LlamarooTrust Center
Privacy Policy

How Llamaroo handles your data

We built Llamaroo so classrooms can learn without giving up privacy. This policy covers how we handle data for the people who run those classrooms.

Llamaroo Ltd

Llamaroo Ltd ("we", "us", or "our") is the data controller responsible for personal data processed through our website and administrator platform.

Llamaroo is designed with privacy at its core. Our educational experience is built to avoid collecting personal data from students and learners during normal classroom use.

This Policy explains how we process personal data for institutional customers, authorized administrators, website visitors, and business contacts.

1

Who We Are

We are registered in England and Wales. Our company number will be published here once confirmed. Our registered office is at Flat 204, Renown House, London E14 3ZS.

Questions about this Policy can be sent to privacy@llamaroo.com, or by post to our Data Protection Contact at the address above.

2

Data We Collect

We collect personal data needed to operate our admin and business workflows.

  • Account and registration data: name, work email, job title, organization name, account credentials, and billing contact details.
  • Payment data: billing address and invoice history. Card details are handled by our payment processor and are not stored in full by Llamaroo.
  • Usage data: administrator login timestamps, IP addresses, device type, browser type, operating system, and product interaction events.
  • Communication data: support messages, sales correspondence, survey responses, and feature requests.
  • Website visitor data: IP address, browser metadata, referral path, page visits, and cookie-related data.
3

How We Use Data and Legal Bases

Under UK GDPR, we process personal data using the following legal bases.

  • Contract performance (Article 6(1)(b)): provide and support the service, process subscriptions and payments, and manage account communications.
  • Legitimate interests (Article 6(1)(f)): improve reliability and product quality, run aggregate usage analysis, and protect service security.
  • Legal obligation (Article 6(1)(c)): meet accounting, tax, and regulatory duties.
  • Consent (Article 6(1)(a)): marketing messages where required, and non-essential cookies.
4

Children's Data

Llamaroo is used by students through institution-managed classroom flows, and we design core learning use to avoid collecting student personal data.

Students do not need personal accounts or identifying details to access classroom learning content.

If we learn we have collected personal data from a child under 13 by mistake, we will delete it without delay.

5

Data Sharing

We do not sell, rent, or trade personal data. We may share personal data only when necessary with:

  • Service providers that support hosting, analytics, payments, and operations under contractual safeguards.
  • Professional advisers such as legal, accounting, and audit providers.
  • Regulators, courts, or law enforcement where disclosure is legally required.
  • A successor organization in a merger, acquisition, or asset sale, with notice where appropriate.
6

International Transfers

Data is primarily stored in the UK and EEA.

Where transfers outside the UK or EEA occur, we apply appropriate safeguards, including UK-approved Standard Contractual Clauses.

7

Retention

We keep personal data only as long as needed for the purposes in this Policy.

  • Account data: subscription period plus 2 years.
  • Payment records: 7 years.
  • Usage data: 12 months in aggregate, non-identifying form where possible.
  • Support and communication records: 3 years from last contact.
  • Website analytics data: up to 26 months.
8

Security

We apply appropriate technical and organizational controls, including encryption in transit and at rest, role-based access controls, periodic security reviews, and staff training.

If a personal data breach creates risk to individuals, we will notify the ICO within 72 hours where required, and notify affected individuals without undue delay when legally required.

9

Your Rights

Under UK GDPR, you may have rights of access, correction, deletion, restriction, portability, objection, and rights related to automated decision-making.

To exercise your rights, contact privacy@llamaroo.com. We aim to respond within one month.

You may also complain to the UK Information Commissioner's Office at https://www.ico.org.uk.

10

Cookies

Our website uses cookies and similar browser storage technologies. For full details about what we use and how to manage your preferences, please see our Cookie Policy at /cookies.

11

Changes to This Policy

We may update this Policy from time to time. Material changes will be notified by email or in-service notice at least 30 days before they take effect.

The Last Updated date at the top of this page shows when this Policy was most recently revised.

12

Contact

Llamaroo Ltd

Flat 204, Renown House, London E14 3ZS

Email: privacy@llamaroo.com

Data Protection Contact: Data Protection Lead