Cookie Policy

1. Introduction — What Are Cookies

This Cookie Policy explains how Druid Learning Hub (“Platform,” “we,” “us,” or “our”), operated by Data Druid Tech Services Limited, a company incorporated and registered in the Federal Republic of Nigeria, uses cookies, local storage, and similar tracking technologies when you visit or interact with our educational platform at druidlearninghub.com (the “Website”).

This Cookie Policy should be read together with our Terms of Service, Privacy Policy, and Acceptable Use Policy, which are incorporated herein by reference.

1.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, to provide information to the owners of the site, and to improve the user experience. Cookies are stored in your browser and allow a website or a third party to recognise you across sessions.

Cookies can be classified by their lifespan:

• Session cookies — These are temporary cookies that expire when you close your browser. They are used to maintain state during a single browsing session (e.g., keeping you logged in as you navigate between pages).
• Persistent cookies — These remain on your device for a defined period (set by the cookie’s expiration date) or until you manually delete them. They are used to remember your preferences and settings between visits.

Cookies can also be classified by their origin:

• First-party cookies — These are set directly by our Website (druidlearninghub.com) and can only be read by our Website.
• Third-party cookies — These are set by domains other than our Website. They are typically placed by external services whose resources are loaded on our pages (e.g., CDN providers, font services).

1.2 What Are Similar Technologies?

In addition to cookies, we use other browser-based storage mechanisms, specifically localStorage and sessionStorage, which are part of the Web Storage API. Unlike cookies, these are not sent to the server with every request; they are stored entirely in the browser and accessed via JavaScript. We use localStorage extensively in our Dojo creative tools to save your work, projects, and preferences locally on your device. We describe these technologies in detail in Section 5 of this policy.

2. How We Use Cookies

Druid Learning Hub uses cookies and similar technologies for the following purposes:

• Authentication and session management — To identify you after you log in and maintain your authenticated session as you navigate the Platform. Without session cookies, you would need to re-enter your credentials on every page.
• Security and CSRF protection — To protect you against Cross-Site Request Forgery (CSRF) attacks. Django, the web framework powering our Platform, sets a CSRF token cookie that ensures form submissions originate from our Website and not from malicious third parties.
• Consent tracking — To remember your cookie consent preferences so that we do not repeatedly prompt you for consent on subsequent visits.
• Functional preferences — To store your user interface preferences such as language, theme (light/dark mode), and code editor configuration settings so that these persist between sessions.
• Content Delivery Network (CDN) resource loading — Our Platform loads fonts, JavaScript libraries, and other resources from third-party CDNs. These services may set cookies or collect technical data as part of serving these resources.
• Local data persistence — To save your work-in-progress in our Dojo creative tools (code projects, notebooks, graphic designs, web projects, system designs) so that you do not lose your work if you accidentally close the browser or navigate away.

Important: Druid Learning Hub does not currently use any third-party analytics cookies (such as Google Analytics), advertising cookies, social media tracking cookies, or any form of behavioural advertising technology. We do not sell or share cookie data with advertisers. If this changes in the future, we will update this policy and obtain appropriate consent before deploying such cookies.

3. Types of Cookies We Use

We categorise the cookies used on our Platform into the following types, in accordance with the classification system recommended by the International Chamber of Commerce (ICC) UK Cookie Guide and the Information Commissioner’s Office (ICO) guidance:

3.1 Strictly Necessary Cookies

These cookies are essential for the operation of our Platform. They enable core functionality such as user authentication, session management, and security protections. Without these cookies, the Platform cannot function correctly. These cookies cannot be disabled as the Platform requires them to operate. Under Article 5(3) of the ePrivacy Directive (2002/58/EC), as amended by Directive 2009/136/EC, strictly necessary cookies are exempt from the consent requirement because they are essential for the provision of the service you have explicitly requested.

