Vocab.Party — Privacy Notice
Version 1.0 · Published 8 May 2026 · Last updated 14 June 2026.
Two versions below: a plain-English version any parent or 9–11 year old can read in a minute, and a full version that satisfies UK GDPR Article 13/14 information requirements for a parent who wants the detail.
Plain-English version
Privacy at Vocab.Party — the short version
Vocab.Party is a vocabulary game built by Alt Shift Lab Ltd, a small company in the UK. We take your privacy and your child's privacy seriously. Here's what's actually true:
What we collect
About your child:
- The username and display name you chose for them
- What words they've learned and how well
- When they played, for how long, and what happened in the games
- The messages they've sent to their friends in the app
- A few preferences (voice level, target words, icon)
About you (the parent):
- Your email address
- A record that you accepted these terms
We don't collect:
- Your child's real name (just the display name you gave them)
- Their date of birth, address, school, or phone number
- Their face, voice, fingerprint, or any biometrics
- Their location (we don't track where they are)
- Any payment information
How we use it
- To run the game (track progress, deliver messages, show the mountain panel to their friend group)
- To make the AI hints and the paraphrase judgement work — your child types a sentence, the AI tells them if they got the meaning right
- To send a notification to your child's device when their friend has interacted with them — only between 7am and 9pm in their local time, and only if they've explicitly subscribed
- To run basic, privacy-respecting analytics so we can see whether the product is working — we use this data to assess how well the different games perform and to improve the app, without ever sending your child's name, email, or username to anyone
Who we share it with
We use a small list of trusted services to run Vocab.Party. None of them are advertisers, and none of them get your child's name or your email except where they have to (e.g., the email service that lets you log in needs your email).
The list:
- Vercel — runs the website
- Supabase — stores the database (in the EU)
- Clerk — handles your sign-in and your child's sign-in
- Anthropic — the AI that judges your child's paraphrases. We only send it the word, the dictionary definition, and your child's sentence — never your child's name or any identifier
- PostHog — basic analytics, in the EU, without cookies and without your child's identity
- Cloudflare and Google Fonts — make the site fast and load fonts
- The browser-vendor push service (Apple, Mozilla, or Google) when your child has subscribed to notifications — gets a generic push payload, not your child's identity
We never sell, license, or share your child's data with anyone for marketing.
What your child sees
We deliberately don't:
- Show ads
- Use streaks or notifications to pressure your child to keep playing
- Have a public leaderboard (the mountain panel only shows their friend group)
- Use the kind of "engagement" tricks that make some apps feel exhausting
We deliberately do:
- Stop your child from playing too much (the daily cap is a feature, not a bug)
- Ask for your permission before they receive notifications
- Quiet notifications between 9pm and 7am in their timezone
Your rights and your child's rights
You can ask us, at any time, to:
- Tell you what we have on your child (we'll send it to you within a month, usually within a week)
- Delete your child's account and everything associated with it (we'll do this within a month)
- Correct anything that's wrong (e.g. a typo in the display name)
- Stop using the AI (your child can play without the buzzer or the paraphrase judge — they're optional features)
Email hello@altshiftlab.com for any of the above. We respond personally; this isn't a no-reply alias.
If something goes wrong
If anyone discovers your child's account has been accessed by someone who shouldn't have access (a friend who learned the password, a sibling using the wrong account, etc.):
- Email hello@altshiftlab.com straight away
- We'll reset the password, lock the account, and look at what happened with you
If we ever have a security incident that affects your child's data, we'll tell you directly within 72 hours. We're also legally required to tell the UK regulator (the ICO) within that window.
For the kids reading this
If you're using Vocab.Party, here's what to know:
- Your parent has agreed to let you use this game
- Your parent can see what words you've learned, your scores, and who your friends are. They can't see your messages with friends.
- The AI you talk to (the buzzer voice, the one that judges your sentences) doesn't know who you are — it just sees the word and what you typed
- Don't share your password with friends — it lets them be you in the game
- If anyone in the game does something you don't like, tell your parent. They can ask us to remove that friend from your account.
Who runs this
Alt Shift Lab Ltd, registered in England. Hosam El Nagar is the founder and the person responsible for privacy. Email hello@altshiftlab.com for anything.
