Privacy Policy
Key Information
Before reading the full policy, here's what you need to know:
- Prentora Ltd is the data controller of the personal data we collect about you.
- We collect personal data you provide (name, email, payment information), data about how you use our platform (courses viewed, time watched, voting activity), and data from third parties (payment processors).
- We use your personal data to provide our services, process payments, improve our platform, communicate with you, and ensure platform security.
- You have rights regarding your personal data, including the right to access, correct, delete, and download your information.
1. Introduction
This Privacy Policy describes how Prentora Ltd, a company registered in England and Wales with company number 16785749 ("Prentora," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our website and related services (collectively, the "Services").
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.
2. Information We Collect
2.1 Information You Provide to Us
| Category | Description |
|---|---|
| Account Information | When you create an account, we collect your name, email address, and password. We also collect your approximate location (country) based on your IP address or payment information. |
| Payment Information | When you purchase courses, we collect billing information (name, billing address, postal code). Payment card details are collected and processed by our third-party payment processors (Stripe). We do not store full credit card numbers. |
| Course Activity | Your course enrollments, completion progress, video watch time, and course reviews. |
| Community Interactions | Course reviews, Greenlight votes, and comments on Greenlight proposals. |
| Communications | Information you provide when you contact our support team, respond to surveys, or communicate with us via email or chat. |
2.2 Information Collected Automatically
| Category | Description |
|---|---|
| Usage Data | Pages viewed, courses browsed, search queries, time spent on pages, buttons clicked, navigation paths, and features used. |
| Device Information | IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences. |
| Location Data | General location (country, region, city) inferred from your IP address. We do not collect precise geolocation data. |
| Cookies | We use essential cookies necessary for the platform to function properly, including authentication and security. We do not use tracking or advertising cookies. |
2.3 Information from Third Parties
- Payment Processors: We receive transaction confirmation and limited payment information (last 4 digits of card, transaction status) from Stripe and other payment providers.
- Security Services: We work with fraud prevention and security providers to protect our platform and users.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Provide and Improve Our Services
- Create and manage your account
- Process course purchases and deliver course content
- Track your learning progress
- Provide customer support and respond to your inquiries
- Facilitate the Greenlight voting system for course curation
- Enable course reviews, Greenlight voting, and comments on proposals
3.2 Platform Operation and Security
- Monitor and analyze platform usage and performance
- Detect and prevent fraud, abuse, and security threats
- Enforce our Terms of Service and Community Guidelines
- Debug technical issues and improve platform stability
3.3 Communications
- Send transactional emails (purchase confirmations, course updates, password resets)
- Send promotional emails about new courses, features, and special offers (you can opt out)
- Notify you about changes to our services or policies
- Request feedback through surveys
3.4 Legal Compliance
- Comply with legal obligations and respond to legal requests
- Protect our rights, property, and safety, and that of our users
- Enforce our agreements and policies
3.5 Device and Network Identification
When you interact with key parts of our platform, such as creating an account, logging in, making purchases, and accessing course content, we collect device identification data and your IP address. This data is used for:
- Fraud prevention: detecting and preventing unauthorized access and fraudulent transactions
- Dispute resolution: providing evidence in the event of payment disputes or chargebacks
- Defence of legal claims: protecting our rights and the rights of our instructors
We process this data under Legitimate Interests (UK GDPR Article 6(1)(f)). Our legitimate interest is protecting the platform, its users, and instructors from fraud and fraudulent chargeback claims.