• Session ID cookie (sessionid) — Identifies your authenticated session after login. This is a first-party, server-side session cookie set by Django. It contains a cryptographically random session identifier; no personal information is stored in the cookie itself. Session data is stored securely on our server.
• CSRF token cookie (csrftoken) — Provides Cross-Site Request Forgery protection. This token is included in forms and AJAX requests to verify that requests originate from our Platform. This is a security-critical mechanism mandated by web application security best practices (OWASP).
• Cookie consent preference (cookie_consent) — Stores your response to our cookie consent banner (accepted, rejected, or the specific categories you have consented to). This cookie is necessary to respect your preferences across sessions and to fulfil our legal obligation to record consent under the GDPR and ePrivacy Directive.

3.2 Functional Cookies

Functional cookies enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have integrated into our pages. If you do not allow these cookies, some or all of these features may not function properly.

• Language preference — Remembers your selected interface language so that the Platform displays content in your preferred language on subsequent visits.
• Theme preference — Stores whether you prefer light mode, dark mode, or system-default theming. This preference may be stored in localStorage rather than a cookie.
• Editor settings — Remembers your preferred code editor configuration (e.g., font size, tab width, key bindings, word wrap) for the Ace Editor and CodeMirror 6 environments used in our Dojo tools and split-screen lessons.

3.3 Performance Cookies

Performance cookies collect information about how visitors use a website, such as which pages are visited most often and whether users encounter error messages. These cookies do not collect information that identifies individual visitors; all information is aggregated and therefore anonymous.

Current status: Druid Learning Hub does not currently deploy any performance or analytics cookies. We do not use Google Analytics, Matomo, Plausible, or any other analytics service that sets cookies. If we introduce analytics cookies in the future, we will:

• Update this Cookie Policy before deployment;
• Obtain your explicit, informed, and freely given consent before setting any analytics cookies;
• Provide a clear mechanism to opt out at any time;
• Prefer privacy-respecting, cookie-free analytics solutions where feasible.

3.4 Third-Party Cookies

Third-party cookies are set by domains other than druidlearninghub.com. Our Platform loads resources from several Content Delivery Networks (CDNs), and these providers may set cookies or use other tracking mechanisms as part of their service delivery. We describe these in detail in Section 6.

Important: We do not use any advertising, retargeting, or social media tracking cookies. There are no Facebook pixels, Google Ads tags, LinkedIn Insight tags, or similar marketing technologies on our Platform.

4. Detailed Cookie Inventory

The following table provides a comprehensive inventory of cookies that may be set when you use the Druid Learning Hub Platform. This table is reviewed and updated periodically.

4.1 First-Party Cookies (set by druidlearninghub.com)

4.2 Third-Party Cookies (set by CDN providers)

The following third-party services load resources on our Platform and may set cookies or use similar technologies. Because third-party cookie behaviour is determined by the respective providers and may change without our direct control, we recommend consulting the linked privacy policies for the most current information.

Note on third-party cookie lifespans: The __cf_bm cookie set by Cloudflare typically expires after 30 minutes. The __cfruid cookie is a session cookie that expires when you close your browser. These durations are determined by Cloudflare and may change without notice from us.

5. Local Storage and Similar Technologies

In addition to cookies, our Platform makes extensive use of the browser’s localStorage API to persist your work and preferences on your device. localStorage data is not sent to our servers with HTTP requests and remains entirely on your device unless you explicitly choose to save work to the server.

5.1 How We Use localStorage

Our Dojo creative tools use localStorage to provide automatic saving functionality, ensuring you do not lose work due to accidental page closure, browser crashes, or network interruptions. This data remains on your device and under your control.

5.2 Specific localStorage Keys

The following key prefixes are used by our Dojo tools. All keys are scoped to the druidlearninghub.com origin and cannot be accessed by other websites.

