Children's Privacy
Last updated: 11 June 2026
How we apply the ICO Age Appropriate Design Code
The UK Information Commissioner's Office (ICO) Age Appropriate Design Code (the “Children's Code”) sets fifteen standards for online services likely to be accessed by children. We assess every product change against the Code. Our current defaults are:
- Best interests of the child: the child's interests come first when we design features, defaults and content.
- Data minimisation: we collect only what is needed to deliver lessons and personalisation.
- Default privacy settings: for accounts whose declared age range is “5–10” or “11–13”:
- profile is private to the user;
- analytics cookies are off by default;
- marketing and personalised-advertising cookies are off and not togglable;
- AI training opt-in is hidden and forced off;
- third-party embeds (Spotify, Live2D voices, vendor LLMs) are gated behind explicit consent.
- Profiling: we do not profile children for marketing or third-party data sharing.
- Geolocation: not collected from the browser.
- Transparency: we explain features in age-appropriate language on the relevant onboarding screen.
- Nudge techniques: we avoid dark patterns; cookie banners do not pre-tick non-essential categories and offer “Reject non-essential” with equal prominence.
- Connected toys / devices: not applicable; we do not integrate with consumer IoT devices.
Verifiable parental consent (under-13s)
We are rolling out a parental-consent workflow for users in the “5–10” and “11–13” age ranges. Until that workflow is live, we ask any user who indicates that age range to provide a parent or carer's email; we send a confirmation request and will only activate the account after a parent or carer confirms. Parents and carers can withdraw consent at any time by emailing info.mimwise@gmail.com; the child's account is then anonymised and deactivated.
School and trusted-organisation accounts
Where a school or university (such as a trusted-organisation domain
like essex.ac.uk) enrols learners on MimWise, the
institution becomes a joint or sole controller for that classroom use
and is responsible for obtaining any necessary parental consents and
for its own Data Protection Impact Assessment.
AI and children
AI feedback for child accounts is configured with extra safeguards: tone is fixed to a child-friendly persona; sensitive content classifications block adult, violent or self-harm topics; AI training use of child content is permanently off (no opt-in). We will document these controls in our Fundamental Rights Impact Assessment (Article 27 of the EU AI Act) before onboarding any school cohort.
Your rights as a parent or carer
You can ask us to confirm what data we hold about your child, to correct or delete it, or to stop processing it, by emailing info.mimwise@gmail.com from the email address on file. You can also complain to the UK Information Commissioner's Office.