3.6 Legal Basis for Processing (UK GDPR)
We process your personal information under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and course access | Contract: Processing is necessary to provide the services you requested |
| Payment processing | Contract: Processing is necessary to complete your purchase |
| Platform improvements and performance monitoring | Legitimate Interests: Improving user experience and platform functionality |
| Marketing emails (promotional courses, platform updates) | Consent / Soft Opt-In: If you are an existing customer, we may send you marketing about similar courses (soft opt-in under PECR). You can opt-out at any time via unsubscribe links or account settings |
| Security, fraud prevention, legal compliance | Legal Obligation / Legitimate Interests: Protecting our platform and complying with applicable laws |
| Transaction records retention (7 years) | Legal Obligation: HMRC tax compliance requirements |
| Device and network identification for fraud prevention | Legitimate Interests: Protecting the platform, users, and instructors from fraud and fraudulent disputes |
You have the right to object to processing based on legitimate interests. Contact [email protected] to exercise this right.
4. How We Share Your Information
4.1 Course Instructors
When you enroll in a course, instructors can view aggregate, anonymized analytics about course performance (enrollment numbers, average completion rates, popular sections). Instructors cannot access individual student names, email addresses, or personal information.
4.2 Service Providers
We share your information with third-party service providers who perform services on our behalf, including:
- Payment processing (Stripe, Wise)
- Cloud hosting and storage
- Email delivery services
- Customer support tools
- Server-side analytics and performance monitoring
- Video hosting and streaming
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
4.3 Public Information
When you interact with public features of the platform, certain information becomes visible to other users:
- Course Reviews: Your display name, rating, review text, and the date you posted the review are publicly visible
- Greenlight Voting: Your individual votes are anonymous, but aggregated vote counts and voting trends are publicly visible
4.4 Legal Requirements
We may disclose your information when required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Governmental requests
- Protection of our rights and property
- Investigation of fraud or security issues
- Protection of user safety
4.5 Business Transfers
If Prentora is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4.6 Aggregated Data
We may share aggregated, anonymized data that does not identify you personally (e.g., "50% of users completed this course").
5. Legal Basis for Processing
Under UK data protection law (UK GDPR), we process your personal data based on the following legal grounds:
- Performance of a Contract: To provide our Services as outlined in our Terms of Service
- Legitimate Interests: To improve our platform, ensure security, conduct analytics, and market our services
- Consent: Where you have given explicit consent (e.g., for marketing emails or cookies)
- Legal Obligation: To comply with applicable laws and regulations
6. Data Retention
We retain different categories of personal information for different periods based on legal requirements and business needs:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Data | While account is active + 90 days after deletion request | Service provision and user data rights |
| Purchase Records | 7 years from transaction date | HMRC tax compliance requirement |
| Payment Information | Managed by Stripe per PCI-DSS requirements | Payment processing compliance |
| Course Progress Data | While account is active + 90 days after deletion | Service provision |
| Marketing Consent Records | 3 years after consent withdrawal | Demonstrate compliance with marketing regulations |
| Support Communications | 2 years from last interaction | Quality assurance and dispute resolution |
| Security Logs | 1 year | Fraud prevention and security investigations |
| Activity & Device Data | While account is active + 90 days after deletion | Fraud prevention and dispute resolution |
When you request account deletion, we will delete or anonymize your personal information within 90 days, subject to the retention periods above. Course reviews you have posted will be anonymized (your name removed) but may remain visible to maintain the integrity of course ratings.
If your account is subject to an ongoing legal dispute, investigation, or regulatory inquiry, we may retain relevant data until the matter is resolved.
7. Data Security
We implement industry-standard security measures to protect your personal information, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Employee training on data protection
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Data Breach Notification
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. Our notification will include:
- The nature of the personal data breach
- The likely consequences of the breach
- The measures we have taken or propose to take to address the breach and mitigate potential adverse effects
- Contact details where you can obtain more information
We will also notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach that poses a risk to individuals' rights and freedoms, as required by UK GDPR.
If you have concerns about a potential security issue, please contact us immediately at [email protected].
