Trust & Compliance
Last updated: 29 April 2026
A single page summarising how LearningBro handles data, accessibility, security, and our relationship with examination boards. Designed for school procurement teams, parents, and anyone evaluating whether to use the platform. Each section links through to the full document where there is one.
Data protection (UK GDPR)
- Lawful processing
- We process personal data on the lawful bases of contract (to deliver the service), legitimate interests (security and abuse prevention), consent (marketing emails only), and legal obligation (tax records).
- Children's data
- We follow the ICO Age Appropriate Design Code: privacy-by-default, no public profiles, no behavioural advertising, no nudge techniques, equal data subject rights for children.
- Sub-processors
- Stripe, Anthropic, Resend, our hosting provider, and Cloudflare. Full list with locations and transfer safeguards at /sub-processors.
- AI processing
- User-authored text sent to AI features is processed by Anthropic under SCCs + UK Addendum. Zero Data Retention is requested where the API supports it, so inputs are not used to train AI models. Users can disable AI features entirely from their Account page, in which case no input is sent to the AI sub-processor.
- DPIA
- A Data Protection Impact Assessment is held internally and is available to schools on request from privacy@learningbro.com.
- Data subject rights
- Users can download a JSON export of their data and delete their account at any time from the Account page. Other rights (rectification, restriction, objection, portability) are exercised by emailing privacy@learningbro.com. We respond within one calendar month.
- Retention
- AI interaction data (lesson chat, hint usage, essay submissions) is auto-pruned after 12 months. Account data is retained while the account is active. Stripe records are kept for 7 years for tax purposes.
- Breach notification
- Where a breach is likely to result in risk to data subjects, we notify the ICO within 72 hours and affected users where the risk is high.
Accessibility
- Standard
- We target WCAG 2.2 Level AA, the standard expected of UK public-sector services. Full statement at /accessibility.
- What works well
- Full keyboard navigation, visible focus indicators, semantic heading hierarchy, 400% zoom support, five colour themes including high-contrast dark mode, MathML output for screen readers, mermaid-diagram text equivalents.
- Known issues
- Some legacy lesson images need alt-text backfill; older videos await captioning. Both are being worked on. Report any issue to accessibility@learningbro.com — we respond within five working days.
Security
- Encryption
- All traffic is TLS-only with HSTS. Passwords are stored using bcrypt with a high work factor.
- Hosting
- EEA-based VPS infrastructure (no international transfer for application data). Cloudflare provides edge caching and DDoS protection.
- Backups
- Encrypted daily backups with limited operator access.
- Access control
- Database access is restricted to the application server. Multi-tenant isolation enforced server-side via schoolId checks on every teacher endpoint.
- Payment security
- Card details are handled directly by Stripe and never reach our servers. We do not store payment information.
Exam-board independence
- We are not affiliated with any exam board
- LearningBro is an independent educational platform. We are not affiliated with, endorsed by, or approved by AQA, Pearson Edexcel, OCR, the LNAT Consortium, the UCAT Consortium, IELTS, or any other examination board. All trademarks belong to their respective owners.
- Where we reference specifications
- References to exam-board specifications are descriptive (section codes, topic titles, assessment structure). All teaching content is authored by us — see CONTENT_STANDARDS.md and CONTENT_AUTHORSHIP_LOG.md in our public repository for the full authoring policy.
Consumer rights
- Cancellation
- You can cancel any time from the Account page. Cancellation takes effect at the end of your current billing period — you keep access until then.
- Cooling-off
- 14-day right to a full refund on any new paid subscription, even if you have used the service. Email refunds@learningbro.com.
- Renewal reminders
- We email a renewal reminder 10–14 days before each renewal so you can decide whether to continue or cancel.
- VAT and pricing
- All prices shown in GBP and include VAT where applicable. We will give reasonable advance notice of any price change before it takes effect.
Business
- Entity
- LearningBro is operated by John Haigh as a sole trader, based at International House, 55 Longsmith Street, Gloucester, GL1 2HT, United Kingdom.
- Contact for procurement
- Schools and institutional buyers: schools@learningbro.com. Privacy and data: privacy@learningbro.com. Accessibility: accessibility@learningbro.com. Refunds: refunds@learningbro.com. General: support@learningbro.com.
- Documentation available on request
- Data Processing Agreement, DPIA summary, sub-processor change-notification list, school data sharing agreement, accessibility roadmap.
Quick links: Privacy Policy · Sub-processors · Cookies · Accessibility · Terms