Privacy Policy

SproutQuiz operates the Sprout Quiz - English platform at www.SproutQuiz.com. We are committed to protecting your personal data in accordance with Singapore's Personal Data Protection Act 2012 (PDPA).

Parent account: Email address, hashed password, subscription and billing history. Payment card details are processed by our payment partner — we never store card numbers.

Child profiles: First name or nickname, grade level (P1–P6), chosen avatar. We do not collect children's full legal names, school names, or student ID numbers.

Learning activity: Practice session records, scores, time taken, skill mastery scores, daily streak and XP totals. Used solely to personalise your child's practice and provide you with progress information.

Technical data: IP address, browser/device type, error logs — used for security and compatibility only.

We do not use your data for advertising, ad targeting, or automated profiling.

Child profiles are created and managed by the registered parent. We do not directly solicit information from children. Child data is used exclusively to personalise that child's practice experience and to report progress to the parent. We do not share child data with schools, government bodies, or third parties except as required by law.

If you believe a child's data was collected without appropriate parental consent, contact us via our feedback function and we will investigate and delete it promptly.

We do not sell personal data. We share data only with:

• Payment partner — to process subscription charges. They receive only what is necessary to complete the transaction.
• Web hosting and database partner — to store account and learning data on our behalf.
• AI technology partners — to generate practice content. We do not transmit identifiable parent or child data to AI providers.
• Legal authorities — if required by Singapore law or court order.

All partners are bound by contractual obligations to process data only as instructed by us.

Our hosting infrastructure may store data outside Singapore. Where data is transferred internationally, we ensure appropriate contractual safeguards are in place with the data recipient.

We protect your data with: industry-standard password hashing, TLS encryption for all data in transit, and access controls limiting data access to personnel who need it. In the event of a breach affecting your personal data, we will notify you in accordance with PDPA obligations.

We use cookies only for session authentication (keeping you logged in) and local browser storage only for in-progress session state (allowing you to resume a practice session after a page refresh). We do not use advertising cookies, tracking pixels, or third-party analytics like Google Analytics.

Under the PDPA you have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us via our feedback function. We will respond within 30 days.

If you are unsatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

We will provide at least 14 days' notice for material changes via in-app notification or email. Continued use after the effective date constitutes acceptance.

For questions about this Privacy Policy or to exercise your data rights, please use our feedback function.