Children's Privacy

Last updated: 11 May 2026

How we apply the ICO Age Appropriate Design Code

The UK Information Commissioner's Office (ICO) Age Appropriate Design Code (the “Children's Code”) sets fifteen standards for online services likely to be accessed by children. We assess every product change against the Code. Our current defaults are:

• Best interests of the child — the child's interests come first when we design features, defaults and content.
• Data minimisation — we collect only what is needed to deliver lessons and personalisation.
• Default privacy settings — for accounts whose declared age range is “5–10” or “11–13”:
  • profile is private to the user;
  • analytics cookies are off by default;
  • marketing and personalised-advertising cookies are off and not togglable;
  • AI training opt-in is hidden and forced off;
  • third-party embeds (Spotify, Live2D voices, vendor LLMs) are gated behind explicit consent.
• Profiling — we do not profile children for marketing or third-party data sharing.
• Geolocation — not collected from the browser.
• Transparency — we explain features in age-appropriate language on the relevant onboarding screen.
• Nudge techniques — we avoid dark patterns; cookie banners do not pre-tick non-essential categories and offer “Reject non-essential” with equal prominence.
• Connected toys / devices — not applicable; we do not integrate with consumer IoT devices.

Verifiable parental consent (under-13s)

We are rolling out a parental-consent workflow for users in the “5–10” and “11–13” age ranges. Until that workflow is live, we ask any user who indicates that age range to provide a parent or carer's email; we send a confirmation request and will only activate the account after a parent or carer confirms. Parents and carers can withdraw consent at any time by emailing privacy@mimwise.co.uk; the child's account is then anonymised and deactivated.

School and trusted-organisation accounts

Where a school or university (such as a trusted-organisation domain like essex.ac.uk) enrols learners on MimWise, the institution becomes a joint or sole controller for that classroom use and is responsible for obtaining any necessary parental consents and for its own Data Protection Impact Assessment.

AI and children

AI feedback for child accounts is configured with extra safeguards: tone is fixed to a child-friendly persona; sensitive content classifications block adult, violent or self-harm topics; AI training use of child content is permanently off (no opt-in). We will document these controls in our Fundamental Rights Impact Assessment (Article 27 of the EU AI Act) before onboarding any school cohort.

Your rights as a parent or carer

You can ask us to confirm what data we hold about your child, to correct or delete it, or to stop processing it, by emailing privacy@mimwise.co.uk from the email address on file. You can also complain to the UK Information Commissioner's Office.

See also

• Privacy Policy
• Responsible AI
• Cookie Policy