Skip to main content
(Last updated: August 14, 2025)

1. Introduction

These Terms & Conditions (“Terms”) govern access to and use of Squid Academy’s online learning management system and tournament environment, including web apps, content, modules, code, and related services (the “Services”). Squid Academy Ltd is incorporated in England & Wales (company no. 14264598), registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ (“Squid”, “we”, “our”, “us”). By creating an account, accepting these Terms at sign‑up, or using the Services, you agree to be bound by these Terms. Click‑wrap acceptance. Public Users must accept these Terms during sign-up. Organization Administrators must accept these Terms when creating or activating an Organization Account and are responsible for ensuring all users they onboard comply with them.

2. Definitions

  • Public User: An individual user creating a personal account (13+ only).
  • Organization: A school, college/university, esports center, club, or other entity using the Services.
  • Organization Administrator / “Org Admin”: An adult individual (18+) authorized by an Organization to manage its Organization Account, classrooms, teams, and users.
  • Student User: A user onboarded by an Organization (may be under 13 subject to local‑law consent).
  • Programs / Licenses: Educational programs and related entitlements purchased for access in the Services.
  • LMS + Tournament Platform: Squid’s SaaS platform enabling classroom/course access and esports tournament features.
  • Organization Data: Any data, content, or records submitted to or generated within the Services by or for an Organization (including class rosters, enrollments, progress records, tournament entries/results, and related metadata), excluding Squid materials and anonymized/aggregated data.

3. Eligibility & Accounts

3.1 Public Users. You must be 13 years or older to create a Public User account. Public account creation by users under 13 is not permitted. 3.2 Organization Accounts. Org Admins must be 18+ and duly authorized by their Organization. Org Admins may invite Student Users (including under‑13) only if they (the Organization) have obtained and recorded verifiable parental/guardian consent and otherwise comply with applicable law (see Section 8 and Regional Annexes). 3.3 Account Security. You’re responsible for your credentials and all activity under your account. Notify us immediately of any suspected unauthorized access. 3.4 Prohibition on Transfer. Accounts are personal to the registered user/Organization and may not be sold, transferred, or shared except as expressly permitted in the Services.

4. Global Compliance Statement

We operate internationally and comply with applicable local laws, including: (a) UK & EU GDPR / UK GDPR (data protection, user rights, and cross‑border transfers); (b) United States laws relevant to education and minors, including COPPA and, where applicable, FERPA, and US state privacy laws where we act as a service provider/processor; (c) Malaysia PDPA 2010 (lawful processing, notices, access/correction, cross‑border restrictions); (d) Thailand PDPA 2019 (consent—including for minors—and data‑subject rights); and (e) India DPDP Act 2023 (including protections for individuals under 18). Nothing in these Terms overrides mandatory statutory rights. Where local law imposes stricter requirements, those apply in addition to these Terms.

5. Children & Student Data (Schools/Organizations)

5.1 Public Users under 13. Not permitted. If we learn a Public User is under 13, we will suspend or delete the account. 5.2 Organization‑Invited Under‑13 Users. Org Admins must:
(a) verify age; (b) obtain and retain verifiable parental/guardian consent as required by local law; (c) provide consent evidence to Squid upon request; and (d) ensure the scope of data shared with Squid is limited to what is necessary for educational use. 5.3 Roles under privacy laws. For Organization‑provisioned users, the Organization is typically the controller (or equivalent) and Squid acts as a processor/service provider. For Public Users, Squid acts as a controller for core account data. A Data Processing Addendum (DPA) is incorporated by reference for Organization use (see Section 14.7). 5.4 QR/Invite Journeys. Where QR or invite links are used to join a class/team, Org Admins must ensure the invited user meets age eligibility and consent requirements before use. 5.5 Protection of Minors. Public users under 13 are not permitted to create accounts. For Organization‑provisioned users who are minors, Org Admins are solely responsible for verifying age, obtaining and retaining verifiable parental/guardian consent where required by local law, and ensuring lawful onboarding and use. You must not use the Services to profile, target, or deliver advertising to minors, and you must not collect more personal data than necessary for educational purposes. Where applicable, you must follow local age‑appropriate design standards.

