Privacy Policy

Last updated: 6th May 2026
Applies to: memoleap.com and all MemoLeap mobile applications
Data controller: Building on It Limited, registered in England No. 5305718

1. Plain-English summary

We've tried to write this policy as plainly as we can, but the short version is this: we collect as little personal information as we can get away with, we never sell it, we don't run advertising in our apps, and we apply extra protections when an app is being used by a child.

The detail below explains exactly what we do collect, why, and what your rights are over it. If anything is unclear, please write to us at privacy@memoleap.com.

2. Who we are

MemoLeap is a brand of educational mobile applications operated by Building on It Limited, a company registered in England and Wales (company number 5305718). Our registered office is at Carlton House, Higham Ferrers, NN10 8BW. Our trading address is 37th Floor, One Canada Square, London E14 5AA.

For the purposes of UK and EU data protection law, Building on It Limited is the data controller for personal information collected through MemoLeap apps and through this website.

ICO registration number ZB397046

3. What information we collect

The categories of information we may collect, depending on which app or service you use, are set out below.

3.1 Information you give us

• Email address — if you contact us, sign up for product updates, or create an optional account.
• Name — only if you choose to provide it (for example, in a support enquiry).
• Messages and correspondence — the content of emails or support requests you send us.

3.2 Information collected automatically by the apps

• Usage data — which features were used, progress data used to power spaced-repetition scheduling. This data is held on the device and not shared with us.
• Crash and error reports — automatically generated diagnostic information when something goes wrong.

3.3 Information collected automatically by this website

• Standard server logs — IP address, browser type, pages visited, kept briefly for security and operational purposes.
• Cookies — we use only essential cookies. We do not use advertising or analytics cookies that track you across other sites.

3.4 What we do not collect

• We do not run advertising and we do not collect data for advertising purposes.
• We do not use third-party advertising networks.
• We do not knowingly collect precise location data.
• We do not access contacts, photos, or other device content beyond what an app explicitly needs and you have permitted.

4. How and why we use information

We use the information we collect for the following purposes:

• To provide and operate the apps and the website.
• To enable spaced-repetition scheduling, progress tracking, and other learning features.
• To respond to support enquiries, fix bugs, and improve the apps.
• To send service-related communications (for example, important updates about an app).
• To comply with our legal obligations.

5. Legal bases for processing

Under UK GDPR we must have a lawful basis for each kind of processing. Ours are:

• Performance of a contract — to provide the apps and services you've installed or signed up for.
• Legitimate interests — for limited operational purposes such as fixing bugs, securing the service, and improving the apps. We assess these against your rights and interests.
• Consent — for any optional communications, and for any processing where consent is the appropriate basis. You can withdraw consent at any time.
• Legal obligation — where we are required by law to keep or process specific information.

6. Who we share data with

We do not sell personal data, and we do not share it for advertising purposes. We share information only with:

• Service providers we rely on to run our apps and website — for example, our cloud hosting provider, our email provider, and (where used) crash-reporting tools. Each is bound by contractual data-protection obligations.
• Apple and Google, in the limited ways the App Store and Google Play platforms require for us to distribute the apps.
• Anyone we are legally required to share information with — for example, in response to a valid request from a law-enforcement authority.

7. How long we keep data

We keep personal information only for as long as we need it for the purpose we collected it.

• Account data — kept while your account is active, and for [period TBC, typical 30–90 days] after deletion to allow recovery if needed.
• Support correspondence — typically kept for [period TBC, often 2 years] for our records.
• Usage and progress data — kept on-device wherever possible and discarded when the app is uninstalled.
• Server logs — typically kept for [period TBC, often 30 days].

8. Your rights

If UK or EU data-protection law applies to you (which it does for users in those territories), you have the following rights:

• Access — you can ask us for a copy of the personal data we hold about you.
• Rectification — you can ask us to correct inaccurate data.
• Erasure — you can ask us to delete data we hold about you.
• Restriction — you can ask us to limit how we use your data.
• Objection — you can object to processing based on our legitimate interests.
• Portability — you can ask for a copy of certain data in a structured, machine-readable format.
• Withdraw consent — where we rely on your consent, you can withdraw it at any time.
• Complain — you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to put things right first.

To exercise any of these rights, write to us at privacy@memoleap.com. We'll respond within one calendar month.

9. Children's privacy

Many MemoLeap apps are designed to be used by children, and we apply additional protections in line with the UK Information Commissioner's Age-Appropriate Design Code (the Children's Code) and equivalent provisions where they apply.

9.1 What we do

• We treat all users as if they could be a child unless they tell us otherwise, and we apply the strictest privacy settings by default.
• We do not display advertising, and we do not use any third-party advertising or marketing trackers in our apps.
• We collect the minimum information needed for the app to work. Where we can keep data on the device rather than sending it to our servers, we do.
• We do not profile children or use their data to target them in any way.

9.2 What parents and guardians should know

• If your child uses a MemoLeap app and you have any questions about what data is being collected, please write to privacy@memoleap.com.
• If you believe a MemoLeap app has collected information from your child that you'd like removed, please get in touch and we will act promptly.
• You can review the App Store or Google Play listing for each app to see Apple's and Google's own labels and ratings.

9.3 Note for users in the United States

If you are using a MemoLeap app in the United States with a child under 13, the US Children's Online Privacy Protection Act (COPPA) applies. Our practices are designed to comply with COPPA. The data minimisation, no-advertising, and parental-rights provisions described above apply equally. For COPPA-related questions, please email privacy@memoleap.com.

10. Security

We take reasonable technical and organisational measures to protect personal information against unauthorised access, loss, or disclosure. These include encryption in transit, access controls on our internal systems, and regular review of our suppliers' security practices.

No system is perfectly secure, and we make no guarantee of absolute security, but we will tell you (and any relevant regulator) without undue delay if a personal data breach occurs that is likely to put your rights or freedoms at risk.

11. International transfers

We are based in the United Kingdom, and most of our data is processed in the UK or the European Economic Area. Where any of our service providers process data outside those areas, we rely on appropriate safeguards — typically the UK International Data Transfer Agreement, or the European Commission's Standard Contractual Clauses with the UK Addendum where applicable.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "last updated" date at the top of the policy and, where appropriate, notify you in the app or by email. We encourage you to review this page periodically.

13. Contact us

For any privacy-related questions, requests, or concerns, please contact:

Privacy Team, MemoLeap
Building on It Limited
37th Floor, One Canada Square
London E14 5AA
Email: privacy@memoleap.com

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk.