top of page

Privacy Policy

Introduction

MoveAhead (“MoveAhead,” “we,” “our,” or “us”) is committed to protecting the privacy of all users of our apps and services, especially children. This Privacy Policy explains how we collect, use, and disclose information when you use our apps, portals, websites, and related services (collectively, the “Services”).

​

We provide motion-analytics technology that captures anonymised movement coordinates only, no images and no video, to power play-and-learn experiences and objective assessment. Our Services apply data protection by design and by default and follow the principle of data minimisation.

There are three ways our Services may be used:

  1. Direct Access – you or your family interact directly with a MoveAhead application (tablet, smartphone, etc.) that uses our motion analytics.

  2. Indirect Access – you use a third-party application that integrates MoveAhead’s motion analytics.

  3. Educator Portal / MAP Dashboard – a school/club/organisation (“Educator”) uses our web portal to add a class/team list (child’s name, school/club, class/team, date of birth, and parent email) so that movement data can be associated with specific children and reports generated for the child, class, team, school or club. 

​

1. Who is responsible for your data (Controller vs. Processor)

  • Direct Access: MoveAhead is the data controller for the limited data we collect directly from you (or from parents/guardians), unless stated otherwise.

  • Indirect Access: The third-party provider is typically the controller. MoveAhead receives anonymised motion coordinates only and does not receive identifiable data from the third party.

  • Educator Portal / MAP Dashboard: The Educator (e.g., school, district, club, or their service provider) is the data controller for children’s identifiable information and associated movement data. MoveAhead acts solely as a data processor on the Educator’s documented instructions. We enter into a Data Processing Addendum (DPA) with each Educator that governs this processing [DPA Template found HERE]

 

For questions about controller-led processing (e.g., requests to access or delete a child’s records in the Educator Portal), please contact the relevant Educator. For processing where MoveAhead is the controller (e.g., our website, Direct Access parental accounts, teacher/coach login accounts, or support inquiries), you may contact us at support@moveahead.io

​

2. Parental Consent

For Direct Access, where the data subject is a child, we rely on verifiable parental consent as required by applicable law (including GDPR and COPPA in the U.S.). We provide clear consent and verification mechanisms and you may withdraw consent at any time (see Your Rights below).

For Indirect Access and Educator Portal scenarios, the third-party provider or Educator (controller) is responsible for establishing an appropriate legal basis (e.g., consent, public task, or legitimate interests) and providing required notices to data subjects/parents.

​​​​

3. Information We Collect

A. Direct Access (MoveAhead as Controller)

  • From Children (with parental consent):

    • First name (or nickname) for login/display.

    • Gender and year of birth for personalised gameplay and appropriate level of challenge

    • Motion Data: anonymised coordinates describing movement performance (no images/no video)

  • From Parents/Guardians:

    • Name, email address, and optional child context (e.g., sports team).

  • Automatically: device and app usage data (device type/OS, interactions), coarse location (e.g., city), diagnostics.

​

B. Indirect Access (Third-Party Apps)

  • We receive anonymised motion coordinates only. We do not receive names, emails, or other identifiers from the third party. Depending on contracts with the third-party provider, anonymised motion data may be retained after processing solely to improve the Services, or deleted immediately after processing.

C. Educator Portal / MAP Dashboard (MoveAhead as Processor)

  • Data entered by Educators (controller): child’s name, school, class, date of birth, parent email; optional class metadata.

  • Associated data generated by the Services: motion coordinates linked to the child’s record, performance metrics, and reports for the child, class, and school.

  • Educator user accounts (teachers/coaches): name, school/organisation, email, role, login metadata.

​

4. Cookies and Similar Technology (Direct Access & Websites)

We may use cookies or local storage for analytics, authentication, and improving the Services. This is statistical data about how you use our Services. Where required, we will display a consent banner and honor your choices.

​​

5. How We Use Information

When MoveAhead is Controller (e.g., Direct Access; teacher/coach logins; our websites):

  • To personalise the movement learning experience.