6. Acceptable Use

**You (and anyone using the Services under your account) must not: **(a) violate laws or third‑party rights; (b) upload infringing, harmful, or abusive content; (c) harass or endanger others; (d) attempt to bypass security; (e) interfere with tournaments (e.g., cheating, botting, match‑fixing); (f) scrape, data‑mine, or reverse engineer except as permitted by law; (g) share credentials; or (h) use the Services to build a competing product. We may suspend or terminate access immediately to protect users or the platform (see Section 17).

7. Service Description; Changes; Beta

7.1 Description. The Services include access to Squid’s LMS modules, tournaments, and related features, which may vary by plan, license, or Organization settings. 7.2 Changes. We may improve, modify, or discontinue features with notice where practicable. If a change materially reduces core functionality of a paid plan during a committed term, your sole remedy is a pro‑rated refund of prepaid, unused fees for the affected period. 7.3 Beta/Preview. Beta or experimental features are provided “AS IS”, may change or end at any time, and are excluded from any uptime or support commitments. 7.4 Service Levels. Unless you have a separate, signed service level agreement (SLA) with Squid, the Services are provided without any uptime, support response, or other service level commitments.

8. Privacy, Data Collection & Cookies

8.1 Minimal data. We collect what’s needed to operate the Services: name, email, associated Organization, course/tournament participation, progress logs, and technical telemetry necessary to secure and maintain the Services. We do not collect phone numbers or physical addresses unless strictly necessary for security or support. 8.2 Sensitive data. You must not input health, financial, or other special‑category data unless we expressly agree in writing. 8.3 Cookies. We currently use only essential session cookies for authentication and core functions. If we introduce analytics/non‑essential cookies later, we will implement a compliant consent mechanism per applicable law. 8.4 Privacy Policy & DPA. Our Privacy Policy (linked in‑product) explains purposes, legal bases, retention, international transfers, and user rights. For Organizations, the DPA governs processing on their behalf, including sub‑processors and cross‑border transfer mechanisms (e.g., SCCs/UK addendum or other approved safeguards). 8.5 Student & child transparency. Organizations must provide appropriate notices to parents/guardians and students as required by local law (e.g., COPPA notices, FERPA directory‑information disclosures). 8.6 No Sale/Sharing of Personal Data. When acting as a processor/service provider for Organizations, Squid does not “sell” or “share” personal information as those terms are defined under applicable US state privacy laws, nor does Squid use such data for cross‑context behavioral advertising. 8.7 Privacy Contact. Questions about privacy, data subject rights, or this policy may be directed to [email protected] (you can also submit a request via our Privacy Request Form). Details on how long we keep different types of information are provided in our Data Retention & Deletion Schedule.

9. Security & Incident Response

We maintain administrative, technical, and physical safeguards appropriate to the nature of the data. You must secure your devices and credentials. If we become aware of a security incident affecting your data, we’ll notify the impacted customer/Organization without undue delay and cooperate as required by law and the DPA.

10. Content & IP

10.1 Our IP. The Services (software, content, visuals, trademarks) are owned by Squid and its licensors and licensed, not sold, to you. No rights are granted except as expressly stated. 10.2 Your Content. You retain rights to content you upload. You grant Squid a non‑exclusive, royalty‑free license to host, display, and process such content solely to operate and improve the Services. You represent you have all rights needed and your content complies with law and these Terms. 10.3 Feedback. You grant Squid a perpetual, worldwide, royalty‑free license to use feedback/suggestions to improve the Services without obligation to you.

11. Third‑Party Services & Sign‑In

You may enable third‑party sign‑in (e.g., Google, Apple) or integrations. Use of third‑party services is subject to their terms and privacy practices. We’re not responsible for third‑party services or data they process beyond our control. If you believe content infringes your copyright, send a notice to our DMCA agent: DMCA Agent: Squid Academy Ltd Address: 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom Email: [email protected] Your notice must include: (a) identification of the copyrighted work claimed to have been infringed; (b) identification of the material claimed to be infringing (URL if available); (c) your contact information; (d) your good‑faith statement that the use is not authorized; (e) a statement under penalty of perjury that the information is accurate and that you are the copyright owner or authorized to act; and (f) your physical or electronic signature. We may remove content and/or terminate repeat infringers where legally required.

