GDPR and cookies

Data retention, cookies and platform records

This page is a practical template for schools using ubijoo. It should be checked against the school's data protection policy and hosting arrangements.

Cookies

Cookies used by the platform

ubijoo uses essential cookies to keep users signed in, protect forms and provide secure platform features.

Strictly necessary

Required for sign-in, security, form protection and core platform features.

Functional

Remembers optional preferences that improve the site experience.

Analytics

Helps understand how people use the public website so it can be improved.

Marketing

Supports advertising, conversion measurement and personalised promotion.

Security and anti-spam

Helps protect forms, reduce abuse and keep platform requests secure, including reCAPTCHA where configured.

Current register

Cookies, scripts and external services

This list is generated from the Site Admin consent register.

Google reCAPTCHA

Provider: Google

Category: Security and anti-spam

Cookies/storage: _GRECAPTCHA

Protects the public contact form from spam.

Laravel session cookie

Provider: ubijoo

Category: Strictly necessary

Cookies/storage: learning_portal_session, XSRF-TOKEN

Keeps users signed in and protects platform actions.

YouTube no-cookie embeds

Provider: YouTube

Category: Functional

Cookies/storage: May set storage after video interaction

Displays teacher-added class videos using youtube-nocookie.com embeds.

Data retained

What records may be kept

  • Account details including name, email, role, school and class membership.
  • Assigned lessons, revision tasks, coding work and completion records.
  • Quiz attempts, written answers, uploads, marks, teacher feedback and student responses.
  • Revision reflections, self-marking records, XP, reward purchases and displayed badges.
  • Reports, progress summaries, notifications and administrative audit information.
  • Security records such as password changes, two-factor settings and sign-in related events.

Retention template

Schools should define how long records are kept. A typical approach is to retain active learning records while the student is enrolled, then archive or delete records when they are no longer required for education, safeguarding, reporting or legal reasons.

Requests to access, correct or delete personal data should be handled by the school or data controller responsible for the platform.