DRAFT — pending solicitor review. Not for live use.

Privacy policy

Last updated: 2026-05-23

1. Who we are

Literate Ltd (working name) operates the platform at literate.eu. We are the data controller for personal data collected through our marketing site and account management. For customer staff training data, we act as a processor on behalf of the customer organisation.

2. What we collect

• From buyers (admins): name, work email, company, country, password hash, login timestamps.
• From learners (email mode): name, email, training progress, quiz responses, certificates issued.
• From learners (SSO mode): a pseudonymous reference derived via HMAC of the IdP subject claim — no name or email stored in our database.
• From visitors: standard server logs (IP, user agent, requested page) and limited analytics.

3. Lawful basis

We rely on contract performance (for service operation) and legitimate interest (for security and product improvement). Marketing emails require separate consent.

4. Retention

• Training records: 6 years from completion (UK Limitation Act).
• Audit logs: 6 years.
• Evidence pack ZIPs: 7 days then auto-deleted; regenerable on demand.
• Account data: until account deletion + 90 day grace period.

5. International transfers

All processing is in the EU region. Sub-processors are listed at our security page.

6. Your rights

Access, rectification, erasure, restriction, portability, objection. Contact privacy@literate.eu.

DRAFT — replace before launch.