13. Fees, Taxes & Promotions

13.1 Fees. Fees for licenses/subscriptions are set out in your order, invoice, or Organization agreement. Promotional terms (e.g., complimentary access periods) are time‑limited and subject to the applicable commercial document. 13.2 Taxes. Fees are exclusive of all applicable taxes (e.g., VAT, GST, sales/use/IVU, digital services taxes). The seller of record must collect and remit taxes as required by local law. Jurisdiction‑specific rules in the Regional Annexes (e.g., United States incl. Texas, Puerto Rico, Malaysia, Thailand, India) form part of these Terms and may require registration, invoicing, or exemption documentation by the invoicing party. 13.3 Nonpayment. We may suspend or terminate Services for nonpayment after reasonable notice.

14. Data Governance (Organizations)

14.1 Controller/Processor. As between the parties, the Organization is controller of personal data it supplies; Squid is processor/service provider. 14.2 DPA Incorporated. The SquidData Processing Addendum (current version posted in‑product) is incorporated by reference and governs processing, sub‑processors, security measures, assistance with data‑subject requests, audits, and incident handling. 14.3 International Transfers. We use approved transfer mechanisms (e.g., SCCs, UK IDTA/Addendum, or equivalent) for cross‑border transfers. 14.4 Retention & Deletion. Upon termination or request, we delete or return Organization personal data per the DPA unless law requires retention. 14.5 Parental Consent Records. Organizations must maintain parental/guardian consent records for under‑13 users (or local equivalents) and supply proof upon request. 14.6 Student Rights Requests. Organizations are responsible for authenticating and routing access/deletion requests from students/parents; we will assist per the DPA. **14.7 Policies Hierarchy. **If there is any conflict between these Terms and the DPA with respect to processing of personal data on behalf of an Organization, the DPA prevails. If there is a conflict between these Terms and any other incorporated policy or annex (e.g., Privacy Policy, Regional Annexes), the document that more specifically addresses the subject matter controls, unless these Terms or that document expressly state otherwise.

15. Warranties & Disclaimers

The Services are provided “AS IS” and “AS AVAILABLE”. To the maximum extent permitted by law, we disclaim all warranties, express, implied, or statutory, including merchantability, fitness for a particular purpose, and non‑infringement. We do not warrant the Services will be error‑free, uninterrupted, or meet your specific requirements.

16. Indemnification

16.1 By Organization. The Organization will defend, indemnify, and hold harmless Squid and its affiliates against claims, losses, damages, and expenses (including reasonable legal fees) arising from: (a) Organization’s or Org Admin’s breach of these Terms or the DPA; (b) failure to obtain/retain verifiable parental consent or comply with child/student privacy laws; (c) content provided by the Organization; or (d) use of the Services in violation of law. 16.2 By Public User. Public Users will indemnify Squid for claims arising from their breach of these Terms or violation of law. 16.3 IP Indemnity by Squid (Organizations only). We will defend Organization against third‑party claims alleging the Services infringe a patent, copyright, or trademark, and pay resulting damages finally awarded, provided Organization: (a) promptly notifies us; (b) gives us sole control of defense/settlement; and (c) cooperates. We may modify or replace the Services to avoid infringement or terminate access with a pro‑rated refund. This does not apply to claims based on Organization content, combinations, or non‑current versions.

17. Suspension & Termination

We may suspend or terminate accounts or access (in whole or part) if: (a) you materially breach these Terms; (b) nonpayment persists; (c) your use poses security, legal, or safety risks; or (d) required by law. We will notify you of a suspension and the reason, unless prohibited by law, and will reinstate access promptly after the issue is resolved. You may stop using the Services at any time. Upon termination, your right to access the Services ceases, and Sections 1021 survive. For Organizations, data handling upon termination is governed by the DPA. Post‑Termination Data Handling. Upon termination or expiration, you (or your Organization) may request an export of Organization Data and personal data within 30 days of termination. Squid will delete or anonymize remaining personal data within 60 days thereafter, except where retention is required by law or for limited back‑up integrity (in which case data will be isolated and deleted on the next standard cycle). Extended storage or migration assistance must be agreed in writing and may incur fees.

