Tapestry Privacy Policy

Last updated: 23rd October 2025

Note: THIS IS NOT THE PRIVACY POLICY FOR TAPESTRY.

This policy only refers to this marketing website. Data stored on Tapestry (the application this website refers to) is covered by a completely different contract. You can access that from the security page on this website or from within your Tapestry account.

Your privacy is really important to us. With this in mind, we have written this privacy policy to explain what of your personal data we collect and how we use and store it.

We are The Foundation Stage Forum Limited. We are registered at WaterCourt, 65 High Street, Lewes, BN7 1XG. If you have any questions about anything in this policy please contact us by emailing customer.service@eyfs.info. Our data protection officer is called Lauren Foley and can be contacted directly by emailing dpo@eyfs.info.

What You’ll Find in This Notice

  • Contact details
  • What information we collect, use, and why
  • Tools we use and how they work
  • Lawful bases and your data protection rights
  • Where we get personal information from
  • How long we keep information
  • How to make a complaint

What information we collect, use and why

We collect different types of information depending on how you use our website:

Trial Requests

  • Names and contact details
  • Details about your educational setting
  • Setting address

Marketing, Updates and Giveaways

  • Names and contact details
  • Marketing preferences
  • Email engagement

Anonymised Website Usage Data

To make our website work better for you, we collect:

  • Viewing patterns (e.g., what pages you visit) to learn what content you find useful.
  • Interaction tracking (like clicks to start a trial) to see what features are popular.
  • Device information (e.g., mobile vs. desktop) to improve usability.

Cookies and Tracking

Our website uses a cookie control system (Cookiebot) that lets you decide if you’re happy for us to use cookies. If you agree, here’s the anonymised data that we may collect:

  • Device details like your IP address, operating system, and browser ID.
  • Statistics about how you interact with our site.
  • Podcast usage data (via Simplecast).

If you would like to read more about the cookie data that may be collected, you can take a look at our Cookie Policy.

We use tools like Google Analytics and Plausible to track anonymised website usage data without collecting anything personally identifiable.

Tools we use and how they work

Google

  • Helps us analyse anonymised data with cookies.
  • Hosts our videos (YouTube) and tracks free trial events.
  • May transfer data outside the UK/EU under EU-approved model contract clauses.

Simplecast

  • Hosts our podcasts and collects anonymised usage data.
  • Based in the US; complies with data transfer standards.

Pipedrive (CRM – Trials and Sales)

  • Pipedrive manages and hosts trial request details.
  • We use Pipedrive and Typeform webforms on our website, to capture the information that will be retained in our CRM (Pipedrive) and our mailing list database (Klaviyo).
  • Pipedrive is ISO27001:2013 certified. They store data securely in AWS data centres within the EEA but they will also process data within the US. When this happens, they ensure that their third-party service providers are either certified under the EU-US Data Privacy Framework or signed the EU Commission’s standard contractual clauses for data transfers with them.

Klaviyo (Mailing Lists)

  • Klaviyo manages our mailing lists and sends newsletters, product updates, and marketing communications.
  • According to Klaviyo’s Trust Centre, they undergo annual third-party audits to ensure that “internal controls are designed and operating effectively in accordance with industry standards, such as SOC 2 and ISO 27001”. Their third-party audit reports can be downloaded directly from their self-service Trust Centre.
  • Klaviyo complies with GDPR and uses secure data centres in the US and EU. Where data is transferred internationally, appropriate safeguards such as SCCs are applied.
  • To help us provide relevant content and manage our mailing lists, we and Klaviyo may track your interactions with our emails, including whether you open them or click on links. This information is used to measure engagement and, if a subscriber hasn’t engaged with several emails over a period of time, to manage subscription preferences, including sending occasional “sunset” emails.
  • You can read more about how Klaviyo handles personal data here: Klaviyo Privacy Policy
  • When you sign up for our mailing list, we will, by default, subscribe you to all types of email communication from us. However, you have full control, and you can manage your preferences at any time — choosing exactly which categories you want to receive (for example: Tapestry newsletter, education newsletter, Tapestry tips & training, offers & promotions). You can update your choices via the “manage preferences” link in any of our emails.
  • You can unsubscribe from our mailing lists at any time by clicking the unsubscribe link in our emails or contacting us directly.

Typeform (Web Forms)

  • We use Typeform to collect the information you provide to process your requests, including but not limited to trial forms, giveaway entries and mailing list sign-ups.
  • Typeform is ISO/IEC 27001, 27017 and 27018 certified, and takes regular audits. You can find details of their security certificates here.
  • When you submit one of our forms via Typeform, we ask you to agree to the terms and conditions before continuing, to confirm consent.
  • Typeform states that although data may be processed in the US, they comply with GDPR requirements regardless of customer country or region. They also apply safeguards such as Standard Contractual Clauses (SCCs) to protect data.