If you're not happy with how we handle your data, you have the right to complain to the Information Commissioner's Office — but we'd much prefer you talk to us first.
Full version (UK GDPR Article 13/14 information notice)
1. Who is the data controller?
Alt Shift Lab Ltd, a company registered in England. The single responsible person for data protection is Hosam El Nagar, founder. We are not required to appoint a Data Protection Officer at our scale, but Hosam is the named contact for all data-protection matters.
Contact: hello@altshiftlab.com.
2. What data do we process and why?
| What | Why | Lawful basis |
|---|---|---|
| Parent's email address | To enable the parent to sign in and to communicate with them | UK GDPR Article 6(1)(a) consent (and Article 6(1)(b) where necessary to operate the service the parent has signed up to) |
| Parent's record of T&C acceptance (timestamp + version) | To prove that lawful consent was given | Article 6(1)(c) legal obligation (record-keeping) |
| Child's display name, username, and Clerk authentication credentials | To create and operate the child's account | Article 6(1)(a) consent given by the parent on the child's behalf, authorised under Article 8(1) |
| Child's learning state — per-word memory state, streaks, mountain progress | To run the spaced-repetition pedagogy that's the core of the product | Same as above |
| Child's session activity — when they played, what they played, score | To run the game and compute the daily cap | Same as above |
| Direct messages between consenting child friends | To enable the social messaging feature | Same as above |
| Friendship pairings + parent-confirmation flags | To run the friendship gate that ensures messaging only happens between approved friends | Same as above |
| Web Push subscription endpoint + cryptographic keys + timezone + device user-agent | To deliver opt-in push notifications, honouring quiet hours per device timezone | Same as above |
| AI request payloads (word + paraphrase to Anthropic; word + curriculum metadata for the buzzer) | To run the paraphrase verdict and the buzzer hint | Same as above |
| Analytics events (named events, no PII) | To assess how well the different games perform, improve the app, and observe whether the cohort is engaging well | Same as above (we have not relied on legitimate interest for analytics, given the children's-data context) |
We do not process: real names, dates of birth, addresses, school information, phone numbers, biometric data, precise geolocation, payment information, or facial / voice data.
3. Where does the data come from?
- Directly from the parent (email, T&C acceptance, the child's display name and username)
- Directly from the child (their interactions with the game, including the messages they send to friends and the paraphrases they type)
- Derived by the system (learning progress, streak counts, session timestamps)
We do not buy data, scrape data, or receive data from third-party brokers.
4. Who is it shared with? (sub-processors)
We use the following service providers (sub-processors). Each has a Data Processing Agreement (DPA) with us. None are advertisers. None receive children's data for purposes outside the operation of the service.
| Provider | Purpose | Data they see | Region |
|---|---|---|---|
| Vercel Inc. | Hosting and serverless infrastructure | All HTTPS request data in transit; transient logs | Multi-region; primary EU |
| Supabase Inc. | Postgres database | All structured data we hold | EU (region confirmed at project creation) |
| Clerk Inc. | Authentication and user management | Parent email, child username, session tokens | US (with UK GDPR transfer mechanism — Standard Contractual Clauses + UK Addendum) |
| Anthropic PBC | Claude Haiku AI for paraphrase judging and buzzer hints | Word + dictionary definition + child's paraphrase (or curriculum metadata for the buzzer). No identifiers. | US (with SCCs + UK Addendum). Anthropic's API does not train on this data by default. |
| PostHog Inc. | Product analytics | Event data with internal numeric ids only — no name, no email, no username, no display name | EU (eu.i.posthog.com) |
| Cloudflare Inc. | Reverse-proxy of analytics ingestion via vocab.party/ingest | Analytics payloads in transit | Multi-region |
| Browser-vendor push services (Apple Push Notification service, Mozilla autopush, Google Firebase Cloud Messaging) | Web Push notification delivery | Notification title, body, URL, and tag — routed by an opaque endpoint URL | Per the user's browser; international transfers governed by the relevant adequacy / SCC mechanisms |
| Google Fonts | CSS-loaded fonts | The user's IP address (request-only; not bound to identity) | Multi-region |
We do not use Resend, Cloudflare R2, fal.ai, Replicate, Deepgram, ElevenLabs, or any other AI / media vendor in vocab.party.