18. Limitation of Liability

To the maximum extent permitted by law: 18.1 No Indirect Damages. Neither party is liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for loss of profits, revenue, goodwill, or data, even if advised of the possibility of such damages. 18.2 Aggregate Cap. Each party’s total aggregate liability under these Terms (whether in contract, tort—including negligence—strict liability, or otherwise) is limited to the total amounts paid or payable to Squid in the twelve (12) months immediately preceding the event giving rise to liability. For Public Users, the cap is the lower of that amount or £10,000 (or USD equivalent); for free plans, £100. 18.3 Carve‑Outs. The above limitations do not apply to: (a) a party’s fraud or willful misconduct; (b) your payment obligations; (c) your indemnification obligations; or (d) liability that cannot be excluded under applicable law (including death or personal injury caused by negligence). 18.4 DPA & Data Protection. For Organization‑processed personal data, the DPA governs data‑protection liabilities and remedies; this §18 applies except to the extent the DPA expressly provides otherwise.

19. Export, Sanctions & Government Use

You must comply with export control and sanctions laws applicable to you. You may not use the Services if you are subject to sanctions or in prohibited territories. Government users: the Services are provided as “commercial computer software” and related documentation subject to restricted rights.

20. Changes to Terms

We may update these Terms from time to time. We’ll post the new version with an updated “Last updated” date and, for material changes, provide reasonable advance notice. Continued use after the effective date constitutes acceptance.

21. General

21.1 Governing Law & Venue. These Terms are governed by the laws of England & Wales, and disputes will be resolved exclusively in the courts of England & Wales, except that mandatory local laws may also apply and nothing herein limits non‑waivable statutory rights.
21.2 Order of Precedence. If there is a conflict between these Terms and a signed order/agreement with Squid, the signed document prevails; for Organization data, the DPA prevails over these Terms to the extent of conflict.
21.3 Force Majeure. Neither party is liable for delays/failures caused by events beyond reasonable control.
21.4 Assignment. You may not assign these Terms without our prior written consent; we may assign to an affiliate or in connection with reorganization, merger, or sale.
21.5 Notices. Legal notices to Squid: [email protected] and 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Notices to you: the email on your account or in‑app notifications.
21.6 Severability; Waiver. If any provision is unenforceable, the remainder remains in effect. Failure to enforce is not a waiver.
21.7 Entire Agreement. These Terms (including the Privacy Policy, DPA, and Regional Annexes) form the entire agreement for your use of the Services.

Regional Annexes (Incorporated by Reference)

Annex A — United States (including Texas) & Puerto Rico

  1. Children’s privacy: Compliance with COPPA is mandatory. Public users under 13 are not permitted. Org Admins must obtain verifiable parental consent before inviting under‑13 users; maintain records for as long as the account is active.
  2. FERPA (where applicable): For US educational institutions, you acknowledge your responsibilities under FERPA. Squid acts as a “school official” under your control for authorized educational purposes when processing student data.
  3. Texas: Comply with Texas privacy laws applicable to minors and students. Where an Organization operates in Texas, Org Admins must ensure COPPA‑grade guardian consent and age gating; retain consent records and provide them upon request.
  4. Puerto Rico: Comply with Puerto Rico data‑protection requirements; ensure guardian consent for under‑13 users; maintain documentation (including SURI evidence for tax‑related exemptions if relevant to invoicing outside these Terms).

Annex B — Malaysia (PDPA 2010)

  1. Provide PDPA‑compliant notices to data subjects (or guardians) describing purposes, rights of access/correction, and how to contact your PDPA officer.
  2. Do not transfer personal data outside Malaysia except in accordance with PDPA cross‑border rules or where a controller‑approved transfer mechanism is in place (covered by our DPA safeguards).

Annex C — Thailand (PDPA 2019)

  1. Obtain explicit consent from a parent/guardian for under‑ten users; for older minors, obtain consent where required by PDPA and applicable regulations.
  2. Respect PDPA rights (access, correction, deletion); route requests via the Organization for Organization‑provisioned users; Squid will assist per the DPA.

Annex D — India (DPDP Act 2023)

  1. Treat children (under 18) as a protected class: obtain verifiable parental consent before processing their personal data; do not undertake tracking/behavioral monitoring or targeted advertising directed at children.
  2. Comply with notice, consent, and data‑principal rights requirements; use our DPA safeguards for cross‑border transfers until further rules specify otherwise.