1. Our Role

When a School directs students to use Tête-à-Tête as part of its curriculum or educational programme, the School is the data controller for the student data it instructs us to process, and Tête-à-Tête acts as a data processor on the School's behalf.

Where a student signs up independently (not through a School), Tête-à-Tête is the data controller in its own right. Our main Privacy Policy applies in that case.

1A. Common Entrance (CE 13+) pupils under 13

Our Common Entrance (CE 13+) preparation surface admits pupils aged 11 and above. For pupils under 13, lawful basis is UK GDPR Article 8 consent given by a person with parental responsibility. Two routes:

• Parent-led: the parent registers with Tête-à-Tête directly, attests consent for the named child, and provisions the child's own sign-in (username + simple PIN or password — no child email collected). Tête-à-Tête is sole controller (joint controller with the parent for the child's data); the parent is the consent-giver.
• Teacher-provisioned (school-led): a School that has signed our School Data Processing Addendum provisions CE 13+ pupil accounts on behalf of its pupils. The School is the data controller and Tête-à-Tête is the processor; parental consent flows through the School's existing safeguarding and enrolment consent stack. The School's designated data protection officer attests, in our admin interface, that the School has obtained that consent for each named pupil. This attestation is recorded against each pupil account as the consent evidence and is available to the DPO on request.

Pupil accounts created under either path ship with stricter AADC defaults than the GCSE baseline (no push to the pupil's account, no leaderboards, no social features, no behavioural advertising, no behavioural profiling). These defaults are role-level and not toggleable by the pupil or the School. See §5 of our CE 13+ Privacy Notice for the full list.

Withdrawal of consent pauses access immediately and triggers deletion of the pupil's personal data within 30 days. The consent record itself (who attested, when, version of the consent text, evidence method) is retained as an audit artefact and remains available to the School's DPO on request. On the pupil's 13th birthday, rights vest in the child automatically per UK GDPR Article 8; the parent dashboard becomes view-only unless the child positively opts to retain parental oversight. The transition is not gated on parent confirmation.

2. Data We Process on Behalf of Schools

When students use the Service through a School, we process:

• Account information: Name, email address, school affiliation, year group
• Educational data: Practice session transcripts, AI-generated scores and feedback, progress metrics
• Voice data: Audio recordings of French and Spanish speaking practice (streamed in real time for AI processing — see section 5 for retention details)
• Technical data: Device type, session timestamps, error logs

3. How Student Data Is Processed

• Audio is streamed in real time to OpenAI via LiveKit for transcription and AI response generation. Tête-à-Tête does not permanently store audio. See section 5 for full retention details.
• Transcripts of student speech are stored in our database for progress tracking and review.
• AI-generated scores and feedback are stored against the student's account.
• We do not use student data for marketing, advertising, profiling, or any purpose unrelated to providing the educational Service.
• We do not perform biometric identification or create voice prints from audio data.

4. Sub-Processors

We use the following sub-processors to deliver the Service. Each processes student data only on our instructions and under appropriate contractual safeguards:

International transfers are protected by Standard Contractual Clauses and/or data processing agreements with each provider.

5. Audio and Recording

• Audio is streamed in real time for AI processing. Tête-à-Tête does not permanently store audio.
• LiveKit, our voice infrastructure provider, may temporarily retain session audio and telemetry for a limited period for technical debugging and quality assurance purposes, then permanently deleted. Any retained data is accessible to authorised Tête-à-Tête staff for debugging purposes only and is not used for marketing, training AI models, or any other purpose.
• A visible "recording" indicator is displayed to the student whenever audio capture is active.
• We do not create or store voice prints, biometric templates, or any form of biometric identifier from student audio.
• OpenAI does not use API data to train its models. Audio processed by OpenAI may be retained for a limited period for safety monitoring purposes, then permanently deleted.

6. Data Retention

• Educational records (transcripts, scores, feedback): Retained for up to 7 years for educational continuity and safeguarding purposes. Deleted on request.
• Audio recordings: Not permanently stored by Tête-à-Tête. LiveKit, our voice infrastructure provider, may temporarily retain session audio for a limited period for debugging purposes, then permanently deleted.
• Account data: Retained while the account is active, plus up to 2 years after closure.
• Technical logs: Retained for up to 90 days. Transcript and audio content is not included in logs.

Schools may request earlier deletion of all student data at any time by contacting us.

7. Deletion and Data Subject Rights

Schools can exercise the following rights on behalf of their students:

• Access: Request a copy of all student data we hold
• Rectification: Correct inaccurate student data
• Erasure: Request deletion of student accounts and all associated data
• Portability: Receive student data in a structured, machine-readable format
• Restriction: Limit processing while a request is being handled

Deletion requests are processed within 30 days. When a student account is deleted, all associated data (transcripts, scores, progress records) is permanently removed from our database and cannot be recovered.

8. Security Measures

• All data encrypted in transit (TLS) and at rest
• Access restricted to authorised personnel only
• Transcript and audio content excluded from error monitoring and application logs
• Documented incident response procedures with 72-hour notification to Schools where a breach affects their students' data

9. Data Processing Agreement

Schools that require a formal Data Processing Agreement (DPA) under UK GDPR Article 28 can review and use our standard DPA:

• Data Processing Agreement (DPA)
• School Data Processing Addendum

To execute a DPA or discuss bespoke data processing requirements, please contact us at privacy@tete-a-tete.ai.

10. Contact