Privacy Policy

The data controller responsible for your personal data is:

We collect the following categories of personal data:

• Account data — name, email address, password (hashed)
• Payment data — billing details processed securely via our payment provider; we do not store card numbers
• Usage data — pages visited, lessons completed, time spent, quiz results
• Technical data — IP address, browser type, device type, cookies
• Communications — any messages you send us via email or contact forms

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance — to provide the services you have subscribed to
• Legal obligation — to comply with applicable laws, including tax and accounting requirements
• Legitimate interests — to improve the Platform, prevent fraud, and ensure security
• Consent — for optional marketing communications, where you have opted in

We use your personal data to:

• Create and manage your account
• Process payments and manage subscriptions
• Deliver lessons, exercises, and platform features
• Track your learning progress
• Send service-related communications (receipts, renewal notices)
• Respond to your enquiries and support requests
• Improve and develop the Platform
• Comply with legal and regulatory obligations

The Platform uses cookies and similar tracking technologies. These include:

• Essential cookies — required for the Platform to function (login sessions, security)
• Analytics cookies — to understand how users interact with the Platform (e.g. Google Analytics)
• Preference cookies — to remember your settings

You can manage or withdraw cookie consent at any time via your browser settings or our cookie banner. Disabling essential cookies may affect Platform functionality.

We share data only where necessary, with the following categories of recipients:

• Payment processors — to handle subscription billing securely
• Hosting and infrastructure providers — who store Platform data on our behalf
• Analytics providers — to help us understand Platform usage
• Legal and regulatory authorities — where required by law

All third-party processors are bound by data processing agreements and may not use your data for their own purposes.

We retain personal data only for as long as necessary:

• Account data — for the duration of your subscription plus 2 years after account closure
• Payment records — for 10 years to comply with Italian tax law
• Usage and analytics data — up to 26 months in anonymised or aggregated form
• Communications — up to 3 years from the date of correspondence

After these periods, data is securely deleted or anonymised.

As a data subject under the GDPR, you have the following rights:

To exercise any of these rights, contact us using the details in Section 10. We will respond within 30 days. You also have the right to lodge a complaint with the Italian data protection authority, the Garante per la protezione dei dati personali.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include:

• Encrypted connections (HTTPS/TLS) across the Platform
• Hashed and salted password storage
• Access controls limiting who can view personal data
• Regular security reviews and updates

No method of transmission over the internet is completely secure. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant supervisory authority as required by law.

For any questions about this Privacy Policy or to exercise your data rights, please contact us using the details below. We aim to respond to all requests within 30 days.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a notice on the Platform. The date of the most recent revision will always be shown at the top of this page.