Get early free access

Privacy Policy

Effective date: 28 July 2025

MAMA.codes Ltd trading as Looparoo is committed to protecting your privacy and handling your personal data in a transparent, secure and responsible way.

This Privacy Policy explains:

What personal information we collect and how we use it

  • Your rights in relation to that data
  • How we protect your data and how long we keep it
  • What to do if you have concerns or wish to make a complaint

If you have any questions or concerns, please contact us at: looparoo@MAMA.codes

1. Who We Are

Looparoo is a digital coding platform designed for children aged 3–7, operated by:

MAMA.codes Ltd
Company number: 09617318
Registered address:
63-66 Hatton Garden
Fifth Floor Suite 23
London EC1N 8LE
United Kingdom

Email: looparoo@MAMA.codes

2. What Data We Collect

We collect personal data to provide our services and ensure the safety, relevance and quality of your experience. This includes:

a) Data you provide directly:

  • Your (parent / carer) name, email address
  • Your child’s first name, age, gender, and learning needs (if shared)
  • Contact information
  • Purchase details
  • Communication preferences

b) Data we collect automatically:

  • Device and browser information (IP address, operating system, browser type)
  • Pages visited, links clicked, and usage duration on our platform
  • Referral source (e.g. how you found our site)

c) Data from third parties:

  • Payment providers (e.g. Stripe) for secure transactions
  • Analytics and communication tools that help us understand and improve user behaviour

We do not knowingly collect personal data directly from children under 16.

All account set-up and consents must be completed by a parent or adult aged over 18 supervising the child

3. How and Why We Use Your Data

We process personal data for the following purposes:

  • Service delivery – Tailoring your child’s experience, managing accounts, sending updates
  • Safety & safeguarding – Digital safety and record-keeping in case of a data breach
  • Marketing (with consent) – Sending newsletters, offers or updates
  • Analytics and service improvement – Understanding usage patterns to improve our product
  • Legal obligations – Tax, accounting, safeguarding, and health & safety compliance

We aim to collect only what we need and will never use your personal data in unexpected ways.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on one or more of the following lawful bases:

  • Consent – e.g. to send you marketing emails or collect information about a child’s progress
  • Contract – e.g. to provide our services or process bookings
  • Legal obligation – e.g. for tax records or safeguarding
  • Vital interests – e.g. any emergency that may arise involving a child or adult using our platform
  • Legitimate interests – e.g. to improve our services or contact you with relevant updates (balanced against your rights)

Where we process special category data (such as health, ethnicity, or SEND information), we rely on Article 9(2)(a) (explicit consent) or Article 9(2)(c)/(g) in safeguarding situations.

5. Data Sharing and Third Parties

We do not sell or rent your data to third parties. We may share it with trusted service providers who help us operate effectively, such as:
Cloud hosting and CRM platforms

  • Email and communications platforms
  • Payment processors (e.g. Stripe)
  • Analytics providers (e.g. Google Analytics – anonymised where possible)
  • Advertising platforms such as Google, Meta or LinkedIn

All third parties are contractually obliged to comply with UK data protection laws and cannot use your data for their own marketing.
We may disclose your data if required by law or in urgent safeguarding situations.

6. International Data Transfers

Some of our service providers may be based outside the UK or European Economic Area (EEA). When data is transferred internationally, we ensure it is protected by:

  • Data adequacy decisions by the UK Government
  • Standard Contractual Clauses approved by the ICO
  • Additional security and risk assessment procedures

7. Data Security

We use robust organisational and technical measures to protect your data. These include:

  • SSL encryption for website and app usage
  • Secure cloud storage
  • Role-based access controls
  • Daily encrypted backups
  • Regular staff training and compliance reviews

Analytics data is anonymised where possible. If we become aware of a personal data breach, we will notify the ICO within 72 hours and inform you promptly if your rights are affected.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, including:

  • While you or your child are actively using our services
  • For legal, regulatory or safeguarding purposes
  • For up to 2 years after last interaction, unless retention is legally required

You can request deletion of your or your child’s data at any time (subject to legal exceptions).

9. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Withdraw consent at any time
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to processing
  • Request data transfer to another provider (data portability)
  • Object to use of data for direct marketing

To exercise these rights, please contact: looparoo@MAMA.codes

We may need to verify your identity before fulfilling your request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to:

  • Understand how visitors interact with our site
  • Improve performance and user experience
  • Personalise content and services

You can manage your cookie preferences via our cookie banner or browser settings. More information is available in our separate Cookie Policy.

11. Children Under 16

Looparoo is an educational platform for children, but we do not collect personal data from users under 16 without verified parental consent.

Parents and guardians can access, amend or delete their child’s data at any time. We follow best-practice guidance from the ICO’s Children’s Code in designing our data collection and safeguarding processes.

12. Users in Vulnerable Circumstances

We take extra care when interacting with individuals who may be vulnerable. If you let us know about a particular need or concern, we will treat your data with additional sensitivity and discretion.

13. Links to Other Websites

Our website may contain links to other third-party sites. This privacy policy applies only to our own services. We encourage you to review the privacy policies of any external sites you visit.

14. Data Breach Procedures

In the event of a personal data breach, we will:

  • Identify and contain the breach immediately
  • Assess risk and notify the ICO within 72 hours if legally required
  • Notify affected individuals where there is a high risk to their rights
  • Investigate and record the breach internally
  • Take steps to prevent recurrence

We review our breach response plan regularly as part of our broader data protection compliance.

15. How to Contact Us or Make a Complaint

If you have questions or would like to exercise your rights, contact:

Email: looparoo@MAMA.codes

Post: MAMA.codes Ltd, 63-66 Hatton Garden, Fifth Floor Suite 23, London, England, EC1N 8LE

If you are unhappy with our handling of your data, you can also contact:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk

16. Changes to This Policy

We review this policy regularly to reflect changes in the law or our services. Any updates will be posted on this page. We will clearly communicate significant changes to you via our website or email.

  • looparoo@MAMA.codes

Follow us

Join the gang on our social channels.

Jki-facebook-f Instagram Linkedin

Policies

Privacy policy
Cookie policy
Code + Play summer T&Cs

© 2025 MAMA.codes. All Rights Reserved