Linguistic Quest

Legal

Privacy Policy

Linguistic Quest is a trading name of Southern African Traders Ltd. Contact: hello@linguisticquest.com.

Privacy Policy

Linguistic Quest

Version: v1.0 — April 2026

1. Introduction

This Privacy Policy explains how Southern African Traders Ltd trading as Linguistic Quest collects, uses, stores and shares personal data when you use www.linguisticquest.com and related services.

We are based in the United Kingdom and this policy is designed for compliance with the UK GDPR, the Data Protection Act 2018, PECR, and the ICO Children's Code.

The ICO Children's Code is relevant because Linguistic Quest is likely to be accessed by children. The Code sets standards for online services likely to be accessed by children.

2. Who we are

  • Controller: Southern African Traders Ltd trading as Linguistic Quest
  • Company number: 12003857
  • Website: www.linguisticquest.com
  • Privacy contact: feedback@linguisticquest.com
  • ICO registration number: to be confirmed where required

For family accounts, we are usually the controller of account, parent, child-profile and usage data.

For school accounts, the school is usually the controller of student personal data and we act as processor, except where we process limited information for our own legal, security or service-administration purposes.

3. Personal data we collect

3.1 Parent or adult account data

We may collect:

  • (a) name;
  • (b) email address;
  • (c) password or authentication credentials;
  • (d) billing plan and subscription status;
  • (e) payment transaction references;
  • (f) account settings;
  • (g) communications with us;
  • (h) referral or affiliate information, where applicable; and
  • (i) login, device and security information.

3.2 Child profile data

We aim to minimise child data. We may collect:

  • (a) first name or nickname;
  • (b) age or age range;
  • (c) language preferences;
  • (d) puzzle responses;
  • (e) saved vocabulary;
  • (f) progress, streaks, scores and learning history;
  • (g) profile settings; and
  • (h) parent consent timestamp and related audit record.

We do not intentionally ask parents to provide a child's full legal name, precise date of birth, home address or direct contact details.

3.3 School student data

For school users, we may process:

  • (a) student name, username or school identifier;
  • (b) class, group or year information;
  • (c) teacher or school administrator details;
  • (d) login credentials or single sign-on identifiers;
  • (e) puzzle responses, progress and usage data;
  • (f) support and technical logs; and
  • (g) information imported or provided by the school.

3.4 Technical and usage data

We may collect:

  • (a) IP address;
  • (b) device type;
  • (c) browser type;
  • (d) operating system;
  • (e) pages viewed;
  • (f) session data;
  • (g) error logs;
  • (h) approximate location derived from IP address;
  • (i) cookie identifiers; and
  • (j) security and fraud-prevention logs.

3.5 Payment data

Payments are processed by PayPal or another payment provider. We do not store full card numbers, CVV codes or card expiry dates on our own servers. We may receive payment status, transaction ID, payer email, billing name, subscription status and fraud-prevention information.

3.6 Affiliate and referral data

If you participate in a referral or affiliate programme, we may collect:

  • (a) name;
  • (b) email;
  • (c) website or social profile;
  • (d) payment details needed for commission;
  • (e) tax or invoice information;
  • (f) referral links and tracking IDs;
  • (g) clicks, conversions and attribution data; and
  • (h) fraud-prevention records.

4. How we collect personal data

We collect personal data:

  • (a) directly from you when you create an account, subscribe, contact us or configure profiles;
  • (b) from parents when they create child profiles;
  • (c) from schools when they set up student or teacher accounts;
  • (d) automatically when you use the Service;
  • (e) from payment providers;
  • (f) from referral or affiliate tracking systems; and
  • (g) from support, analytics, hosting and security tools.

5. Why we use personal data and our lawful bases

PurposeData usedLawful basis
Create and manage adult accountsAccount data, login dataContract
Provide child profiles and learning featuresChild profile data, progress dataContract with parent; legitimate interests; consent where required
Provide school servicesStudent, teacher and school dataProcessor on school's instructions; contract with school
Process subscriptions and paymentsBilling, transaction and account dataContract; legal obligation; legitimate interests
Provide supportContact, account and technical dataContract; legitimate interests
Improve and secure the ServiceUsage, logs, error dataLegitimate interests
Prevent fraud and misuseLogin, IP, transaction and behavioural signalsLegitimate interests; legal obligation
Send service noticesEmail and account dataContract; legitimate interests
Send marketing to adultsEmail, preferencesConsent or soft opt-in where permitted
Manage referrals and affiliatesAffiliate and conversion dataContract; legitimate interests
Comply with lawRecords, invoices, audit logsLegal obligation

We do not use children's personal data for behavioural advertising.