5.3 Additional localStorage Usage

• User preferences — Theme preference (light/dark), editor font size, tab size, and other UI customisation settings.
• Application state — Active project identifiers, last-used tool, panel sizes, and other ephemeral UI state information.
• localForage data — Our Platform uses the localForage library (loaded from cdn.jsdelivr.net) to provide an enhanced key-value storage layer that may use IndexedDB, WebSQL, or localStorage depending on browser capabilities. This is used for storing larger data objects such as graphic design canvases.

5.4 Data Size and Limits

Most browsers allocate approximately 5–10 MB of localStorage per origin. Our Platform’s localStorage usage is designed to stay well within these limits under normal use. If your browser’s storage quota is reached, you will receive a warning and older autosaved data may need to be cleared manually or exported before new data can be saved.

5.5 Legal Classification

Under Article 5(3) of the ePrivacy Directive and PECR Regulation 6, localStorage falls within the scope of “storing or gaining access to information stored in the terminal equipment of a subscriber or user.” Our use of localStorage for autosaving user-created content is classified as strictly necessary for the provision of the service you have explicitly requested (creating and saving projects), and therefore does not require consent. Preference-related localStorage usage is classified as functional and may be subject to consent requirements in certain jurisdictions.

6. Third-Party Services and CDN Cookies

To deliver a fast, reliable, and feature-rich learning experience, our Platform loads resources from the following third-party Content Delivery Networks. When your browser requests resources from these CDNs, it transmits certain technical information as part of the standard HTTP request.

6.1 Data Transmitted to CDN Providers

When resources are loaded from any CDN, the following data is typically included in the HTTP request:

• IP address — Your public IP address is transmitted as part of every HTTP request. CDN providers use this to route requests to the nearest server (for performance) and for security purposes (abuse prevention, DDoS mitigation).
• User-Agent string — Your browser’s User-Agent header, which typically includes the browser name, version, operating system, and device type. This is used by CDNs to serve the correct version of resources and for analytics.
• Referrer URL — The URL of the page that triggered the resource request (i.e., the Druid Learning Hub page you are visiting). This may reveal which pages on our Platform you are viewing.
• Request timestamp — The time of the request, used for logging and performance monitoring.
• Requested resource path — The specific file being requested (e.g., a font file, a JavaScript library).

6.2 Google Fonts (fonts.googleapis.com, fonts.gstatic.com)

We load the following typefaces from Google Fonts: Inter (body text), Outfit (headings), JetBrains Mono (code), and Material Symbols Rounded (icons). According to Google’s documentation, the Google Fonts API is designed to limit the collection and storage of end-user data to what is needed to serve fonts efficiently. Google states that CSS and font file requests are not associated with authenticated Google accounts and that Google does not set cookies via the Google Fonts API. However, Google does log requests, including IP addresses, for operational purposes. Google’s retention policy states that access logs are retained for approximately two weeks.

6.3 Cloudflare CDN (cdnjs.cloudflare.com)

We load Ace Editor, Fabric.js, JSZip, and sql.js from Cloudflare’s CDN. Cloudflare is a web infrastructure and security company that provides CDN, DDoS mitigation, and DNS services. Cloudflare may set security cookies (such as __cf_bm for bot management) to distinguish between human visitors and automated traffic. These cookies are classified as strictly necessary for security purposes. Cloudflare processes IP addresses, User-Agent strings, and request data to provide its services. Cloudflare has certified under the EU-US Data Privacy Framework for lawful transatlantic data transfers.

6.4 jsDelivr CDN (cdn.jsdelivr.net)

We load Pyodide (the Python runtime for browser-based code execution), localForage, and other libraries from jsDelivr. jsDelivr is an open-source CDN operated by Prospect One and served through Cloudflare and Fastly’s global networks. Because jsDelivr uses Cloudflare as a delivery partner, the same Cloudflare security cookies and data collection practices described above may apply. jsDelivr publishes usage statistics in aggregate but does not track individual users.

6.5 esm.sh

We load CodeMirror 6 ES modules from esm.sh, a CDN service that transforms npm packages into ES module imports suitable for browser use. esm.sh is served through Cloudflare’s CDN infrastructure. The same Cloudflare security cookies and data transmission practices apply. esm.sh does not have a standalone cookie policy separate from Cloudflare’s.

