learnfolio

Privacy Policy

Last updated: January 2025

1. Introduction

Kompass Education (UK) Limited (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use the Learnfolio platform (“Platform”).

We are the data controller for your personal data and are registered in England and Wales. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you register
  • Payment Information: Payment card details (processed securely by Stripe)
  • Profile Information: Any additional information you add to your profile
  • Communications: Messages you send to us or through the Platform
  • Course Interactions: Reviews, comments, and feedback you submit

2.2 Information Collected Automatically

  • Usage Data: Pages visited, courses accessed, time spent on the Platform
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, referring URLs
  • Cookies: See our Cookie Policy for details

2.3 Information from Third Parties

If you sign in using a third-party service (such as Google), we receive basic profile information from that service according to their privacy settings.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Provision: To provide and maintain the Platform and your account
  • Payment Processing: To process subscriptions and payments
  • Communication: To send service updates, support responses, and important notices
  • Personalisation: To customise your learning experience and recommendations
  • AI Features: To power AI-assisted learning features such as the AI Mentor
  • Analytics: To understand how users interact with the Platform and improve our services
  • Security: To detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: To comply with legal obligations

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: Processing necessary to provide our services to you
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our Platform and preventing fraud
  • Consent: Where you have given consent for specific processing activities
  • Legal Obligation: Processing required to comply with the law

5. Data Sharing

We may share your personal data with:

  • Service Providers: Third parties who help us operate the Platform (hosting, payment processing, analytics)
  • Payment Processors: Stripe processes payments on our behalf
  • AI Service Providers: To provide AI-powered features (data is anonymised where possible)
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

6. International Transfers

Some of our service providers are located outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for 2 years after deletion
  • Payment Records: Retained for 7 years for legal and tax purposes
  • Usage Data: Retained for up to 2 years
  • Communications: Retained for up to 3 years

8. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at darren@coxon.ai. We will respond within one month.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls and monitoring
  • Staff training on data protection

10. Cookies

We use cookies and similar technologies to operate the Platform and improve your experience. Essential cookies are required for the Platform to function. You can manage your cookie preferences through your browser settings.

For more information, please see our Cookie Policy.

11. Children's Privacy

The Platform is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Platform. The “Last updated” date at the top indicates when the policy was last revised.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Telephone: 0303 123 1113

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Kompass Education (UK) Limited
Email: darren@coxon.ai