Privacy Policy

Last Updated: [1st January 2026]

WriteReader ApS
Ulriksholmvej 16
5230 Odense M
Denmark
CVR: 34892199
Email: info@writereader.com

WriteReader ApS (“WriteReader”, “we”, “us”) provides an educational literacy platform for organisations, districts, schools, teachers, students, and parents.

1. Roles & Data Responsibility

For institutional deployments:

• The School/District/Institution acts as Data Controller.

• WriteReader acts as Data Processor under a Data Processing Addendum (DPA).

• For limited administrative purposes (billing, support), WriteReader acts as Data Controller.

2. Categories of Personal Data

We collect only data necessary to provide educational services.

Student Data (processed on behalf of schools)

• First name or pseudonym

• Username

• Class affiliation

• Educational content created (text, images, audio)

• Technical metadata (IP address, browser/device logs for security)

Teacher Data

• Name

• Email address

• School affiliation

Parent Data (if applicable)

• Name

• Email address

• Consent confirmations

We do not sell or rent personal data.
We do not use student data for advertising or profiling.

3. Purpose & Lawful Basis

We process personal data for the following purposes:

Where required by law (e.g., COPPA or national child-age thresholds), parental consent must be obtained by the school prior to student account activation.

4. Hosting & International Transfers

• Users outside North America: Data is hosted within the European Union.

• North American users: Data is hosted on secure Amazon Web Services infrastructure located in the United States.

Where personal data is transferred outside the EU/EEA, appropriate safeguards (e.g., Standard Contractual Clauses) are applied.

Current subprocessors are:
Amazon Web Services (US) & Scaleway, (France)

5. Data Retention & Deletion

Institutional Accounts

• Data is retained for the duration of the institutional account.

• Upon termination, data will be deleted within 90 days.

Backups

• Encrypted backups are retained under rolling deletion cycles.

• Backup deletion occurs within 180 days.

Inactive Accounts

• Accounts inactive for 24 months may be deleted following prior notice.

Deletion requests may be submitted at any time to info@writereader.com and are processed within 30 days.

6. Data Subject Rights

Under GDPR and applicable laws, individuals have the right to:

• Access their data

• Correct inaccurate data

• Request deletion

• Restrict processing

• Object to processing

• Data portability (where applicable)

For student accounts, requests must be submitted through the school acting as Data Controller.

7. Security Measures

We implement appropriate technical and organisational measures, including:

• Encryption in transit (TLS)

• Encryption at rest

• Role-based access control

• Restricted employee access

• Regular encrypted backups

• Incident response procedures

8. Personal Data Breach Notification

In the event of a personal data breach affecting institutional data:

• WriteReader will notify the affected institutional administrator without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

• Notification will include the nature of the breach, categories of data affected, and mitigation steps.

• We will cooperate with schools in fulfilling regulatory or parental notification obligations.

9. Children’s Privacy

WriteReader is designed for educational use under teacher supervision.

• Student accounts are created and managed by teachers.

• We do not knowingly collect personal data directly from children outside the institutional context.

• We do not engage in behavioral advertising or commercial profiling of students.

10. Policy Updates

Material changes to this Privacy Policy affecting data processing, retention, or user rights will be communicated at least 30 days in advance to registered institutional administrators via email and/or in-platform notification.

11. Governing Law

This Privacy Policy is governed by Danish law and applicable EU data protection legislation.