Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

Last updated: January 2026

1. Introduction

IANTZ LIMITED ("we", "us", "our"), trading as Payments by iAntz, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our payment platform and website.

This policy applies to school staff users, parents/guardians, and visitors to our website.

By using our services, you agree to the collection and use of information in accordance with this policy.

Summary

  • What we collect: Contact details, payment information, student data (via schools), and usage data
  • Why: To provide payment services, process transactions, comply with legal obligations, and improve our platform
  • Who we share with: Payment processors, cloud hosting providers, MIS systems (authorized by schools), and support tools – all bound by strict data processing agreements
  • How long we keep it: Financial records for 7 years (legal requirement), account data for 12-24 months after closure, logs for 30-180 days
  • Your rights: Access, rectification, erasure, portability, and more. Contact our data protection lead at compliance@iantz.com

2. Data Controller and Processor Roles

Company Name: IANTZ LIMITED

Company Number: 13777598

Registered Office Address:
3 Princes Court, Royal Way, Loughborough, Leicestershire, United Kingdom, LE11 5XR

General Enquiries: hello@iantz.com

Data Protection Lead: Our data protection lead can be contacted at compliance@iantz.com

Our Role as Controller vs Processor

Under UK GDPR, our role depends on the type of data:

  • School customer accounts and billing data: IANTZ LIMITED acts as Data Controller. We decide how to collect and use this data to provide our services and manage our relationship with schools.
  • Student/pupil data entered by schools: IANTZ LIMITED acts as Data Processor. The school or trust is the Data Controller for student data. We process this data only as instructed by schools and in accordance with our Data Processing Agreement.
  • Parent/guardian accounts created directly: IANTZ LIMITED acts as Data Controller for account and payment data. For student information linked to parent accounts, we act as Data Processor on behalf of the school.

If you have questions about data subject rights or wish to make a request, please contact our data protection lead at compliance@iantz.com.

3. Information We Collect

We collect different types of personal data depending on how you interact with our services:

3.1 School Users (Administrators)

  • Name and contact details (email, phone number)
  • Job title and role within the school
  • School or trust name and address
  • Account credentials and authentication data
  • Payment and transaction data
  • Usage data and system logs
  • Communication preferences

3.2 Parents and Guardians

  • Name and contact details (email, phone number, address)
  • Payment card information (processed securely by our PCI-DSS compliant payment processor)
  • Student information (name, year group, class) as provided by the school
  • Transaction history and payment records
  • Account credentials and authentication data
  • Communication preferences

3.3 Website Visitors

  • Name, email, phone number (if you submit a demo request form)
  • School or trust name
  • IP address and browser information
  • Cookies and similar tracking technologies (see Cookies section below)

3.4 Children's Data

We process limited personal data about children (students) as necessary to provide our payment services. This data is provided to us by schools and typically includes:

  • Student name
  • Year group and class
  • Payment items and amounts

Safeguards for Children's Data:

  • We do not collect data directly from children
  • We do not use student data for marketing purposes
  • Only authorized school staff can access student data through our platform
  • We process only the minimum data necessary to provide payment services
  • All student data processing is governed by our Data Processing Agreement with schools, available on request

Schools act as data controllers for student information. We process student data only as necessary to provide payment services and in accordance with our Data Processing Agreement with schools.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, operate, and maintain our payment platform
  • Payment Processing: To process payments, manage transactions, and handle refunds
  • Account Management: To create and manage user accounts, authenticate users, and provide customer support
  • Communication: To send service-related communications, respond to inquiries, and provide support
  • AI and Automation: To power our agentic AI features, including automated reconciliation, reporting, and insights (see Automated Decision-Making section below)
  • Compliance: To comply with legal obligations, including financial regulations and data protection laws
  • Security: To detect, prevent, and address security issues and fraud
  • Improvement: To analyze usage patterns and improve our services (using anonymized data where possible)
  • Marketing: To send marketing communications (only with your consent, and you can opt out at any time)

Automated Decision-Making and Profiling

We use automated tools and AI to assist with:

  • Payment reconciliation and matching
  • Generating reports and insights
  • Identifying potential payment issues or anomalies
  • Identifying potential payment issues (e.g., missed or overdue payments)

Important: These automated tools assist our services but do not make solely automated decisions that produce legal or similarly significant effects on individuals. All significant decisions involve human review or oversight.

If you have concerns about automated processing that affects you, you have the right to request human intervention, express your point of view, and contest the decision. Contact us at compliance@iantz.com.

5. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases, mapped to specific purposes:

  • Contract: Service delivery, payment processing, account management, and customer support
  • Legal Obligation: Financial record keeping (7 years), tax obligations, and compliance with data protection laws
  • Legitimate Interests: Fraud prevention, security monitoring, service improvement (using anonymized data), and business operations
  • Consent: Marketing communications and non-essential cookies (you can withdraw consent at any time)

For student data processed on behalf of schools, the legal basis is determined by the school as the data controller, in accordance with their own privacy policies and legal obligations.

