Plain English Summary
We collect as little data as possible. Free modules require nothing. Paid access requires an email and payment (processed by Stripe, not stored by us). We don't sell your data to anyone. We use cookies only for essential functionality and anonymous analytics.
1. Who We Are
Legacy Business Engineers Ltd (CRO: 720301), 15 Palmers Crescent, The Manor, Dublin 20, D20 DP71, Ireland is the data controller for DC-LEARN. Contact: [email protected].
2. What Data We Collect
Free tier users: We collect no personal data. Free modules can be accessed without registration.
Paid tier users: We collect your name, email address, and purchase record. Payment card details are processed and stored by Stripe — we never see or store your full card number.
All users: We collect anonymous usage data (pages visited, time on page) via privacy-respecting analytics. We do not use tracking pixels, retargeting, or behavioural advertising.
3. Why We Process Your Data
We process personal data on the following legal bases under GDPR:
- Contract performance — to provide access to paid modules and issue certificates
- Legitimate interest — to improve the programme based on anonymous usage patterns
- Legal obligation — to maintain records required by Irish tax and company law
4. Who We Share Data With
We share data only with processors required to deliver the service:
- Stripe — payment processing
- Supabase — learner account and certificate storage
- Netlify — website hosting (access logs only, no personal data)
We do not sell, rent, or share your personal data with any third party for marketing purposes.
5. Data Retention
Account data is retained for the duration of your licence plus 6 years (Irish tax requirement). Anonymous analytics data is retained for 26 months. You may request deletion of your personal data at any time by contacting us.
6. Your Rights
Under GDPR, you have the right to access, rectify, erase, restrict processing, port your data, and object to processing. To exercise any of these rights, email [email protected]. We will respond within 30 days.
You may also lodge a complaint with the Data Protection Commission (Ireland).
7. International Transfers
Some processors (Stripe, Supabase) may process data outside the EEA. Where this occurs, it is subject to Standard Contractual Clauses or equivalent safeguards under GDPR.
8. Changes
We may update this policy from time to time. The "Last updated" date at the top of this page will change. Material changes will be communicated to registered users by email.