Nia Education

Privacy Policy

Last updated: 4 January 2026

This Privacy Policy explains how Nia Education Ltd (trading as NiaEducation) (“we”, “us”) collects and uses personal data when you use our WhatsApp-based teaching tool and any related services (the “Service”).

1. Who we are (Data Controller)

We are the data controller for the personal data described in this policy unless we tell you otherwise.

  • Controller: Nia Education Ltd (trading as NiaEducation)
  • Registered/service address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • Email: contact@niaeducation.org

If a school/organisation provides the Service to staff, the school/organisation may be the controller for student/staff data shared through the Service, and we may act as a processor on its behalf under a data processing agreement.

2. The Service and WhatsApp

WhatsApp protects messages with end-to-end encryption while they are being delivered on WhatsApp. Once a message reaches a business (like us), the message content may be accessed and stored by the business and its service providers to respond and provide services.

WhatsApp/Meta also processes information under its own policies.

3. Personal data we collect

Depending on how you use the Service, we may collect:

A) WhatsApp identifiers and account data

  • Your phone number and WhatsApp profile information (e.g., profile name; and possibly profile image depending on availability)
  • Optional setup information you provide (e.g., name, school/organisation, subject area, role)

B) Conversation data

  • Messages and prompts you send (including attachments such as images or documents)
  • Our replies and conversation history (to maintain context and improve support)

C) Technical and usage data

  • Message metadata (e.g., timestamps, delivery status)
  • Service logs and usage analytics (e.g., feature usage, error logs, performance metrics)

D) Support communications

  • If you contact us directly, we keep a record of the request and our response.

4. Whether you must provide data

We need your phone number and message content to deliver the Service via WhatsApp. If you do not provide required information, we may be unable to respond or provide the Service.

5. How we use your data and our lawful bases

We use personal data for the purposes below:

  1. Provide the Service (generate responses, deliver messages, maintain context)
    • Lawful basis: performance of a contract / steps at your request to provide the Service; and/or legitimate interests.
  2. Customer support and troubleshooting
    • Lawful basis: legitimate interests; and/or contract.
  3. Improve quality, safety, and reliability (including debugging, evaluating performance, and improving responses)
    • Lawful basis: legitimate interests.
    • Where required, we use consent for optional features not necessary to provide the Service.
  4. Legal, compliance, and security (responding to lawful requests, enforcing terms, preventing abuse)
    • Lawful basis: legal obligation; legitimate interests.

Legitimate interests

Where we rely on legitimate interests, those interests include operating the Service, keeping it secure, preventing misuse/fraud, and improving reliability and accuracy.

Special category data

Messages could include sensitive information (e.g., health or special educational needs). Please avoid sending sensitive information unless it is necessary. If you choose to provide sensitive information, we process it only where permitted by applicable law and with appropriate safeguards (and where required, we will ask for explicit consent or provide a suitable alternative).

6. Student and third-party data

The Service is intended for teachers and educators. If you share personal data about students or other individuals, you confirm you have the right to do so.

Please minimise personal data and avoid sharing identifiable student information where possible (e.g., use “Student A” or initials). Do not send highly sensitive details unless necessary.

7. AI processing, human review, and training

Our responses are generated using AI models. We may also use automated processing to detect abuse and protect the Service. We do not use the Service to make solely automated decisions that produce legal or similarly significant effects about you.

Human access: Only authorised staff/contractors can access conversation data where necessary for support, debugging, quality assurance, or safety, subject to access controls.

Model improvement and training

During our pilot phase, we may review and use conversation data (including message content) to debug issues, evaluate performance, and improve the Service.

We do not allow third-party providers to use your message content to train their general-purpose models unless we have clearly told you and (where required) obtained your consent.

Opt-out: If you want us not to use your conversation content for internal improvement, email contact@niaeducation.org from the address you can access and include your WhatsApp number and the words “AI TRAINING OPT-OUT”. We will apply the opt-out going forward and may need time to remove previously stored copies from backups or logs.

8. Who we share data with

We share personal data only with providers needed to run the Service, for example:

  • Messaging providers (e.g., WhatsApp Business Platform / API providers) for message delivery
  • Cloud hosting and storage providers for secure processing and storage
  • AI providers to generate responses and/or provide safety tooling
  • Professional advisers (legal/accounting) and regulators/law enforcement where required by law

We do not sell your personal data.

9. International transfers (UK-based, global service)

Because we provide services globally, some providers may process personal data outside the UK (and outside the EEA). Where we make restricted transfers, we use appropriate safeguards such as approved contractual clauses (e.g., UK IDTA and/or EU SCCs) and (where required) transfer risk assessments.

EU/EEA users: If EU/EEA data protection law applies to our processing, we will comply with applicable requirements and, where required, appoint an EU representative and publish their contact details here.

10. Data retention

Conversation retention and de-identification

We keep conversation content linked to your WhatsApp number while your account is active to provide the Service and support.

If you are inactive for [12 months], we will de-identify conversation content so it is no longer associated with your phone number or other direct identifiers, unless we need to keep identifiable data for legal, security, or dispute-resolution reasons.

Security logs

We typically retain security and audit logs for [6–12 months] to protect the Service and investigate abuse.

Backups

Backups may retain copies for a limited period and are overwritten on a rolling basis. Where feasible, we apply deletion/de-identification to active systems first, and backups expire over time.

Deletion requests

You can request deletion of conversation data associated with your WhatsApp number at any time by emailing contact@niaeducation.org and providing your WhatsApp number.

We will delete or de-identify that data where reasonably possible. We may retain limited information for longer where necessary for security, legal compliance, dispute resolution, or to maintain the integrity of our systems. Backup copies may persist for a limited period and are overwritten on a rolling basis.

11. Security

We use administrative, technical, and organisational measures designed to protect your data, such as:

  • Access controls and least-privilege permissions
  • Encryption in transit and (where applicable) at rest
  • Monitoring and logging
  • Vendor security reviews

No system is 100% secure, but we work to protect data appropriately.

12. Your rights

Depending on your location and applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict processing
  • Object to processing (particularly where we rely on legitimate interests)
  • Data portability (in some circumstances)
  • Withdraw consent (where consent is the lawful basis)
  • Lodge a complaint with a regulator

How to exercise rights: Email contact@niaeducation.org.

We may need to verify your identity. We generally respond within one month (and can extend in limited cases).

Some requests (such as deletion) may be subject to limited exceptions (e.g., security logs, legal obligations, or backups overwritten on a rolling basis).

Complaints (UK)

If you have concerns, please contact us first at contact@niaeducation.org. You also have the right to complain to the UK Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/.

13. Children’s data

If the Service is used by or for children, we expect schools/parents/guardians to ensure appropriate permissions and safeguards. We aim to present privacy information in clear language and design the Service with children’s interests in mind where applicable.

Where we rely on consent for processing in an online service context, UK rules generally allow children aged 13+ to consent for themselves; under 13 requires parental responsibility consent.

14. Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date and, where appropriate, notify you via the Service.

15. Contact us

For privacy questions or requests, contact: contact@niaeducation.org

Message us on WhatsApp