6.6 Our Commitment Regarding Third Parties

We have selected CDN providers that are widely trusted, maintain strong privacy practices, and minimise data collection. We do not:

• Load any advertising scripts or tracking pixels from third parties;
• Share user identifiers with CDN providers;
• Embed social media widgets that set tracking cookies;
• Use any third-party service whose primary purpose is behavioural tracking.

We periodically review the privacy practices of our CDN providers and will update this policy and our technology choices if any provider’s practices become incompatible with our privacy commitments.

7. Legal Basis for Cookie Use

Our use of cookies and similar technologies is governed by multiple legal frameworks, depending on your location. Below, we explain the legal basis for each category of cookie under the applicable laws.

7.1 European Union — ePrivacy Directive and GDPR

Under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC), the storing of information or the gaining of access to information stored in terminal equipment is only allowed on condition that the subscriber or user has given their consent, having been provided with clear and comprehensive information about the purposes of the processing, except where the cookie is:

• Strictly necessary for the provision of an information society service explicitly requested by the user (e.g., session cookies, CSRF tokens, consent cookies); or
• Used solely for the purpose of carrying out the transmission of a communication over an electronic communications network.

Under the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), where cookies involve the processing of personal data, a lawful basis under Article 6(1) is required:

• Article 6(1)(a) — Consent: For functional, performance, and third-party cookies that are not strictly necessary. Consent must be freely given, specific, informed, and unambiguous (Article 4(11) GDPR).
• Article 6(1)(b) — Contractual necessity: For cookies that are necessary to perform the contract between us and you (e.g., session cookies that enable you to use the Platform after logging in).
• Article 6(1)(f) — Legitimate interests: For certain security cookies (e.g., CSRF protection) where the processing is necessary for our legitimate interest in protecting our Platform and Users from security threats, and this interest is not overridden by your rights and freedoms.

7.2 United Kingdom — UK GDPR and PECR

For Users in the United Kingdom, our cookie use is governed by the UK General Data Protection Regulation (as incorporated by the Data Protection Act 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR), as amended. PECR Regulation 6 mirrors the ePrivacy Directive’s requirements: cookies and similar technologies require the user’s consent unless they are strictly necessary for the provision of the service requested. The same consent standards and exemptions described under §7.1 apply under PECR.

7.3 Nigeria — Nigeria Data Protection Act 2023 (NDPA)

For Users in Nigeria, our cookie use is governed by the Nigeria Data Protection Act 2023 (NDPA), which replaced the Nigeria Data Protection Regulation 2019 (NDPR). Under the NDPA:

• Section 25 requires that personal data be processed lawfully, and provides for consent as one of the lawful bases for processing.
• Section 26 provides that consent must be given freely, must be specific, informed, and must constitute an unambiguous indication of the data subject’s wishes.
• Section 28 recognises legitimate interest as a lawful basis for processing, subject to a balancing test.

While the NDPA does not contain a specific “cookie rule” equivalent to the ePrivacy Directive, our placement of cookies that involve the processing of personal data (such as session identifiers linked to user accounts) falls within the scope of the NDPA. We rely on consent for non-essential cookies and on contractual necessity and legitimate interest for strictly necessary cookies.

7.4 Summary of Legal Basis by Cookie Category

8. Cookie Consent

8.1 How We Obtain Consent

When you first visit our Platform, you will be presented with a cookie consent banner that clearly explains:

• What types of cookies we use;
• The purposes for which each category of cookie is used;
• A link to this Cookie Policy for detailed information;
• Options to accept all cookies, reject all non-essential cookies, or customise your preferences by category.

Only strictly necessary cookies (session ID, CSRF token, and the cookie consent preference cookie itself) will be set before you make a choice. No functional, performance, or non-essential third-party cookies will be activated until you provide affirmative consent.