9. International Data Transfers
Prentora is based in the United Kingdom. We may transfer personal data to service providers located outside the UK:
| Service Provider | Purpose | Location | Personal Data Transferred |
|---|---|---|---|
| Stripe | Payment processing | United States | Billing name, address, postal code, payment card information |
| Wise | Instructor payout processing | United Kingdom | Instructor name, bank account details, payout currency |
| Email delivery services | Transactional and marketing emails | European Union (Amsterdam, London, Frankfurt) | Email address, name |
| Cloud hosting | Application and database hosting | United Kingdom / European Union | All data stored on our platform |
| Video hosting and CDN | Course video delivery | European Union | No personal information transferred |
Safeguards for International Transfers
When we transfer personal data outside the UK to countries without adequacy decisions, we implement appropriate safeguards:
- Standard Contractual Clauses: We use UK International Data Transfer Agreements and Standard Contractual Clauses approved by the UK Information Commissioner's Office
- Data Privacy Framework: For transfers to the United States, our payment processor Stripe is certified under the EU-U.S. Data Privacy Framework and UK Extension
- Technical Measures: All data transfers are encrypted in transit using HTTPS/TLS
You can request copies of the Standard Contractual Clauses and Data Processing Agreements by contacting [email protected].
10. Your Rights and Choices
We will respond to all requests to exercise your data rights within 30 days of receipt, unless otherwise specified. In complex cases, we may extend this period by a further 60 days and will notify you of any extension.
10.1 Access and Portability
You can access and download your personal information by logging into your account settings or contacting us at [email protected]. We will respond to data access and portability requests within 30 days of receipt.
10.2 Correction and Updates
You can update your account information directly in your profile settings. If you need assistance, contact us.
10.3 Deletion
You can request deletion of your account and personal information by contacting [email protected]. We will process your request within 30 days, subject to legal retention requirements.
10.4 Marketing Opt-Out
You can unsubscribe from promotional emails by clicking the "unsubscribe" link in any marketing email or updating your email preferences in your account settings.
10.5 Cookie Management
We only use essential cookies necessary for authentication, security, and core platform functionality. These cookies are required for our Services to operate properly. While you can configure your browser to reject cookies, doing so will prevent you from using key features of our platform, including logging in and accessing purchased courses.
11. Children's Privacy
Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at [email protected], and we will delete it.
12. Third-Party Links and Services
Our platform may contain links to third-party websites, services, or resources that are not operated by Prentora. This Privacy Policy does not apply to those third-party sites.
We are not responsible for the privacy practices or content of third-party websites. When you click on a link to a third-party site (such as an instructor's personal website, social media profile, or payment processor), you will be subject to that third party's privacy policy. We encourage you to review the privacy policies of any third-party sites you visit.
13. Region-Specific Rights
13.1 UK Residents (UK GDPR)
If you are a UK resident, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your personal data
- Data portability
- Object to processing based on legitimate interests
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner's Office (ICO)
To exercise these rights, contact [email protected].
13.2 EEA and Switzerland Residents (GDPR)
If you are located in the European Economic Area or Switzerland, you have the same rights as UK residents under the GDPR. To exercise these rights, contact [email protected].
13.3 California Residents (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect, use, and share
- Request deletion of personal information
- Opt out of the "sale" or "sharing" of personal information (we do not sell personal information in the traditional sense)
- Correct inaccurate personal information
- Limit the use of sensitive personal information
- Not be discriminated against for exercising these rights
To exercise these rights, email [email protected].
13.4 Other US State Residents
Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia have similar rights to California residents under their respective state privacy laws. Contact [email protected] to exercise these rights.
13.5 Nevada Residents
Nevada residents may opt out of the sale of certain covered information. We do not currently sell covered information. To make a request, contact [email protected].
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:
- Posting a notice on our website
- Sending you an email
- Updating the "Last Updated" date at the top of this policy
Your continued use of our Services after changes become effective constitutes your acceptance of the revised Privacy Policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Prentora Ltd Company Number: 16785749 Registered in England and Wales 15 Peregrine Crescent Manchester M43 7TA United Kingdom Email: [email protected]
UK Supervisory Authority: Information Commissioner's Office (ICO) Website: https://ico.org.uk