How we handle data.

Plain-language summary. A formal Data Processing Agreement is provided to clients before service begins. For anything unclear, write to [email protected].

This website

Static site, no advertising or behavioural tracking. Cloudflare (our CDN) sees request metadata for DDoS protection; we don't link it to identifiable visitors. The contact form opens your email client — no data is posted to a third-party form processor.

Our services

When we host or back up your LMS, we act as a data processor on behalf of your organisation. We process personal data inside your LMS only to provide the contracted service, audit every support access, encrypt at rest (AES-256) and in transit (TLS 1.2+), and store backups in the region you select. We do not sell, share or monetise client data — ever.

Sub-processors

Listed in the DPA, updated with notice when sub-processors change.

Data subject rights

For our own contact records, you have the usual GDPR/UK GDPR rights — write to [email protected]. For data inside your LMS, your organisation is the controller; we support you in fulfilling learner requests.

Retention

Default backup retention is 90 days, configurable up to 7+ years for compliance use cases. When you stop using us, encrypted backups are deleted on a schedule agreed with you.

Last reviewed: 2026-05-25