8.2 Granular Consent

Our consent mechanism allows you to accept or reject cookies on a category-by-category basis. You are not required to accept all cookies to use the Platform. The following categories are presented:

• Strictly Necessary (always active, cannot be deselected);
• Functional Cookies (preferences, editor settings);
• Performance Cookies (reserved for future use).

8.3 What Happens If You Decline Cookies

If you decline all non-essential cookies:

• Strictly necessary cookies will still be set (session, CSRF, consent preference);
• Your language, theme, and editor preferences may not persist between sessions;
• Core Platform functionality (courses, lessons, Dojo tools, authentication) will continue to work;
• Your work will still be saved in localStorage (which is governed separately from cookies, as described in Section 5).

8.4 Withdrawing Consent

You may withdraw your consent at any time. To change your cookie preferences:

• Click the “Cookie Settings” link available in the footer of every page on our Platform;
• Adjust your preferences in the consent dialogue that appears;
• Your updated preferences will take effect immediately.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (GDPR Article 7(3)). After withdrawal, any non-essential cookies that were previously set will be deleted or will expire according to their defined lifespan.

8.5 Consent Records

In accordance with the GDPR’s accountability principle (Article 5(2)) and the requirement to demonstrate compliance (Article 7(1)), we maintain records of cookie consents, including the date and time of consent, the categories consented to, and the version of this Cookie Policy in effect at the time of consent.

9. Managing Cookies — Browser Settings

In addition to using our cookie consent mechanism, you can manage cookies directly through your browser settings. Most browsers allow you to view, delete, and block cookies. Please note that if you block all cookies (including strictly necessary cookies), you may not be able to log in or use core features of the Platform.

9.1 Google Chrome

1. Click the three-dot menu icon (⋮) in the top-right corner of the browser.
2. Navigate to Settings → Privacy and security → Third-party cookies.
3. Choose your preferred setting: “Allow third-party cookies,” “Block third-party cookies in Incognito,” or “Block third-party cookies.”
4. To delete existing cookies: Go to Settings → Privacy and security → Delete browsing data, select “Cookies and other site data,” and click “Delete data.”
5. To manage cookies per site: Go to Settings → Privacy and security → Third-party cookies → See all site data and permissions.

For more information, visit: Chrome cookie documentation.

9.2 Mozilla Firefox

1. Click the hamburger menu icon (≡) in the top-right corner of the browser.
2. Navigate to Settings → Privacy & Security.
3. Under “Enhanced Tracking Protection,” choose Standard, Strict, or Custom to control cookie blocking.
4. To delete existing cookies: Under “Cookies and Site Data,” click “Manage Data…” to view and remove cookies for specific sites.
5. To block cookies entirely: In Custom mode, set the “Cookies” dropdown to “All cookies.”

For more information, visit: Firefox cookie documentation.

9.3 Apple Safari

1. Open the Safari menu and select Settings (or Preferences on older macOS versions).
2. Click the Privacy tab.
3. Safari blocks third-party cookies by default via Intelligent Tracking Prevention (ITP). You can choose to “Block all cookies” for stricter protection.
4. To delete existing cookies: Click “Manage Website Data…” to view and remove cookies for specific sites.

For more information, visit: Safari cookie documentation.

9.4 Microsoft Edge

1. Click the three-dot menu icon (…) in the top-right corner of the browser.
2. Navigate to Settings → Cookies and site permissions → Manage and delete cookies and site data.
3. Toggle “Block third-party cookies” on or off as desired.
4. To delete existing cookies: Go to Settings → Privacy, search, and services → Choose what to clear under “Clear browsing data.”
5. To manage cookies per site: Under “Cookies and site permissions,” use the “Block” and “Allow” lists to control cookies for specific domains.

For more information, visit: Edge cookie documentation.

