Mathspeak and Data privacy, the GDPR and the PECR

The Mathspeak software does not set out to store personal data. It does require a student to create a login ID so they can save their progress through the course. This login ID comprises a name, an email address, and a password.  Real names should not be used, and anonymous email addresses should be used so that they that do not contain personal information.

Student accounts are automatically deleted after 12 months of non-use.

Only two cookies are set, and the data is stored locally on the website. These two cookies are solely functional for the software and contain no personal tracking data. No data is shared with other parties.

Cookie Name Purpose Validity
mathspeak_session Maintain identity 2 hours
XSRF-TOKEN Prevent forged requests 2 hours

The validity of both cookies are set to 2 hours and the expiration time (max-age) is being updated while the users use the website and exchange information with the server.

Web traffic to and from the site is encrypted, but this is dependent on the hosting of the website so if of concern users should satisfy themselves this is so by looking for the prefix HTTPS on the browser address line.

There is no social media aspect to the software and no teacher’s access to the accounts of students without sharing a login ID and password.

Mathspeak Privacy notice V1.0 30/3/21