Privacy policy

This privacy policy sets out how Crick Software uses and protects any information that you provide us with when using any of our websites, our apps or our computer software.

Crick Software is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

This policy ensures Crick Software:

  • Complies with the data protection law
  • Follows good practise
  • Protects the rights of staff, customers and suppliers
  • Is open about how it stores and processes data
  • Protects itself from the risks of a data breach

Crick Software may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy incorporates changes due to the General Data Protection Regulations (EU GDPR) 2018 and the UK GDPR 2021. These regulations give companies six lawful reasons for processing your data. These are:

  1. Consent
  2. Contract
  3. Legal obligation
  4. Vital interest
  5. Public task
  6. Legitimate interest

What we do with the information we gather

Customer data

  • On our website, we may ask for first name, last name, company name, email address, country, state, partner information, phone number
  • We may also collect the following information from customers when they register for the Service; company and customer contact information including names, email address, industry, geographic region, website address and postal address

Additionally, we may collect the following information:

  • Name and job title
  • Contact information including, email address, website address, and phone number
  • Demographic information such as geographic region, postal address post code, preferences and interests
  • Other information relevant to customer surveys and/or offers

We require this information to understand your needs and provide you with a better service. We are processing this data through “legitimate interest” when:

  • Collecting your details through forms on our website
  • Updating or adding your details to our customer database
  • Using the information to improve our products and services
  • Sending promotional emails to educators about new products, special offers or other information which we think you may find interesting, using the email address that you have provided. We do not send these to student email addresses.
  • Using your information to contact you for market research purposes
  • Using the information to customise our websites according to educators’ interests

Automated processing of data

  • We automatically collect certain information to track visitor activity on our websites. We use this information to improve the content of our sites as well as to provide visitors with a more relevant overall experience with our organisation and our site. This information may include information that identifies you as an individual or relates to an identifiable individual, including; name, title, company name, job function, expertise, postal address, telephone number, or email address. We may also collect other information that does not reveal your specific identity or does not directly relate to an identifiable individual such as browser and device information, information collected through cookies, pixel tags, and other technologies, and demographic information. We never share this information or information you provide us with third parties except to the extent necessary to provide our service.
  • If you fill out a web form on our site, your information will be stored in our CRM system and some of your past browsing on our site may be available to us to determine your interests. We may use this information to more effectively engage with you and improve our site. However, if you use private browsing as described below, you may provide us your information without making your past browsing activity available to us. If you do not wish for us to have your personal information, please do not fill out any of the web forms on this site.
  • If you provide your email address we will process your data as “legitimate interest.” If we contact you, some information is collected about when/if the email was opened and what links were clicked. This information is used to assess the engagement and success of an email campaign.
  • Clicking on a link in any of these emails may cause you to be personally identified on our site and may cause some part of your past browsing history on our site to be available to us so we may more effectively engage with you and improve our site. If you do not wish for this tracking to occur, you can unsubscribe from our mailings or use private browsing mode to avoid tracking.
  • We never use visitor identification techniques that involve sharing information you provide us with other sites or vice versa. We never store any information in your computer’s Flash local shared objects area (i.e., we never use what is known as ‘flash cookies’).

Software and apps

Windows/Mac software

We do not collect data in any of our products. Our applications are installed onto client computers and users’ work is saved locally, except in network installation where it is saved to a shared folder on your server. You will specify the shared folder during the installation process.

iPad apps

The iPad apps are downloaded via the Apple App Store and all information about who the app belongs to is linked to your Apple ID and is held by Apple. Our apps do not collect or share information.

Chromebook apps

For information regarding the data collected when using the Chromebook apps please click on the button below.

The Chromebook apps use your Google ID and Google domain to install. We collect your Google email address as your unique identifier. This address is used to determine the status of your current license.

User settings
We use cookies, local storage and your Google™ account to store user’s settings.

Students and personally identifiable information
The only student information that we store is the student’s email address and basic profile info. This is required to confirm that they are a licensed user.

Required permissions
Applications that integrate with a Chrome or a Google account must declare their intent by requesting permissions. These permissions to your browser and account must be granted in order to integrate with Chrome and Google accounts. Below is a list of these permissions and why they are required. At no time will Crick Software request or have access to your Google account password.

  • Gmail
    - Send email on your behalf (allows the app to send an email when the option is selected by the user)
  • Google Drive
    - View and manage the file in your Google Drive (allows the user to manage their Google Drive files from within the app)
  • Basic account info
    - View your email address (used to identify the user for licensing the app)
    - View your basic profile info (user’s name)
  • Device Camera (allows the app to use the camera when the option is selected by the user)

You can revoke these permissions at any time on your Google Account Permissions page, however if you do this, the Crick Chromebook apps will cease to work.

