Privacy Policy

CyberDIVA is a project managed by Forensic Pathways Ltd in collaboration with Aston University. For the purposes of the UK General Data Protection Regulation (UK GDPR), Forensic Pathways Ltd is the "Data Controller" for the information you provide through this platform.

This policy applies to all users: Students using anonymous IDs, Parents managing family profiles, and Educators or Professionals using school portal features.

We only collect the minimum amount of data necessary to provide our educational and safeguarding services.

A. Student Users (Primary Focus: Anonymity)

• Anonymous Identifiers: We do not collect real names for students. Usage is tracked via a unique alphanumeric Student ID (e.g., STU-1234).
• Progress Data: Completion status of modules, scores from interactive quizzes, and engagement with digital escape rooms.
• Technical Data: IP addresses are logged for security and load-balancing purposes but are not used to identify individual student users.

B. Parents, Educators, and Professionals

• Identity & Contact Data: Full name, professional email address, and job title (for educators/police).
• Institutional Data: Name of the school, local authority, or NGO you are affiliated with.
• Transaction Data: Details about your subscription plan and payment history (where applicable).

C. AI Tool Interactions

• Query Data: Phrases and emojis submitted to the AI Decoder. Crucially: we instruct users not to provide PII in these fields. Any inadvertent PII is not stored in our primary training databases.

Under UK GDPR, we process your data based on the following justifications:

We do not share your data with third parties for marketing purposes. Data sharing is limited to:

• Educational Context: Anonymized student progress is shared with the specific educator or parent who manages the student's ID.
• Service Providers: Google Cloud/Firebase (for secure hosting in UK/EU regions), and Stripe (for secure payment processing).
• Safeguarding: We may share data with law enforcement or social services if we believe there is an immediate risk of harm to a child or vulnerable adult, as required by UK law.

We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for.

• Active Accounts: Retained for the duration of your subscription.
• Inactive School Accounts: Deleted 12 months after the last subscription period ends, unless a deletion request is made earlier.
• Student Data: Purged at the end of each academic year (July 31st) unless the school requests a roll-over for the following year.
• Waitlist Data: Retained until the platform launch or until you opt-out.

You have significant rights over your data, which you can exercise at any time:

CyberDIVA uses "Essential Cookies" only. These are strictly necessary for the platform to function (e.g., keeping you logged in). We do not use third-party tracking or advertising cookies.