How Llamaroo protects children’s information

Llamaroo Ltd is a company registered in England and Wales. Our registered office is at Flat 204, Renown House, London E14 3ZS.

For questions about this notice or about how we handle children's information, contact us at privacy@llamaroo.com or write to our Data Protection Contact at the address above.

Llamaroo is designed around a core principle: students should be able to participate in classroom learning experiences without providing personal information.

Students do not create accounts. There is no sign-up form, no email address, no date of birth, no phone number, and no password. Students join a classroom session using a class code and a short numeric PIN, both set and managed by their teacher.

When a student uses Llamaroo through their school, we process a limited set of information.

• Display name: a short label chosen by the teacher (for example, a first name or nickname). Students do not enter this themselves.
• Student PIN: a 4-character code set by the teacher, used to join a classroom session. It is not a password and does not protect a personal account.
• Session token: a temporary, opaque identifier stored in the student's browser. It expires automatically after 24 hours of inactivity and can be revoked by the teacher at any time.
• Learning progress: course completion data, scores, and activity timestamps linked to the student's classroom roster entry. This lets the teacher see how students are progressing.
• Device hint: a random, pseudonymous value generated in the browser session, used solely for abuse prevention (such as detecting rapid repeated join attempts). It is not a device fingerprint and cannot identify a person or device.

We do not collect the following from students during normal classroom use.

• Email addresses or contact details.
• Dates of birth or age.
• Home addresses, phone numbers, or photographs.
• Biometric data or health information.
• Location data (beyond what is inherent in a standard web request).
• Payment or billing information.
• Free-text biographical or personal profile data.

Students do not have accounts on Llamaroo. Our authentication provider (Clerk) is used for teacher and administrator sign-in only. While the Clerk client library loads as part of the application, no Clerk session or user record is created for students.

The class code and PIN system is deliberately simple and stateless from the student's perspective. A student can join from any device without installing anything or creating a profile.

When a school uses our OneRoster integration to import class lists, the import data may include student given names, family names, and email addresses as provided by the school's student information system.

This data is stored in workspace-scoped tables accessible only to authorized administrators within that school's workspace. It is used solely to match roster entries and is governed by the school's own data processing decisions. Llamaroo processes this data on the school's instruction, acting as a data processor.

When Llamaroo is used within a school setting, the school is typically the data controller. The school decides which students use Llamaroo, what display names to assign, and how learning data is used in their educational context.

Llamaroo acts as a data processor, processing student-related information only to deliver the classroom learning service as instructed by the school. We do not determine the purposes of processing children's information beyond providing the service the school has engaged.

Where required, we enter into a Data Processing Agreement with the school or institution that sets out our obligations as processor, including security measures, sub-processor management, and data subject rights assistance.

The UK Information Commissioner's Age Appropriate Design Code (the "Children's Code") sets standards for online services likely to be accessed by children.

Llamaroo is provided to schools as an institutional tool, not as a direct-to-consumer service. Students access Llamaroo only through their school's managed classroom flow, not through an app store or public sign-up. The school determines how and why student information is processed.

Under ICO guidance on edtech and the Children's Code, where an edtech provider acts solely on the instruction of the school and does not process children's personal information for its own separate purposes, the service functions as a digital extension of the school's educational activities and the Code does not apply to the provider.

Regardless of the Code's formal applicability, we design Llamaroo to align with its principles: data minimisation, no profiling for commercial purposes, no behavioural nudges, age-appropriate defaults, and transparency.

We process student-related information only to deliver the classroom learning experience.

• Display the student's progress within their classroom session.
• Show classroom leaderboards using teacher-assigned display names.
• Maintain session continuity so a student can return to where they left off within 24 hours.
• Detect and prevent misuse of classroom join codes.

We do not use student information for any purpose beyond the core classroom service.

• We do not use student data for marketing or advertising.
• We do not sell, rent, or trade student information.
• We do not build individual student profiles for commercial product development.
• We do not send student data to AI or machine learning systems. Our AI features (course generation) are available only to authenticated teachers and do not process student answers, progress, or any student-identifiable data.
• We do not use analytics cookies, tracking pixels, or behavioural tracking in the student experience.

We share student-related information only with services necessary to operate the platform.

• Supabase (database hosting): stores classroom rosters and progress data. Supabase acts as a sub-processor under contractual data protection terms.
• Vercel (application hosting): processes web requests, including request bodies, as part of serving the application.
• Google Fonts: the student's browser makes standard requests to load typefaces, which exposes the browser's IP address and user-agent string to Google, as with any website using web fonts.

Student session tokens expire automatically after 24 hours of inactivity and can be revoked immediately by the teacher.

When a teacher deletes a classroom, all associated roster entries, progress data, and session records are permanently deleted through cascading database rules.

Teachers can also rotate student PINs and revoke active sessions at any time through the classroom management interface.

If a school or parent requests deletion of a specific student's data, contact us at privacy@llamaroo.com and we will action the request without undue delay.

We apply appropriate technical and organizational measures to protect student information, including encryption in transit (TLS), role-based access controls in our database, and row-level security policies that scope data access to the relevant classroom and workspace.

Student progress and roster data are isolated per classroom through database-level enforcement, not just application logic.

Our hosting infrastructure may process data outside the UK. Where this occurs, we rely on UK-approved transfer mechanisms, including Standard Contractual Clauses, to ensure adequate protection.

Parents, guardians, and schools can exercise the following rights in relation to a child's information.

• Request access to the personal information we hold about their child.
• Request correction of inaccurate information.
• Request deletion of their child's information.
• Request that we restrict or stop processing their child's information.
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

We may update this notice from time to time. Material changes will be communicated through our website. The "Last updated" date at the top shows the most recent revision.

Llamaroo Ltd

Flat 204, Renown House, London E14 3ZS

Email: privacy@llamaroo.com

Data Protection Contact: Data Protection Lead

You can also contact the ICO if you have concerns about how we handle children's information: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or at ico.org.uk.