This Privacy Policy explains how EDC LMS ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our Learning Management System platform. By using our services, you agree to the collection and use of information in accordance with this policy.
Account Information: When you register, we collect your name and email address. Passwords are stored as cryptographic hashes — we never store plain-text passwords.
Learning Data: We record your course enrolments, lesson completion progress, quiz attempts and scores, notes you create, bookmarks, and course ratings. This data is necessary to deliver the learning experience.
Communication Data: Messages sent through our internal messaging system and any Q&A posts on lessons are stored to facilitate communication between learners and instructors.
Payment Data: Course purchases are processed by Stripe. We store only a record of the transaction (amount, date, status). We never store your full card number, CVV, or billing address — those are handled exclusively by Stripe.
Technical Data: Session tokens, your display preferences (theme, language), and notification settings are stored to personalise your experience.
Uploaded Files: Profile images, course cover images, lesson attachments, and video previews uploaded via our platform are stored with our file storage provider.
- To create and manage your account
- To deliver courses, track your progress, and issue certificates
- To process payments and maintain transaction records
- To send transactional emails (password resets, enrollment confirmations, notifications)
- To enable messaging between users
- To display leaderboards, XP, badges, and skill progress (where enabled)
- To improve our services through aggregate analytics
- To comply with legal obligations
We process your data on the following legal grounds:
Contract Performance: Account data and learning data are processed to fulfil the service agreement between you and us.
Legitimate Interests: Communication features, system security, and aggregated analytics serve our legitimate interests in operating and improving the platform.
Legal Obligation: We may process data to comply with applicable laws and regulations.
Consent: Where we rely on consent (e.g. optional marketing communications), you may withdraw consent at any time.
We do not sell your personal data. We share data only with the following trusted service providers:
- Stripe (payment processing) — processes payment card data under their own privacy policy
- Resend (transactional email) — used to send notifications and account emails
- File storage provider — stores uploaded course content and user files
- Database infrastructure provider — hosts our application data in secure, EU-compliant data centres
All processors are contractually bound to protect your data and process it only on our instructions.
We retain your personal data for as long as your account is active or as needed to provide services. You may request deletion of your account at any time. Certain records (e.g. payment transactions) may be retained for the period required by applicable financial and tax law (typically 7 years).
If you are located in the European Economic Area, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten"), subject to legal obligations
- Right to Restriction: Request that we limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time
To exercise any of these rights, please contact us using the details below. We will respond within 30 days.
We use essential cookies to keep you signed in and remember your session. Please see our Cookie Policy for full details.
Our platform is not directed at children under 16. We do not knowingly collect personal data from anyone under 16 without verifiable parental consent.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.
For privacy-related questions or to exercise your rights, please contact our data protection contact via the platform's help page or the email address listed on our website. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.