1. What we collect
1.1 You give us
- Account: name, email, password hash.
- Payment: billing address, last 4 digits of card. Card itself never touches our servers — held by Stripe.
- Learning: course progress, quiz answers, assignment submissions, forum posts.
1.2 We collect automatically
- Device, browser, IP address (used for fraud and abuse detection).
- Behavioural analytics — clicks, page views, lesson completion times (used to improve the product).
- Cookies — see cookies below.
2. Why we collect it
- To run your account and deliver lessons.
- To recommend the next course / lesson.
- To issue certificates and verify them via QR code.
- To prevent abuse (account sharing, scraping, payment fraud).
- To improve courses (we anonymise drop-off and quiz-failure data).
3. Who we share it with
- Stripe for billing.
- Cloudflare for delivery and protection.
- AWS / Google Cloud for hosting.
- SendGrid for transactional email.
- Law enforcement, only on valid legal process. We publish a transparency report annually.
We do not sell your personal data to anyone. We do not run third-party ad tracking on the marketing site.
4. Your controls
- Download all your data from your account settings (one click, JSON export).
- Delete your account from your account settings (irreversible, processed within 14 days).
- Opt out of behavioural cookies from the banner on first visit.
5. Retention
Account data is kept while your account is active and for 6 years after closure (UK regulatory requirement for educational businesses handling adults). Anonymised analytics are kept indefinitely. Forum posts you've made are kept under your handle unless you delete them.
6. Children
Not for under-18s. We don't knowingly collect data from minors.
7. International transfers
Data may be transferred to the US (for AWS, Stripe, SendGrid). Transfers covered by Standard Contractual Clauses.
8. Contact
Data protection officer: privacy@01lotacademy.example.