9.5 Mobile Browsers

On mobile devices, cookie settings are typically found under:

• Chrome for Android: Menu → Settings → Site settings → Cookies;
• Safari for iOS: Settings app → Safari → Block All Cookies;
• Firefox for Android: Menu → Settings → Enhanced Tracking Protection;
• Samsung Internet: Menu → Settings → Sites and downloads → Manage site data.

10. Managing Local Storage

Because localStorage is separate from cookies, clearing your cookies will not automatically clear localStorage. To manage localStorage data stored by our Platform, follow the instructions below.

10.1 Clearing All localStorage for Our Site

Warning: Clearing localStorage will permanently delete all autosaved work from our Dojo tools, including code projects, notebooks, graphic designs, web projects, and system design diagrams. This action cannot be undone. We strongly recommend exporting any important projects before clearing localStorage.

10.2 Using Browser Developer Tools

1. Open our Platform in your browser.
2. Press F12 (or Ctrl+Shift+I / Cmd+Option+I on macOS) to open Developer Tools.
3. Navigate to the Application tab (Chrome/Edge) or Storage tab (Firefox).
4. In the left sidebar, expand Local Storage and click on the druidlearninghub.com origin.
5. You will see all localStorage key-value pairs. You can:
   • Delete individual items: Right-click a key and select “Delete” to remove a specific saved project or preference.
   • Delete all items: Right-click the origin name and select “Clear” to remove all localStorage data for our site.

10.3 Using Browser Settings

Most browsers allow you to clear localStorage as part of clearing “site data” or “browsing data”:

• Chrome: Settings → Privacy and security → Delete browsing data → Advanced → select “Site settings” (this clears localStorage along with other site data).
• Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → select druidlearninghub.com and click “Remove Selected.”
• Safari: Settings → Privacy → Manage Website Data → search for druidlearninghub.com and click “Remove.”
• Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data → See all cookies and site data → search for druidlearninghub.com and delete.

10.4 What Data Will Be Lost

If you clear localStorage for our Platform, the following data will be permanently deleted:

• All autosaved code projects (dojo-code-* keys);
• All autosaved web projects (dojo-web-* keys);
• All autosaved notebook documents (nb-* keys);
• All autosaved graphic design projects (ge-* keys);
• All autosaved system design diagrams (system-design-* keys);
• UI preferences (theme, editor settings, panel sizes);
• Any other application state stored locally.

Data that has been explicitly saved to the server (e.g., submitted assignments, published showcase projects) will not be affected by clearing localStorage.

11. Impact of Disabling Cookies

If you choose to disable or block cookies, the following impacts may occur depending on which cookies are affected:

11.1 Blocking All Cookies

If you block all cookies, including strictly necessary cookies:

• You will not be able to log in. The sessionid cookie is required to maintain your authenticated session.
• Form submissions will fail. The csrftoken cookie is required for CSRF protection; without it, Django will reject form submissions with a 403 Forbidden error.
• You cannot enroll in courses, submit assignments, or interact with any feature that requires authentication.
• You may still be able to view public pages (course catalog, homepage) but cannot access personalised features.

11.2 Blocking Only Third-Party Cookies

If you block only third-party cookies (the default in many modern browsers):

• Core Platform functionality will continue to work normally;
• Cloudflare’s bot management cookies may be blocked, which could occasionally result in CAPTCHA challenges or brief interruptions when loading CDN resources;
• Google Fonts will continue to load (as Google Fonts does not set cookies);
• All Dojo tools will continue to function correctly.

11.3 Blocking Functional Cookies Only

If you decline functional cookies through our consent mechanism:

• Your language preference will not persist between sessions;
• Your theme preference (light/dark mode) may reset to system default on each visit;
• Your editor configuration preferences may not persist;
• All other Platform features will work normally.

11.4 Using Private/Incognito Mode

If you use your browser’s private or incognito mode:

• Cookies will be set normally during the session but will be deleted when you close the private window;
• You will need to log in again each time you open a new private session;
• localStorage data will also be cleared when the private window is closed, meaning all autosaved Dojo work will be lost;
• Your cookie consent preference will not be remembered, so you will see the consent banner on each visit.