6. Children's privacy

We design Linguistic Quest with children in mind. We aim to:

  • (a) collect only the child data needed to provide learning features;
  • (b) avoid asking for unnecessary identifiers;
  • (c) give parents control over child profiles;
  • (d) avoid behavioural advertising to children;
  • (e) use privacy-protective defaults;
  • (f) provide age-appropriate experiences; and
  • (g) delete or anonymise child data when no longer needed.

Parents may request access, correction or deletion of child profile data by contacting us.

7. School privacy

Where a school provides student personal data, the school decides the purposes and means of processing. We process that data on the school's documented instructions under the School Data Processing Agreement.

The ICO explains that controllers are responsible for UK GDPR compliance and processors have more limited but direct obligations.

8. Cookies and similar technologies

We use cookies and similar technologies to run the website, keep users signed in, remember preferences, secure the Service, measure performance and, where applicable, support referral or affiliate tracking. PECR applies to cookies and similar technologies even where the information is anonymous.

We classify cookies as:

  • (a) strictly necessary cookies — needed for login, security, payments, account functions and service delivery;
  • (b) preference cookies — remember choices such as language or display settings;
  • (c) analytics cookies — help us understand use and improve the Service; and
  • (d) affiliate or marketing cookies — support attribution, referrals or campaign measurement.

We will request consent before placing non-essential cookies where required by law. You can manage cookies through our cookie banner, cookie settings, or your browser settings.

9. Marketing

We may send marketing emails to adults where we have consent or where the law permits a soft opt-in. You can unsubscribe at any time using the link in the email or by contacting us.

We do not knowingly send marketing emails directly to children.

10. AI and content generation

We may use AI tools to help generate, test, review or improve educational content, pronunciation audio, examples, translations, hints or support responses.

Where personal data is used with AI tools, we will assess the relevant data protection risks and use appropriate safeguards.

We do not intentionally use identifiable children's personal data to train public AI models.

11. Who we share personal data with

We may share personal data with:

  • (a) hosting providers;
  • (b) database and infrastructure providers;
  • (c) payment processors;
  • (d) email and communication providers;
  • (e) analytics providers;
  • (f) customer support tools;
  • (g) security and fraud-prevention providers;
  • (h) professional advisers;
  • (i) schools, for school accounts;
  • (j) parents, for child profiles under their account;
  • (k) regulators, courts or law enforcement where required; and
  • (l) business successors in a merger, sale or reorganisation.

We require processors to protect personal data and process it only under appropriate contractual terms.

12. International transfers

Some suppliers may process personal data outside the UK. Where we transfer personal data internationally, we will use appropriate safeguards, such as:

  • (a) UK adequacy regulations;
  • (b) the UK International Data Transfer Agreement;
  • (c) the UK Addendum to the EU Standard Contractual Clauses; or
  • (d) another lawful transfer mechanism.

13. How long we keep personal data

We keep personal data only as long as necessary. Indicative retention periods:

Data typeRetention period
Adult account dataAccount lifetime plus up to 6 years for legal records
Child profile dataUntil deleted by parent or account closure, then production deletion within 30 days and backup deletion within 90 days
School student dataAs agreed with the school, normally deletion or return within 30 days after contract end, with backup deletion within 90 days
Payment and invoice recordsUp to 6 years
Support messagesUp to 3 years unless needed longer
Security logsUsually 12 months unless needed for investigation
Cookie consent recordsUp to 24 months
Affiliate recordsContract lifetime plus up to 6 years

14. Security

We use appropriate technical and organisational measures to protect personal data, which may include encryption in transit, access controls, audit logging, staff confidentiality, backups, vulnerability management and supplier due diligence.

No online service can be guaranteed completely secure.

15. Your rights

Depending on your circumstances, you may have rights to:

  • (a) access your personal data;
  • (b) correct inaccurate data;
  • (c) delete data;
  • (d) restrict processing;
  • (e) object to processing;
  • (f) receive data portability;
  • (g) withdraw consent; and
  • (h) complain to a supervisory authority.

To exercise rights, contact feedback@linguisticquest.com.

Parents may exercise rights on behalf of children where appropriate.

For school student data, we may refer requests to the relevant school where the school is the controller.

16. Complaints

Please contact us first so we can try to resolve your concern. You also have the right to complain to the UK Information Commissioner's Office.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide reasonable notice by email, in-app notice or website notice.

18. Contact

  • Email: feedback@linguisticquest.com
  • Post: admin@satraders.co.uk