Data privacy
Crick Software employees will only access content on our servers to manage licensing for the Chromebook apps. The customer information visible to Crick Software employees is:

  • School/organisation details
  • Users’ email addresses and basic profile info
  • Date when users started using the service
  • Date when users last used the app
  • Log of licensing requests (includes timestamp and a device identifier)

This information is used and displayed in to make it simpler for a school to manage their subscriptions and decide which users to add or remove.

We will delete your email address and basic profile info after 2 years of not using our service.

Disclosing your information
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy unless we are legally required to do so by law.

Scanning content
We do not scan any content. Our systems are not designed to associate personal information with your activities.

Personal information protection
Our sites have security measures in place to protect the loss, misuse and alteration of the information under our control. These measures include the use of secure servers to collect the information, encrypted databases, storage of the information in non-public areas of the servers, and other measures as deemed reasonable and necessary. In addition, once a subscription has expired for more than 24 months, the student personal information is deleted from our records.

Access to Student Personal Information
The only student information that we store is the student’s email address and basic profile info. This is required to confirm that they are a licensed user. If you would like to see what information we hold for you, a student or your child with a live subscription to our apps, email We will first need to check that we have enough information to be sure of your identity. If we have any reason to doubt your identity, we will request official confirmation.

We will respond to you within 30 calendar days to provide you with the information. There will be no charge for complying with an access request for student personal information.

Once a subscription has expired for more than 24 months, the student personal information is deleted from our records.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. See our data breach and incident response policies.

Personal information protection

We take reasonable steps to secure your personally identifiable information against unauthorized access or disclosure. We encrypt the transmission of data on pages where you are required to provide payment information. However, it’s important to note that no security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

  • If you receive information from us that is not of interest to you, you can easily unsubscribe by clicking on the link in the email. We will remove your details from our email list and will not send you information until or unless you ask us to do so.
  • We will not sell, distribute, or lease educators’ personal information to third parties unless we have their permission or are required by law. We will never sell, distribute or lease student information.

Data subject rights

As someone we hold data about, you are a Crick Software “Data Subject.” You have the right to object about the processing of data and the right to be forgotten. You can do this by accessing the data that we hold about you under the EU GDPR and UK GDPR legislation. This is a Subject Access Request.

Subject Access Request (SAR)

To request details on the information we hold about you, please write to Crick Software Ltd, Crick House, Boarden Close, Moulton Park, Northampton NN3 6LF or email us on We will first check that we have enough information to be sure of your identity. If we have any reason to doubt your identity, we will request official confirmation.

If you are a relative/representative of the individual concerned, then you must supply the individual’s consent for the release of their personal data.

We will respond to you within 30 calendar days to provide you with the information. There will be no charge for complying with an SAR unless the request is ‘manifestly unfounded or excessive.’ If a request is ‘manifestly unfounded or excessive’ a fee can be charged, or we can refuse to respond.

Rights to erasure

Under the EU GDPR and UK GDPR regulations you have the right to erasure. Where possible and practicable we will ensure that data is removed, and no new data is collected or stored. However, the right to erasure does not provide an absolute right to be forgotten and we can refuse to comply with a request for any of the following reasons:

  • To exercise the right of freedom of expression and information
  • To comply with a legal obligation or for the performance of a public interest task or exercise of official authority
  • Archiving purposes in the public interest, scientific research, historical research or statistical purposes
  • The exercise or defence of legal claims

Errors in our records

If you believe that any information, we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. If we agree that the information is inaccurate, we will correct it and where practicable, destroy the inaccurate information. We will consider informing any relevant third party of the correction. If we do not agree or feel unable to decide whether the information is inaccurate, we will make a note of the alleged error and keep this on file.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer. Essential cookies are strictly necessary for the proper functioning of this website. Without these cookies, this website would not work properly. For example they are used when you sign in, to store your preferences, remember the contents of your shopping cart, and improve the performance and security of our website.

