OctoDecks is developed and operated by Objects and Concepts Limited, a company registered in England and Wales (company number 13746187, registered address: 71-75 Shelton Street, London, England, WC2H 9JQ) ("OctoDecks", "we", "us", "our"). For the purposes of UK data protection law, Objects and Concepts Limited is the data controller for personal data processed in connection with the OctoDecks service.
Contact: hello@octodecks.com
We collect only the data that is necessary to provide and improve the OctoDecks service. The table below sets out the categories of data we collect, from whom, and why.
| Category | Who it relates to | What we collect | Why |
|---|---|---|---|
| Account data | Subscribed teachers | Email address, name (optional), subscription status, billing reference | To manage your account, send login links, process payments, and send service communications |
| Session data | Teachers running live sessions | Room codes, slide deck structure, activity configuration, timestamps | To run and synchronise live classroom sessions in real time |
| Student responses | Students joining a live session | Anonymous activity responses (e.g. MCQ choices, word cloud entries, exit ticket text) linked to a session room code only, never to an individual student identity. All live session data is permanently deleted from our servers the moment the teacher ends the session. | To display live results on the teacher board and student reading view during the session only |
| Trial data | Free trial users | Email address (entered voluntarily), anonymous Firebase user ID, browser user agent, trial start timestamp | To track trial usage, follow up with trial users, and prevent abuse |
| Usage data | All users | Page visits, feature interactions, error logs, browser type, approximate location (country/region level) | To diagnose bugs, improve the platform, and understand usage patterns |
| Communications | Anyone who contacts us | Email address and content of messages sent to us | To respond to enquiries, support requests, and feedback |
OctoDecks is designed with student privacy at its core. Students do not create accounts, do not log in, and are never required to provide any personal information to use OctoDecks.
When students join a live session using a room code:
The only data that persists on our servers after a session ends is any images uploaded by the teacher into their presentation deck for use as slide content. These are tied to the teacher's account and deck, not to any student or session, and can be deleted by the teacher at any time.
Teachers are responsible for ensuring their use of OctoDecks complies with their school's own data protection policies. Because no live session data is retained after the session closes, OctoDecks does not hold any student activity data that would need to be subject to a subject access request or erasure request.
OctoDecks uses Google Firebase as its backend infrastructure. We have configured our Firebase project to use EU-region servers (specifically, Google Cloud infrastructure located within the European Economic Area). This means your data, and the data of your students, does not leave the EEA for storage purposes.
| Firebase service | What it stores | Region |
|---|---|---|
| Firebase Realtime Database | Live session state, student responses during sessions, trial capture data | EU (europe-west1) |
| Firebase Authentication | Teacher account authentication tokens; anonymous auth tokens for trial users | EU |
| Firebase Storage | Images uploaded by teachers into decks (where applicable) | EU |
Google LLC acts as a data processor for OctoDecks and processes data on our behalf under Google's standard Data Processing Terms, which are compliant with UK GDPR and EU GDPR. For more information, see Google's Firebase privacy documentation.
Subscription payments are processed by Stripe, Inc. We do not store your full payment card details on our servers. Stripe acts as a data processor and is certified to PCI-DSS Level 1. For more information, see Stripe's Privacy Policy.
The OctoDecks application makes use of your browser's localStorage to store your active session data, deck library, theme preference, and (for trial users) the email address you entered. This data lives entirely on your device and is not transmitted to our servers unless explicitly required for a feature (such as starting a live session).
| Data type | Retention period |
|---|---|
| Account data (email, name) | For the duration of your subscription plus 12 months, or until you request deletion |
| Live session responses (MCQ answers, word cloud entries, exit tickets, polls, confidence checks, and all other activity submissions) |
Deleted immediately and permanently when the teacher ends the session. No live session data is retained on our servers after session close. |
| Teacher-uploaded images | Retained for the duration of the teacher's account. Deleted when the account is closed or on request. |
| Trial capture data | Up to 12 months from the trial date, or until you request deletion |
| Usage/diagnostic logs | Up to 12 months, held for debugging and platform improvement purposes |
| Payment records | Retained for 7 years in accordance with UK financial record-keeping requirements |
| Communications (emails to us) | For as long as necessary to resolve the matter, then deleted or anonymised |
When a retention period ends, data is permanently deleted or irreversibly anonymised.
We do not share personal data with third parties except in the following circumstances:
We do not share data with advertisers, data brokers, or marketing agencies.
The OctoDecks website (octodecks.com) uses a minimal number of cookies:
| Cookie / storage key | Purpose | Type |
|---|---|---|
| od-theme | Remembers your light/dark mode preference | localStorage (functional) |
| Firebase auth tokens | Maintains your login session in the application | localStorage (strictly necessary) |
| dt_teacher_session | Stores your teacher session state within the app | localStorage (strictly necessary) |
| octotrial_email | Stores the email address entered during a free trial session (trial users only) | localStorage (functional) |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies on octodecks.com. You can clear localStorage data at any time through your browser settings.
The OctoDecks application loads the following third-party scripts:
Under UK GDPR, we rely on the following legal bases for processing personal data:
| Processing activity | Legal basis |
|---|---|
| Managing your account and delivering the service | Performance of a contract (Article 6(1)(b)) |
| Processing payment and maintaining billing records | Performance of a contract and legal obligation (Article 6(1)(b) and (c)) |
| Sending important service notices (e.g. downtime, policy changes) | Legitimate interests (Article 6(1)(f)), specifically keeping users informed about the service they use |
| Following up with free trial users | Legitimate interests (Article 6(1)(f)), specifically where trial users have voluntarily provided their email |
| Diagnostic logging and platform improvement | Legitimate interests (Article 6(1)(f)), specifically maintaining and improving a reliable service |
| Responding to legal requests | Legal obligation (Article 6(1)(c)) |
Under UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, contact us at hello@octodecks.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.
These rights apply to your own personal data. They do not extend to lesson content you have created (which is governed by the Terms of Service) or to anonymised student response data that cannot be traced back to an individual.
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
Despite these measures, no system is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by UK GDPR.
OctoDecks is a teacher-facing platform. Accounts may only be created by adults (18+). While students of any age may participate in live OctoDecks sessions using a room code, they do so without providing any personal data and without creating an account.
If you believe a child under 13 has inadvertently provided personal information to OctoDecks (for example, through a free-text activity response that contains identifying information), please contact us immediately at hello@octodecks.com and we will take prompt steps to delete it.
Teachers are responsible for ensuring that their use of OctoDecks in the classroom complies with their school's safeguarding and data protection policies, including any obligations under UK GDPR as it relates to the processing of children's data.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "last updated" date at the top of this page and, where appropriate, notify subscribers by email. Your continued use of OctoDecks after any changes constitutes your acceptance of the updated policy.
If you have any questions about this Privacy Policy, how we handle your data, or would like to exercise your rights, please contact us:
If you are unhappy with how we have handled your personal data and we have not been able to resolve your concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
This policy was last reviewed on 1 May 2025. Previous versions are available on request.