Skip to content

Privacy Policy

Last updated: 29 April 2026

LearningBro ("we", "us", "our") is operated by John Haigh as a sole trader in the United Kingdom and runs learningbro.com. We are the controller for the personal data we collect about you, except where we act as processor for a school under a separate agreement. This notice explains what we collect, why, how long we keep it, and what your rights are under UK GDPR and the Data Protection Act 2018. For a child-friendly summary, see the section near the end.

Information We Collect

Account data: name, email address, hashed password, locale and theme preference. Subscription data: Stripe customer ID, subscription status, billing period end (we never see or store card details — those are handled directly by Stripe). Learning data: lesson progress, assessment attempts, exam attempts, flashcard reviews, bookmarks, ratings, certificates earned. AI interaction data: messages you send to the lesson chat, hint requests, essay submissions and the AI feedback returned. School data: if you join via a school, your group membership and any pupil flags raised by your teachers. We do not collect date of birth, address, phone number, or location data, and we do not use cross-site tracking pixels or behavioural advertising.

Lawful Basis & How We Use Your Information

We process your data on the following lawful bases. Contract — to provide the educational service you signed up for, including AI features that form part of the service. Legitimate interests — to keep the service secure, prevent abuse, and improve the platform. Consent — for marketing emails (you can opt out at any time). Legal obligation — for tax and accounting records held by Stripe and our accountants. We do not sell your personal data and we do not use it for behavioural advertising.

Cookies & Similar Technologies

We use only strictly necessary cookies (to keep you signed in) and functionality cookies (to remember your language, theme, and referral source). We do not use advertising, analytics, or third-party tracking cookies. A full list is at /cookies.

Sub-processors & Third-Party Services

We share data with the following processors only as necessary to deliver the service: Stripe (payment processing), Anthropic (AI inference for chat, hints, explanations and essay marking — Anthropic confirms that retained data is never used for model training without express permission, and we are pursuing Zero Data Retention enablement via their sales process), Resend (email delivery), and our hosting provider Contabo (EEA-based application and database hosting). The full list with locations and transfer safeguards is at /sub-processors. We will notify customers by email if we add or change a sub-processor. You can disable AI features entirely from your Account settings, in which case no input from you will be sent to our AI sub-processor.

Children & Schools

Our service is suitable for learners from age 5 upwards. We follow the ICO's Age Appropriate Design Code (Children's Code): privacy-by-default, no public profiles, no behavioural advertising, no nudge techniques to extract more data than necessary, and the same data subject rights for children as for adults. Where a child joins via a school, the school is the controller for that child's data and we act as processor under a separate data sharing agreement; in that case the school is responsible for parental notification. Parents and pupils can contact us at privacy@learningbro.com at any time.

Data Retention

We retain account data for as long as your account is active. AI interaction data (lesson chat messages, hint usage, essay submissions) is automatically pruned after 12 months unless you delete it sooner. Stripe payment records are retained separately for 7 years for tax and audit purposes. When you delete your account we cascade-delete all your learning and AI data immediately; pseudonymised aggregates may be retained for service-improvement purposes only.

Your Rights

Under UK GDPR you have the right to: access your data (a JSON export is available from the Account page); correct inaccurate data; delete your data (via the Account page or by emailing privacy@learningbro.com); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We commit to responding to any rights request within one calendar month.

Security & Breach Notification

All traffic is TLS-encrypted, passwords are stored using bcrypt, and database access is restricted to the application server. Encrypted backups are taken daily. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify you directly where the risk is high.

Changes to This Notice

We may update this notice from time to time. If we make a material change we will give you reasonable notice by email. The latest version is always available at this URL with the last-updated date at the top.

Contact

LearningBro is operated by John Haigh as a sole trader in the United Kingdom (registered address: International House, 55 Longsmith Street, Gloucester, GL1 2HT). Email privacy@learningbro.com for any data-protection matter, including DSARs, account deletion, or complaints. The data-protection function is operated by John Haigh personally.