GIScases
← Back to app

Privacy Policy

Last updated: 9 July 2026

This Privacy Policy explains how Solebo Ltd (Reg. No. HE 433661, Kyrenias 130, 2113 Nicosia, Cyprus — “we”, “us”) handles personal data in connection with GIScases (giscases.com, the “Service”). We have designed GIScases to collect as little personal data as possible, and in particular to avoid collecting data directly from children.

The short version. Teachers sign in to build and assign map exercises. Students do not have accounts and never register with us. The only student data we hold is a name and email address that the teacher enters so a task link can be delivered, plus the answer the student submits, which we pass back to that teacher. The teacher can delete a student’s data at any time, and it is not kept afterwards. We do not sell data, show ads, or build advertising profiles — ever.

1. Our role: controller and processor

Our role depends on whose data is involved:

2. What we collect

WhoWhatWhy
TeachersSign-in identity (e.g. work email via Microsoft/Cloudflare Access), account and plan status, and payment metadata processed by our card processor (we never see or store full card numbers).To create your account, provide paid features, and issue invoices/receipts.
StudentsName and email address, entered by the teacher to deliver a task link; the answer submitted (the map geometry/analysis) and basic task metadata (submission time, computed score). No passwords, no accounts, no data collected directly from the child.To deliver the assigned exercise and return the answer to the teacher for review.
All visitorsPrivacy-preserving usage analytics: page views and time on page, a coarse location (country/approximate city inferred from IP), and a random local identifier. IP addresses and access tokens are stored only in hashed form; we do not keep raw IP addresses in our analytics.To understand overall usage and keep the Service reliable and secure.

We do not ask for, and ask that you do not submit, any sensitive personal data (such as data about health, religion, or ethnicity) about students beyond the name and email needed to deliver a task.

3. Students and children’s data

GIScases is a tool for teachers. It has no student sign-up, no student login, and no direct interaction that would ask a child to provide personal data to us. A student simply opens a unique link and submits an answer, which is returned to their teacher.

The exercises are recommended for learners aged 12 and over only because of their conceptual difficulty, not because of their content. The Service does not present sensitive, mature, or otherwise age-inappropriate material to students.

Where a teacher assigns work to students who are minors, the teacher and their school are responsible, as controller, for having the appropriate legal basis — including any notice, consent, or authorisation required under the GDPR, local education law, and child-protection rules — before entering a student’s name and email or sending a task. We process that limited data only on the school’s behalf and only to run the Service. A teacher can delete a student’s data — or an entire task or class — from the system at any time, and it is not retained after deletion. If you are a parent or school and want a student’s data corrected or deleted, please contact the teacher who assigned the task, or contact us and we will assist the school in fulfilling the request.

4. How and why we use data

We do not sell personal data, we do not serve advertising, and we do not use student data to build profiles or for any purpose other than delivering the Service to the school.

5. Legal bases (GDPR)

6. Sharing & sub-processors

We do not sell your data. We share data only with service providers that help us run GIScases, under contractual confidentiality and data-protection obligations:

We may also disclose data if required by law or to protect our rights, users, or the Service.

7. Cookies & local storage

We use only what is needed to run the Service: an essential authentication cookie for signed-in teachers, and a small random identifier stored in your browser’s local storage for privacy-preserving usage counting and to remember preferences (such as your chosen units or map view). We do not use third-party advertising or cross-site tracking cookies.

8. Retention

We keep data only as long as needed for the purposes above:

9. Security

We use industry-standard measures to protect data, including encryption in transit, access controls, and storing identifiers such as IP addresses and access tokens in hashed form. No system is perfectly secure, but we work to protect your data and to limit what we collect in the first place.

10. International transfers

We are based in the EU (Cyprus). Some of our providers may process data outside the European Economic Area. Where they do, appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) are used to protect your data.

11. Your rights

Subject to applicable law (including the GDPR), you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. To exercise these rights for teacher/account data, contact us at the address below. For student data, the school/teacher is the controller, so please direct requests to them; we will support them in responding. You also have the right to lodge a complaint with your local data-protection authority (in Cyprus, the Office of the Commissioner for Personal Data Protection).

12. Changes

We may update this Policy from time to time. We will change the “Last updated” date and, for material changes, provide notice where appropriate. Continued use of the Service after changes take effect means you accept the updated Policy.

13. Contact

Solebo Ltd — Kyrenias 130, 2113 Nicosia, Cyprus. Reg. No. HE 433661 · VAT CY10433661P.
Privacy enquiries and data requests: info@solebo.org.

See also our Terms of Service. This Policy is provided in English; translations are for convenience only.