Privacy Policy

Last updated: June 2026

Little Folio is committed to protecting your privacy and handling your personal data responsibly. This policy explains what information we collect, why we collect it, how long we keep it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

1 Who we are

Little Folio is operated by [Your Name] trading as Little Folio.

Data controller for UK GDPR purposes

Email: hello@littlefolio.co.uk

2 What data we collect

Account information: name and email address.
Educational records: activity logs, uploaded files, and correspondence notes.
Children's information: names and dates of birth provided by the parent account holder.
Payment information: processed securely by Stripe. We never store card details.
Usage data: authentication session cookies only.

3 Lawful basis for processing

Contract (Article 6(1)(b)): to provide the Little Folio service you have signed up for.
Legitimate interests (Article 6(1)(f)): to maintain security and prevent fraud.

4 Children's data

Little Folio is designed for use by parents and adults aged 18 and over.

Information about children is entered by the parent account holder only.
Children's data is processed solely to provide the home education record keeping service.
We apply heightened protections to children's data in line with the Age Appropriate Design Code.
Only the parent account holder can access their children's records.

5 How long we keep your data

Account data: retained while your account is active.
Educational records: retained while your account is active and deleted within 30 days of account deletion.
Payment records: retained for 7 years for legal and tax compliance.

6 Third-party services

Supabase

Secure database and authentication hosted in the EU. Supabase Privacy Policy →

Stripe

Payment processing. Little Folio never sees or stores your card details. stripe.com/privacy →

Anthropic

AI report generation. Activity log data is sent to Anthropic's API to generate reports and is not stored by Anthropic. Anthropic Privacy Policy →

Mailtrap

Email delivery service for transactional emails such as account verification.

7 Your rights under UK GDPR

Right to access

Request a copy of all personal data we hold about you.

Right to correct

Correct inaccurate data. Most corrections can be made yourself via Settings.

Right to delete

Delete your account and all associated data via Settings or by emailing us.

Right to restrict

Ask us to pause processing of your data in certain circumstances.

Right to portability

Request your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests at any time.

To exercise any of these rights, email hello@littlefolio.co.uk.

8 Cookies

We use essential cookies only:

Authentication cookies set by Supabase to keep you logged in.
Payment cookies set by Stripe during checkout.

We do not use advertising, tracking, or analytics cookies.

9 Data protection complaints

If you have a concern about how we handle your data:

Step 1: Email hello@littlefolio.co.uk. We aim to respond within 5 working days.
Step 2: If unresolved, you can complain to the ICO at ico.org.uk/make-a-complaint or call 0303 123 1113.

10 Changes to this policy

We will notify users of any significant changes by email. Last updated: June 2026.