At any time, you can manage your cookie preferences to control whether you accept cookies that are used for performance and analytics, or advertising and targeting.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to help the website analyse how users use the site. To learn more about Google Analytics security and privacy principles, please see:

Facebook Pixel

This cookie is placed by Facebook. It enables Crick Software to measure, optimize and build audiences for advertising campaigns served on Facebook. In particular it enables Crick Software to see how our users move between devices when accessing the Crick Software website and Facebook and to analyse which content a user has viewed and interacted with on our website. To learn more about the Facebook Pixel, please see:

Dynamics 365 Marketing

This website uses Dynamics 365 Marketing to enable us to analyse the success of marketing campaigns, and target users based on data such as their page visits and interactions.

Microsoft Clarity

This website uses Microsoft Clarity to help us understand how you use and interact with the website. Microsoft Clarity also uses cookies for advertising purposes. View a list of the cookies Microsoft Clarity uses

Web Chat

This website uses Live Chat, a web chat service provided by Social Intents. It enables website visitors to easily start a text-based chat directly with Crick Software staff, without needing to submit personal details or create an account. For Social Intents' privacy policy, please see:

Links to other websites

Our websites may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.


We regularly review our compliance with our Privacy Policy. If we receive a formal written complaint, we will follow this up promptly and contact the person who made the complaint for further information.

If Crick Software were to contract with future companies, we have a commitment to only do so with those that are consistent with our principles and policies including successor entities.


Crick Software may change this policy for teachers and educators from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.

For Student PII; if a change is made this will be flagged up in the new policy and terms and conditions, which they will have to consent to.

Data breach policy


As an organisation that processes personal data, Crick Software must ensure appropriate measures are in place to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. The General Data Protection Regulation specifies that all breaches (except those ‘unlikely to result in a risk to the rights and freedoms of natural persons') should be reported to the Information Commissioner.

In the event of a data breach or an information security incident, it is important that appropriate actions are taken to promptly report the breach to the Data Protection Team who will manage the incident and minimise associated risks.

This procedure is designed to set out the process that should be followed to ensure a consistent and effective approach is in place for managing a data breach and ensure that:

  • Data breach events are detected, reported and monitored consistently
  • Incidents are assessed and responded to appropriately
  • Action is taken to reduce the impact of a breach
  • Relevant breaches are reported to the Information Commissioner within the 72-hour window
  • Improvements are made to prevent recurrence
  • Lessons learned are communicated to the wider organisation

Incident response policy

Despite explicit guidelines for securing confidential electronic data, breaches can still occur. At such times, it is important that Crick Software respond as quickly as possible. Computer thefts or loss should be reported immediately to line manager.

Steps that we will take in the event of a data security breach are as follows:

1. Determination of the nature and scope of a breach

  • Identification of the person reporting the breach (name, contact info, etc.)
  • Record of the location, timeframe, and apparent source of the breach
  • Preliminary identification of confidential data that may be at risk

2. Communication

  • Data protection team
  • Law enforcement (depending on the nature/scope of theft)

3. Investigation

  • Identify ongoing vulnerability of data to exposure from breach source (take immediate steps to address)
  • Conduct preliminary analysis
  • Prepare inventory of data at risk
  • Determine if exposed data were encrypted
  • Identify security measures that were defeated (and by what means)

4. Assessment of breach

  • Identify affected individuals at risk of identity theft or other harm
  • Assess financial, legal, regulatory, operational, reputational and other potential institutional risks

5. Remediation

  • Implement password changes and other security measures to prevent further data exposure
  • Determine if exposed/corrupted data can be restored from backups; take appropriate steps
  • Determine if value of exposed data can be neutralized by changing account access, ID information, or other measures

6. Notification

Based on the assessments above, the Data Protection Team will decide whether the breach incident needs to be reported to the ICO or the data subjects. Either way, the breach will need to be added to the breach log to include the following points:

  • Nature and scope of breach
  • General circumstances of the breach (e.g., stolen laptop, hacked database, etc.)
  • Approximate timeline (e.g., date of breach discovery)
  • Steps that Crick Software has taken to investigate and assess the breach
  • Any involvement of law enforcement or other third parties
  • Appraisal of any misuse of the missing data
  • Steps we are taking to prevent future breaches of this nature

7. Post-incident follow-up

Following a data security breach, Crick Software will:

  • Take steps to ensure that missing data cannot be used to access further information from our servers
  • Pursue with law enforcement all reasonable means to recover lost data and equipment
  • Review and modify as needed; all procedures, governing systems, administration, software management, database protections, access to hardware, etc., to prevent future data breaches of a similar nature
  • Take appropriate actions if staff negligence or other’s behaviour contributed to the incident
  • Modify procedures, software, equipment, etc. as needed to prevent future data breaches of a similar nature
  • Take appropriate action if personnel negligence caused or contributed to the incident