12. Children and Cookies

Druid Learning Hub serves learners of all ages, including children. We take the privacy and safety of young users seriously and have implemented the following measures regarding cookies and children:

12.1 Minimal Cookie Use for Children

Child accounts (students under 16, or under 13 where managed via a Parent account) are subject to the same cookie practices as all other users. However, we emphasise that:

• We set only the minimum cookies necessary for the Platform to function (session ID, CSRF token, consent preference);
• We do not use any advertising, tracking, or profiling cookies for any user, including children;
• We do not use cookies to serve targeted content or recommendations based on behavioural profiles;
• We do not sell or share any cookie-derived data with third parties for marketing purposes.

12.2 COPPA Compliance (United States)

In compliance with the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501-6506) and the FTC’s COPPA Rule (16 CFR Part 312):

• We do not collect personal information from children under 13 through cookies beyond what is strictly necessary for the Platform’s operation;
• Persistent identifiers (such as session cookies) used for internal operations fall within COPPA’s “support for internal operations” exception (§312.2), which permits their use without parental consent;
• Parents have the right to review and request deletion of any data collected from their children, including cookie-related data;
• We do not condition a child’s participation in any activity on the disclosure of more information than is reasonably necessary.

12.3 GDPR Article 8 — Child’s Consent

Under GDPR Article 8, where the processing of a child’s personal data is based on consent, and the child is below 16 years of age (or the age specified by the applicable Member State, with a minimum of 13), consent must be given or authorised by the holder of parental responsibility. For children accessing the Platform through a Parent account in the HOME learning context, the Parent’s acceptance of cookies constitutes consent on behalf of the child. For children in the SCHOOL learning context, the school or educational institution provides consent as permitted under applicable education privacy laws.

12.4 NDPA 2023 — Children’s Data

Under the Nigeria Data Protection Act 2023, the processing of a child’s personal data requires the consent of the child’s parent or legal guardian. A child is defined as an individual under 18 years of age. Where cookies involve the processing of personal data for child users, we rely on the Parent’s consent as expressed through their management of the child’s account.

12.5 localStorage and Children

All localStorage usage for child accounts follows the same technical patterns described in Section 5. Data saved in localStorage remains on the child’s device and is not transmitted to our servers. Parents can clear this data at any time using the methods described in Section 10.

13. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our cookie practices, technology, legal requirements, or regulatory guidance. When we make changes:

• We will update the “Last Updated” date at the top of this policy;
• For material changes (such as introducing new categories of cookies, adding analytics cookies, or changing third-party providers), we will notify you through a prominent notice on our Platform, via email if you have an account, or by presenting an updated consent dialogue;
• We will allow a reasonable period (at least 14 days) before material changes take effect;
• Where a change requires your consent (e.g., introducing performance or analytics cookies), we will re-request consent before activating the new cookies;
• Previous versions of this Cookie Policy will be archived and available upon request.

We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies and similar technologies.

Your continued use of the Platform after the effective date of an updated Cookie Policy constitutes your acceptance of the changes, except where renewed consent is required by applicable law.

14. Contact Information

If you have any questions, concerns, or requests regarding this Cookie Policy, our use of cookies, or our use of localStorage and similar technologies, please contact us using any of the following methods:

For data protection inquiries from EU/EEA residents, you may also contact our EU Representative as detailed in our Privacy Policy.

For data protection inquiries from UK residents, you may also contact our UK Representative as detailed in our Privacy Policy.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority:

• Nigeria: Nigeria Data Protection Commission (NDPC);
• European Union: Your local Data Protection Authority (DPA) under GDPR Article 77;
• United Kingdom: The Information Commissioner’s Office (ICO) at ico.org.uk;
• United States: The Federal Trade Commission (FTC) for COPPA-related complaints.

We will respond to all cookie-related inquiries within 30 days of receipt, or within the shorter timeframe required by applicable law.