of these rights, email us at soundreadspell@gmail.com. You also have the right to complain to the UK’s Information Commissioner’s Office (ico.org.uk).

10. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and strict access controls. No system is perfectly secure, so we cannot guarantee absolute security — please keep your password safe and contact us immediately if you suspect any unauthorised access.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the “Last updated” date at the top. Material changes will be notified to you by email.

12. Contact us

If you have any questions about this Privacy Policy, email soundreadspell@gmail.com.