Kite Phone

Privacy Policy

Last updated: February 2026

Kite Phone exists because we believe children deserve communication without surveillance. This policy explains what data we collect, why, and how we protect it. We've written it in plain English because privacy shouldn't require a law degree to understand.

1. Who We Are

Data Controller:

Kite Inclusive CIC
2b Bassein Park Road
Shepherds Bush
London W12 9RY
United Kingdom

Contact for data requests: info@kitestudios.org

ICO Registration Number: Registration pending

We are a Community Interest Company (CIC) registered in England. One of our services is providing VoIP landline telephone services for children aged 5-12.

2. What Data We Collect

Data TypeCollectedPurposeLegal Basis
Parent nameYesAccount administration, billingContract performance
Parent emailYesService communications, supportContract performance
Parent phone numberYesAccount verification, supportContract performance
Billing addressYesHardware delivery, invoicingContract performance
Bank account detailsNo**Processed by GoCardless, not stored by usN/A
Child's nameOptionalPersonalisation (e.g., voicemail greeting)Consent
Child's voiceNoWe do not record callsN/A
Call logsYes**Service delivery, troubleshootingLegitimate interest
Website analyticsYesService improvementLegitimate interest

*Direct Debit processing: Bank account details (sort code, account number) are handled entirely by GoCardless. We receive only confirmation of payment status, not your bank details. GoCardless is authorised by the Financial Conduct Authority (FCA) and payments are protected by the Direct Debit Guarantee.

**Call logs: Our VoIP provider retains call metadata (numbers dialled, call duration, timestamps) for service delivery and billing. Call content is never recorded or monitored.

3. What We Don't Collect

We do not collect:

  • Call recordings or transcripts
  • Location data (the phone is stationary; there's nothing to track)
  • Browsing history (the phone cannot access the internet)
  • Contacts or address books
  • Photos, videos, or messages (the phone has no camera or messaging capability)
  • Behavioural data, preferences, or profiles on children
  • Biometric data of any kind

Why this matters:

Most "safe phone" products monitor children extensively. We took a different approach: build a device that doesn't generate surveillance data in the first place.

4. Children's Data & the Age Appropriate Design Code

Kite Phone is designed for use by children aged 5-12. We comply with the ICO's Age Appropriate Design Code (Children's Code) by:

1

Data minimisation by design

The phone cannot collect behavioural data, location, or browsing activity because it lacks those capabilities entirely.

2

No profiling

We do not build profiles on child users or use their data for marketing.

3

No nudge techniques

The phone has no apps, notifications, or features designed to extend usage.

4

Parental control without surveillance

Parents control who the child can call via short-dial codes. We don't provide call recording, message monitoring, or location tracking.

5

High privacy by default

No settings need to be changed to achieve maximum privacy. It's the only mode.

5. How We Use Your Data

Service delivery:

  • Processing your order and delivering hardware
  • Provisioning your VoIP phone line
  • Collecting monthly payments via Direct Debit
  • Providing technical support
  • Sending service-related emails (outages, billing, contract renewals)

Service improvement:

  • Analysing aggregate, anonymised usage patterns (e.g., average call volumes) to improve the service
  • Website analytics to understand how visitors find us

We never:

  • Sell personal data to third parties
  • Share data with advertisers
  • Use child data for marketing
  • Make automated decisions affecting you or your child

6. Who We Share Data With

Third-party processors:

ProviderPurposeData SharedLocation
Statcomtelecoms / NebulaCloudVoIP service deliveryPhone numbers, call metadataUK
GoCardlessDirect Debit payment processingName, email, bank details (not stored by us)UK/EU
SupabaseCustomer databaseAccount informationEU (Frankfurt)
ResendTransactional emailEmail address, nameUS (SCCs)
PostHogWebsite analyticsAnonymised browsing dataEU

SCCs = Standard Contractual Clauses for international transfers under UK GDPR.

GoCardless is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 (FRN 597190) for the provision of payment services. All Direct Debit payments are protected by the Direct Debit Guarantee.

All processors are bound by data processing agreements requiring UK GDPR-equivalent protections.

7. Data Retention

Data TypeRetention PeriodReason
Account dataDuration of contract + 6 yearsLegal/tax obligations
Call metadata12 months rollingTroubleshooting, billing queries
Payment records6 years from transactionHMRC requirements
Direct Debit mandatesDuration of contract + 13 monthsGoCardless/Bacs requirements
Support correspondence3 years from resolutionService improvement
Website analytics12 monthsAnonymised and aggregated

After retention periods: Data is securely deleted or anonymised such that it cannot be linked to any individual.

8. Your Rights Under UK GDPR

You have the right to:

1. Access— Request a copy of the personal data we hold about you
2. Rectification— Correct inaccurate or incomplete data
3. Erasure— Request deletion of your data ("right to be forgotten")
4. Restrict processing— Limit how we use your data in certain circumstances
5. Data portability— Receive your data in a machine-readable format
6. Object— Object to processing based on legitimate interest
7. Withdraw consent— Where processing is based on consent, withdraw it at any time

To exercise any right: Email privacy@kitestudios.org with your request. We will respond within 30 days.

Complaints: If you're unsatisfied with our response, you may complain to the Information Commissioner's Office (ICO):

9. Cookies

Our website uses minimal cookies:

CookiePurposeDurationType
SessionMaintain login stateSessionEssential
ConsentRemember cookie preference1 yearEssential
PostHogAnonymous analytics1 yearAnalytics (optional)

Analytics cookies are only set after you click "Got it" on our consent banner. You can opt out anytime by adding ?opt_out=true to any page URL.

We do not use advertising cookies or social media embeds.

10. Security

We protect your data through:

  • HTTPS encryption on all web traffic
  • Encrypted database storage (Supabase with AES-256)
  • Access controls limiting staff access to personal data
  • Regular security reviews of third-party processors
  • No storage of bank account details on our systems (handled by GoCardless)

VoIP security:

Calls are transmitted using encrypted SIP protocols. Call content is not recorded or stored.

Payment security:

GoCardless is PCI-DSS compliant and authorised by the FCA. Your bank details are encrypted and stored in their secure environment, never on our servers.

11. Direct Debit Guarantee

All Direct Debit payments are protected by the Direct Debit Guarantee, which provides:

  • Immediate money-back entitlement from your bank if an error is made
  • Advance notice of payment amounts and dates
  • Right to cancel the Direct Debit at any time by contacting your bank

Full details: directdebit.co.uk/direct-debit-guarantee

12. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be communicated via email to active customers. The "Last Updated" date at the top indicates the most recent revision.

13. Contact Us

Email: info@kitestudios.org

Postal address:

Kite Inclusive CIC
2b Bassein Park Road
Shepherds Bush
London W12 9RY
Back to home