Last updated: [DD Month 2026] · Version 1.0

Privacy Policy

This Privacy Policy explains how [LEGAL ENTITY NAME] (“Cour.pro UK”, “we”, “us”) collects, uses, shares and protects personal data when you and your child use our website and learning platform (the “Service”).

We take the privacy of children especially seriously. This policy should be read together with our Children’s Privacy Notice (written for children and parents), our Cookie Policy and our Terms of Service.

Our promises in brief: We collect the minimum data needed to run the Service. We never sell personal data. We never use children’s data for advertising or to build marketing profiles. Privacy settings are high by default. A parent or guardian controls every child account.

1. Who we are (data controller)

The data controller responsible for your personal data is:

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller and pay the data protection fee as required by the Data Protection (Charges and Information) Regulations 2018.

2. What personal data we collect

We collect different data depending on whether you are a parent/guardian, a child learner, a teacher, or a website visitor.

From parents / guardians (account holders)

From children (learners)

We deliberately do not collect a child’s precise location, contact details, photographs, or any special category data, and we do not ask children to provide more information than is needed to deliver their learning.

From everyone (technical data)

3. Why we use your data & our lawful bases

Under UK GDPR Article 6 (and EU GDPR where it applies), we rely on the following lawful bases:

PurposeLawful basis
Creating and running parent and child accounts; delivering lessons and progress trackingPerformance of a contract (Art. 6(1)(b))
Allowing a child under 13 to use the ServiceConsent of the holder of parental responsibility (Art. 6(1)(a) & Art. 8)
Taking payment and preventing fraudContract; and legitimate interests (Art. 6(1)(f)) in protecting the Service
Keeping the Service secure and reliableLegitimate interests (Art. 6(1)(f))
Functional preferences & analytics cookiesConsent (Art. 6(1)(a) & PECR)
Sending service emails (e.g. billing, security)Contract / legal obligation
Marketing emails to parentsConsent, which you can withdraw at any time
Meeting legal, tax and safeguarding obligationsLegal obligation (Art. 6(1)(c))

We apply data minimisation and purpose limitation (UK GDPR Article 5): we only collect what we need, use it only for the purposes above, and do not repurpose children’s data.

4. Children & parental consent

The Service is designed for children and we follow the ICO’s Age Appropriate Design Code (the “Children’s Code”). Key points:

For a plain-English version, see our Children’s Privacy Notice.

5. Who we share data with

We do not sell personal data and we do not share children’s data for advertising. We use a small number of trusted service providers (“processors”) who act only on our instructions under a written data processing agreement:

A current list of categories of processors is available on request from [DPO EMAIL].

6. International data transfers

We aim to store and process UK and EU users’ personal data within the UK and/or European Economic Area. Where any transfer outside the UK/EEA is necessary, we put in place appropriate safeguards required by UK GDPR — such as an adequacy decision, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses — and we carry out a transfer risk assessment.

7. How long we keep data

DataRetention
Active account & learning dataFor as long as the account is active
After account closureDeleted or anonymised within [e.g. 30–90 days], unless we must keep it longer by law
Billing/tax recordsUp to 6 years (UK tax law)
Consent recordsFor as long as needed to demonstrate compliance

We apply the principle of storage limitation and review retention periods regularly.

8. How we protect data

In line with UK GDPR Article 32, our technical and organisational measures include: encryption in transit (HTTPS/TLS) and at rest; hashed passwords; role-based access controls and least-privilege access; logging and monitoring; regular backups; secure software development practices; staff confidentiality and training; and a documented personal data breach procedure. If a breach is likely to result in a risk to people’s rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay where required.

9. Your rights

Under UK GDPR (and EU GDPR where it applies) you have the right to: be informed; access your data; have inaccurate data corrected; have data erased; restrict processing; data portability; object to processing; and rights relating to automated decision-making. Where we rely on consent, you can withdraw it at any time.

To exercise any right, contact [DPO EMAIL]. We will respond within one month. There is normally no charge. We may need to verify your identity (and, for a child’s data, your parental responsibility) to protect the data.

10. Cookies & analytics

We use only essential cookies by default. Functional and analytics cookies are used only with your consent, which you give through our cookie banner and can change at any time via “Cookie settings” in the footer. See our Cookie Policy for the full list.

11. Automated decisions & profiling

Our learning engine adapts the difficulty of questions to a child’s answers to personalise practice. This is used solely to support learning and does not produce legal or similarly significant effects on anyone. We do not use automated profiling of children for marketing, and there is no solely-automated decision-making with legal effect under Article 22.

12. EU users & our EU representative

If you are in the European Economic Area, EU GDPR applies to your data. We respect the age of consent set by your country (between 13 and 16). Where required by Article 27 of the EU GDPR, our EU representative is: [EU REPRESENTATIVE NAME & ADDRESS]. EU users may also lodge a complaint with their local supervisory authority.

13. Changes to this policy

We may update this policy from time to time. If we make significant changes we will tell account holders and, where appropriate, ask for fresh consent. The “last updated” date at the top shows the current version.

14. How to contact us & complain

For any privacy question or to exercise your rights, contact our Data Protection Officer at [DPO EMAIL] or write to [REGISTERED ADDRESS].

If you are unhappy with how we have handled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint or call 0303 123 1113. We’d appreciate the chance to put things right first.