  • To provide and secure the Services, customer support, and account management.

  • To analyse and improve app performance and safety.

  • To comply with legal obligations.

When MoveAhead is Processor (Educator Portal / MAP Dashboard):

  • Solely to provide the Services to the Educator: associate motion data with child records, generate reports for children/classes/schools, maintain the portal, provide support, and implement Educator-configured settings.

  • We do not sell personal data. We do not use children’s personal data for advertising or unrelated purposes.

 

​

6. Legal Bases

  • Direct Access (Controller): typically parental consent; we may also process de-identified motion data for our legitimate interests in improving safety/performance (you may object - see Your Rights).

  • Educator Portal (Processor): the Educator determines the legal basis and provides required notices. We act only on the Educator’s documented instructions under the DPA.

​

​

7. How We Share Information

  • Service Providers (Sub-Processors): We use vetted providers (e.g., hosting, storage, analytics, support). They must implement appropriate security and act only on our instructions. We maintain a list of sub-processors available upon request.

  • Legal/Compliance: We may disclose information to comply with law or protect the rights, safety, and security of users, the Educator, or the Services.

  • No Sale / No Ads Targeting Children: We do not sell personal data or use children’s data for interest-based advertising.

​

8. International Transfers

Where data is transferred outside the UK/EEA, we implement appropriate safeguards (e.g., Standard Contractual Clauses, UK Addendum) and conduct transfer risk assessments as needed. Hosting regions and safeguards are available on request.

​

9. Security

We implement appropriate technical and organisational measures aligned to GDPR, including at a minimum:

  • Encryption in transit and at rest for personal data.

  • Strict access control (least privilege, MFA, role-based access).

  • Segregation and pseudonymisation of identifiers from motion data where feasible.

  • Secure development practices and third-party dependency management.

  • Logging and monitoring, vulnerability management, and regular security reviews and penetration testing.

  • Personnel confidentiality commitments and security training.

  • Incident response with prompt notice to Educators where we act as processor.

No method of transmission or storage is perfectly secure, but we strive to meet or exceed industry best practices.

​

10. Children’s Privacy, Profiling, and Automated Decisions

We design our Services for learning, engagement, and assessment. We do not use children’s data to make decisions that produce legal or similarly significant effects. Reports personalise learning and provide insights to parents/educators.

We do not create biometric identifiers and do not use motion data for identification; we process movement coordinates to evaluate in-app performance and generate reports.

​

11. Data Retention

  • Controller (Direct Access; MoveAhead-controlled data): We retain personal data only as long as necessary to provide the Services, comply with law, resolve disputes, and enforce agreements; then we delete or anonymise it.

  • Processor (Educator Portal): We retain data as instructed by the Educator in the DPA or contract (e.g., for the duration of the contract plus a defined grace period for export). Upon termination or at the Educator’s instruction, we delete or return personal data and delete existing copies unless storage is required by law.

​

12. Your Rights

Your rights depend on who the controller is:

  • For Educator Portal data (child/class/school records): Please contact your Educator (school/club). We will assist the Educator in fulfilling requests (access, correction, deletion, objection, restriction, portability) as required by law and our DPA.

  • For MoveAhead-controlled data (Direct Access parental accounts, teacher/coach login accounts, website, support): You may contact us at support@moveahead.io to exercise rights under applicable law.

You may withdraw Direct Access parental consent at any time. If you believe we have collected a child’s data without proper consent, please contact us and we will promptly investigate and take appropriate action.

​

13. Sub-Processors and Data Locations

A current list of our sub-processors and primary data hosting regions is available on request. We will notify Educators in advance of material changes as set out in our DPA.

​

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post updates here and, where appropriate, notify Educators or account holders. The “Last updated” date shows when the policy was most recently revised.

​

15. Contact Us

​

​

​

​

​​​

Motion data_edited.png
Girl flying.png
MAP Menu_edited.png
report menu.png

Contact us

Get in touch and find out what we can do for your business.

support@moveahead.io

Contact Us

Thanks for submitting!

bottom of page