Calendly

  • We use this tool to occasionally allow visitors to the website to book demos with the Tapestry team.
  • Calendly is SOC 2 Type 2 and ISO/IEC 27001 certified, as well as PCI and GDPR compliant.

Teams (Webinar Sign-Ups)

  • We use Microsoft Teams to manage webinar sign-ups and host online sessions.
  • Microsoft is ISO/IEC 27001 certified and fully compliant with GDPR.
  • Microsoft processes data within the EU/UK where possible. Where transfers outside these regions occur, safeguards such as SCCs are in place.

Meta Pixel

We use Meta Pixel (provided by Meta, the parent company of Facebook) to help us understand how visitors interact with our website and to deliver relevant ads to users who may benefit from our services. This tool collects information such as:

  • The pages you visit on our site
  • Actions you take (e.g., signing up for a trial or giveaway)
  • Your device and browser details

Meta may use this data to improve the personalisation of ads you see on Facebook, Instagram, or their partner platforms. Please note that this data is pseudonymised and does not directly identify you.

For more information on how Meta processes your data, visit their Privacy Policy

You can opt out of Meta Pixel tracking through the cookie settings on our website.

Other Pixels

In addition to the Meta Pixel, we use other tracking pixels to help us understand how visitors interact with our website and to optimize our marketing efforts. These pixels collect data such as:

  • The pages you visit
  • The time spent on specific sections of the site
  • Conversions (e.g., form submissions, trial sign-ups)
  • Device and browser details

Pixels work by embedding a small piece of code on our website, which sends information back to the service provider when you interact with our site. This data helps us measure the effectiveness of our advertising campaigns and improve user experience. Like Meta Pixel, these tools only collect pseudonymised data and do not directly identify you.

Our Data Protection Agreements

To ensure your data is handled securely and in compliance with UK GDPR, we will have Data Protection Agreements (DPAs) in place with third-party providers that process data on our behalf. These agreements outline:

  • What data is processed – and for what purpose.
  • How security is maintained – including encryption and access controls.
  • Where data is stored – and any protections for international transfers.
  • How long data is retained – and how deletion is handled.

Lawful basis and your rights

Why we collect your data

  • Our legal basis is your consent: We ask for your permission before processing your data for things like trial requests, giveaways, or marketing. You can withdraw your consent at any time by contacting us.
  • Anonymised Data: We use anonymised data to improve the website based on our legitimate interest in providing a better experience for our visitors.

Your Rights Under UK GDPR

You have several rights when it comes to your personal data:

  • Access: You can ask for a copy of your data.
  • Rectification: You can ask us to fix inaccuracies.
  • Erasure: You can ask us to delete your data.
  • Restrict Processing: You can ask us to limit how we use your data.
  • Object: You can object to certain types of data processing.
  • Data Portability: You can request a transfer of your data to another organisation.
  • Withdraw Consent: If you’ve given consent, you can take it back anytime.

If you have a query or wish to exercise any of your rights, you can email our Data Protection Officer, Lauren Foley, at dpo@eyfs.info. We’ll get back to you within a month.

Where we get your information

We obtain your personal identifiable directly from you (e.g., when you sign up for a trial, giveaway or newsletter). This is always done with your consent, which you can rescind at any time.

We will collect anonymised data from tools like Google Analytics, Cookiebot, and others.

How long we keep information

  • Anonymised website usage data: Retained as long as necessary for analysis (in aggregated, non-identifiable form).
  • Consent records: Deleted after 12 months or anonymised (as per Cookiebot’s policy).
  • Personal information in Typeform:
    • Incomplete form submissions: No personal identifiable information is retained.
    • Refusals: If you choose not to consent to communications required for a trial, your details are not sent to Pipedrive or Klaviyo and are deleted from Typeform during our monthly reviews.
    • Completed entries with consent: Deleted from Typeform after 60 days (checked monthly), or earlier at your request.
    • Data transfer: Confirmed entries are sent to Pipedrive and/or Klaviyo and kept there until you withdraw your consent.
  • Personal information in Pipedrive: Stored until you withdraw your consent.
  • Personal information in Klaviyo (mailing lists): Retained until you unsubscribe or withdraw consent.
  • Personal information for Teams (webinars): Retained only as long as needed to manage event participation.

Have a concern? Here’s how to complain

If you’re worried about how we’re using your data, please let us know at dpo@eyfs.info. We’re here to help.

If you’re still not satisfied, you can contact the Information Commissioner’s Office (ICO):

Address:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113
Website: ICO Complaints