5. International transfers
Some of the sub-processors above are US-hosted (Anthropic, Clerk, parts of Vercel). UK GDPR transfers to these are governed by the UK Information Commissioner's Office's International Data Transfer Addendum bound to the EU's Standard Contractual Clauses. Where vendors offer EU residency, we prefer EU.
6. How long do we keep it?
| Data category | Retention |
|---|---|
| Account data and learning progress | While the account is active. Deleted within 30 days of an erasure request. |
| AI request payloads (Anthropic) | Anthropic's policy. We send no identifiers; the request body is short curriculum text + (in the case of paraphrases) the child's typed sentence. We aim for Zero Data Retention with Anthropic; otherwise their default is 30 days. |
| Analytics events (PostHog) | 7 years. We chose this length to enable longitudinal observation of how cohorts engage with the product. None of these events contain PII. |
| Web Push subscriptions | Until the subscription dies (the push service returns a 404/410 — typically because the user uninstalled the PWA or cleared their browser data) or the account is deleted. |
7. Your rights and your child's rights
Under UK GDPR you have the right to:
- Be informed about how we use the data (this notice)
- Access the data we hold about you or your child (Article 15)
- Rectify anything inaccurate (Article 16)
- Erase the data (Article 17)
- Restrict processing (Article 18)
- Data portability — get a copy in machine-readable form (Article 20)
- Object to processing where we rely on legitimate interest (Article 21) — note: we don't rely on legitimate interest for any of the children's-data features, so this right is most relevant to operational data only
- Not be subject to decisions made solely by automated processing with legal or significant effects (Article 22) — note: Vocab.Party makes no such decisions
To exercise any of these rights, email hello@altshiftlab.com. We aim to respond within 7 calendar days; the legal maximum is one calendar month (extendable by two months for complex requests, with reasons). We do not charge for these requests.
If you're unhappy with our response, you have the right to complain to the Information Commissioner's Office — though we'd very much like the chance to put it right with you first.
8. Profiling and automated decision-making
Vocab.Party uses a spaced-repetition learning model that profiles your child's learning state (which words they know, which they're still learning). This profiling is the pedagogical core of the product, is visible to both you and your child, and produces no decisions with legal or significant effects.
The product does not profile for advertising, content recommendation beyond curriculum, attention/engagement, emotion, or sentiment.
9. Children's-specific protections
This service is designed for children aged 9–11 in line with the ICO Age-Appropriate Design Code. Specifically:
- Default settings are high-privacy (analytics is cookieless and identified-only; push notifications are opt-in; friendships require mutual + parent-confirmed consent)
- No nudge mechanics designed to extend engagement beyond what's healthy
- A daily session cap is enforced server-side
- Quiet hours for notifications: 21:00–07:00 in the device's timezone (Europe/London fallback)
- No public leaderboards — the mountain panel is per-friend-group only and shows other group members' positions, not strangers
10. Security incidents
If we discover a personal data breach affecting your child, we will:
- Notify the Information Commissioner's Office within 72 hours of awareness, where the breach is likely to result in risk to rights and freedoms
- Notify you directly without undue delay where the risk is high
- Tell you what happened, what data was affected, and what we're doing about it
To report a concern about your child's account (suspected unauthorised access, password compromise, an unwanted friend, an inappropriate message), email hello@altshiftlab.com.
11. Cookies and storage
The site uses no cookies beyond the necessary session cookies set by Clerk (our authentication provider) — we never set advertising cookies, marketing cookies, or third-party tracking cookies. Analytics uses localStorage only and is configured to honour the Do Not Track signal. No cookie consent banner is needed because no consent-requiring cookies are used.
12. How this notice is updated
We update this notice when our processing changes — for example, when a new sub-processor is added, when we add a new data category, or when our retention periods change. Material changes are surfaced to parents via email and require re-acceptance of the T&C; minor changes are documented in the revision log below.
Revision log
- v1.0 — 8 May 2026: first published.
- 10 June 2026: updated the contact address for parent queries and clarified how we use analytics data. No change to what we process or collect.
- 14 June 2026: removed a statement about backup retention timing while we finalise our backup arrangements. No change to what we process or collect.
Vocab.Party is built by Alt Shift Lab Ltd, England. Last reviewed: 2026-06-14.