6. Data Sharing and Third Parties

We may share your personal data with the following third parties:

6.1 Service Providers

  • Payment Processors: PCI-DSS compliant payment processors (e.g., Stripe, Worldpay) to handle card transactions. We do not store full card details.
  • Cloud Hosting: UK-based cloud infrastructure providers (e.g., AWS UK, Azure UK) for secure data storage and platform hosting
  • Email/SMS Providers: Service providers for sending transactional and service-related communications
  • MIS Integrations: School management information systems (as authorized by schools) for data synchronization
  • Customer Support Tools: Support platforms (e.g., Intercom, Zendesk) for managing customer inquiries and support tickets
  • Analytics: We may use analytics tools to understand platform usage (using anonymized data where possible)

6.2 Legal Requirements

We may disclose your data if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

6.3 Data Processing Agreements

All third-party service providers are bound by strict data processing agreements and are only permitted to use your data for specified purposes. We do not sell your personal data to third parties.

A list of our current sub-processors is available on request. Please contact compliance@iantz.com.

7. Data Retention

We retain your personal data only for as long as necessary. Specific retention periods:

  • Financial records: 7 years (legal requirement under UK financial regulations)
  • Account data: 12-24 months after account closure (to resolve disputes and maintain security)
  • Support tickets and communications: 2 years after resolution
  • System logs and security data: 30-180 days (depending on log type and security requirements)
  • Marketing consent records: Until consent is withdrawn or account is closed

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policy. Some data may be retained longer if required by law or to resolve disputes.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a copy of your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

Note for student data: For student data where we act as a processor, data subject rights should be exercised through the school as the data controller. Requests relating to student data may be directed to the school (as controller) or to us, and we will support schools in responding.

To exercise any of these rights, please contact our data protection lead at compliance@iantz.com. We will respond to your request within one month.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. Below is a breakdown of the types of cookies we use:

9.1 Strictly Necessary Cookies

These cookies are essential for the website and platform to function. They include:

  • Login and session management cookies
  • Security and fraud prevention cookies
  • Cookies that remember your preferences and settings

Strictly necessary cookies do not require consent under UK GDPR as they are essential for the service to work.

9.2 Analytics Cookies

We may use analytics cookies (e.g., Google Analytics, Plausible) to understand how visitors use our website and platform. This helps us improve our services and user experience. Analytics cookies are optional and require your consent.

9.3 Marketing Cookies

We may use marketing cookies to deliver relevant content and measure campaign effectiveness. Marketing cookies are only used with your explicit consent.

9.4 Cookie Consent and Control

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your preferences through our cookie preference centre (if available)

You can also control cookies through your browser settings. However, disabling strictly necessary cookies may affect the functionality of our website and platform.

You can change your cookie preferences at any time by adjusting your browser settings or contacting us at compliance@iantz.com.

10. Data Security

We implement robust security measures to protect your personal data:

  • Payment Security: Card payments are handled by our PCI-DSS compliant payment processor. We do not store full card details.
  • Encryption: We use TLS encryption for data in transit and encryption at rest where supported by our infrastructure.
  • Data Hosting: Our primary hosting is in the UK. Some sub-processors (e.g., email delivery, monitoring) may process data outside the UK/EEA with appropriate safeguards.
  • Access Controls: Strict access controls, multi-factor authentication, and role-based permissions
  • Regular Audits: Independent security assessments and penetration testing
  • Staff Training: Regular data protection and security training for all staff

Despite our security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

11. What We Do NOT Do

To be clear about our practices:

  • We do not sell personal data to third parties or use it for purposes unrelated to our services
  • We do not store full payment card details – card information is handled securely by our PCI-DSS compliant payment processor
  • We do not use student data to train public AI models – our AI features process data only for the purpose of providing payment services to your school
  • We do not use student data for marketing – student information is used solely for payment processing and related services

If you have questions about our data practices, please contact us at compliance@iantz.com.

12. International Data Transfers

Your personal data is primarily stored and processed in the United Kingdom. If we need to transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions by the UK government
  • Other approved transfer mechanisms under UK GDPR

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification (for significant changes)
  • Displaying a notice on our platform

The "Last updated" date at the top of this policy indicates when it was last revised.

14. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Email: casework@ico.org.uk
Phone: 0303 123 1113

We encourage you to contact us first at compliance@iantz.com so we can try to resolve any concerns.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Lead: compliance@iantz.com
General Enquiries: hello@iantz.com

For data subject access requests (DSARs) or other privacy-related requests, please email compliance@iantz.com with "Privacy Request" in the subject line.