1. Introduction

Tête-à-Tête ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our French oral examination practice platform.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Account Information: Email address, name, school, exam board
• Profile Information: Address, postcode (optional)
• Authentication Data: Encrypted passwords, OAuth tokens
• Communication Records: Support emails, feedback submissions

2.2 Educational Data

• Practice Sessions: Audio recordings of French conversations
• Performance Data: Scores, assessments, progress tracking
• Learning Analytics: Time spent, topics practiced, improvement metrics
• Exam Responses: Practice exam submissions and feedback

2.3 Technical Data

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, session duration
• Log Data: IP addresses, access times, error logs
• Cookies: See our Cookie Policy

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide educational services you've requested
• Legitimate Interest: To improve our services and ensure platform security
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with educational and data protection laws

4. How We Use Your Information

• Service Delivery: Provide personalized French learning experiences
• Assessment: Generate AI-powered feedback and scoring
• Progress Tracking: Monitor learning progress and identify areas for improvement
• Communication: Send service updates, educational content, and support
• Platform Improvement: Analyze usage patterns to enhance features
• Security: Detect fraud, abuse, and ensure platform safety
• Compliance: Meet legal and regulatory requirements

5. Information Sharing and Disclosure

5.1 We DO NOT sell your personal data

5.2 We may share information with:

• Educational Partners: Schools and exam boards (with consent)
• Service Providers: Cloud hosting, analytics, and support services
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In case of merger, acquisition, or asset sale

5.3 International Transfers

Some of our service providers may be located outside the UK/EEA. We ensure adequate protection through standard contractual clauses and adequacy decisions.

6. Data Retention

• Account Data: Retained while account is active plus 2 years
• Educational Records: Retained for 7 years for educational purposes
• Audio Recordings: Deleted after 30 days unless saved by user
• Marketing Data: Until consent is withdrawn
• Legal Compliance: As required by applicable laws

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at privacy@tete-a-tete.com

8. Children's Privacy

We take special care with data from users under 18. For users under 13, we require verifiable parental consent. Parents can review, modify, or delete their child's information by contacting us.

Educational data may be retained longer to support continued learning, but parents can request deletion at any time.

9. Data Security

We implement comprehensive security measures:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Regular privacy and security training
• Incident Response: Procedures for data breach notification

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the platform. The "Last updated" date indicates when changes were made.

12. Contact Information

Supervisory Authority

If you're not satisfied with our response to your privacy concerns, you can lodge a complaint with the Information Commissioner's Office (ICO):