Litelearn Privacy Policy

This Privacy Policy explains how Litelearn Ltd. ("we," "us," or "our") collects, uses, shares, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). We are committed to safeguarding the privacy and security of personal information provided to us in the course of our tuition services.

Data Controller

Litelearn Ltd. is the data controller responsible for the processing of personal data collected through our tuition services and any employment agency activities. If you have any questions or concerns regarding the processing of your personal data, please contact us using the details provided at the end of this policy.

Information We Collect

We collect and process various types of information, including personal data, for the following purposes:

  • Contact information (such as name, address, email address, and telephone number) to communicate with you regarding our tuition services, employment agency activities, and schedule sessions.
  • Student information (such as name, age, grade level, and academic performance) to tailor tuition sessions to individual student needs and monitor progress.
  • Tutor information (such as qualifications, experience, and feedback) to assess suitability, allocate appropriate tutors for tuition sessions, and facilitate employment agency introductions.
  • Session information (such as session transcripts, recordings, and metadata from online tools such as Lessonspace).

Use of Information

We use the information we collect for the following purposes:

  • To provide tuition services and fulfil our contractual obligations towards students, parents/guardians, schools/local authorities and/or other organisations to whom we deliver tuition services.
  • To communicate with students, parents/guardians, tutors, teachers (where applicable) and clients regarding tuition sessions, scheduling, updates, feedback, and employment agency introductions (where applicable).
  • To monitor student progress and academic performance, and provide feedback and support as necessary, through our AI system or otherwise.
  • To enhance our AI-based tools and services including session feedback, recommended resources, automated scheduling and student-tutor matching (where applicable).
  • To comply with legal and regulatory requirements, including record-keeping, reporting, safeguarding obligations, and employment agency regulations.
  • To improve our tuition services, develop new programs, enhance the overall learning experience, and facilitate successful tutor-client introductions, where applicable.

Sharing of Information

We may share personal information with the following categories of recipients:

  • Tutors: We may share student information with tutors engaged, subcontracted or introduced by us to deliver tuition services and/or facilitate introductions where we act as an employment agency.
  • Parents/Guardians: We may share student information with parents/guardians to provide updates, feedback, progress reports, and employment agency introductions.
  • Clients: We may share tutor information with clients for employment agency introductions, subject to consent and agreement between parties. We will never share client information with another client without the written consent of the data subject.
  • Schools: We may share information relating to students with schools and their employees (e.g. teachers) either where the school is our client and has contracted for us to deliver tuition services to one or more of their students, or where a Parent/Guardian for the student has given us their consent, in writing, to share information with the student’s school.
  • Service Providers: We may engage third-party service providers to assist us in providing tuition services or introductions to tutors, such as IT service providers (Lessonspace, Tutorcruncher), payment processors (Stripe), and administrative support.
  • Regulatory Authorities: We may disclose information to regulatory authorities or law enforcement agencies as required by law or to protect our legal rights.

We do not sell or rent personal information to third parties for marketing purposes.

Data Retention

We retain all information as laid out in Section 4 for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. The specific retention period for personal data may vary depending on the nature of the data and the purposes for which it is processed.

In the specific case of User Profile Data, the data retention period lasts until:

  • We receive a request to do so from the client.
  • The specific account has been inactive for at least 12 months.
  • Our contract with the client has ended. An explanation of this process may be found in the Terms and Conditions page of our website.

In all cases we undertake to keep all data collected within the UK unless it must be shared with Third Parties outside the UK such as the aforementioned Service Providers in Section 5. If so, we will ensure that there is a legal basis to do so and adequate protections offered. Such clauses will be those sanctioned by the UK Information Commissioner to enable this assurance.

Data Subject Rights

Under applicable data protection laws, you have certain rights regarding your personal data, including:

  • Right of Access: You have the right to request access to your personal data and information about how it is processed.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.
  • Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, or if you have any questions or concerns about the processing of your personal data, please contact us using the details provided at the end of this policy.

Data Security

We implement appropriate technical measures and adopt relevant policies and processes, as an organisation, in order to protect the security and confidentiality of personal information. These measures include access controls (e.g. secure passwords), encryption, 2-factor authentication, and regular security assessments. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Special category data and data relating to children (under the age of 18) and vulnerable adults (“Sensitive Data”) that is collected and processed in accordance with this policy shall be stored subject to additional reviews by our internal team to ensure that we are satisfied that the storage and processing of that data is appropriate. In particular, Sensitive Data shall be subject to the following additional safeguards:

  • We shall review where Sensitive Data is stored periodically and at least every three (3) months to ensure that it is appropriately secured and protected.
  • We shall maintain robust processes that govern the access to and retrieval of Sensitive Data, which shall include:
    • Who can access Sensitive Data, and how much access they will need at any given point in time in order to discharge our duties to you or to any lawful authority;
    • What Sensitive Data is permitted to be used for (which shall be restricted only to that use which is reasonably necessary for us to discharge our contractual and/or statutory duties);
    • What processing takes place when Sensitive Data is retrieved, including guidelines about what copies might be made, what they will be used for and where they will be stored.

In the event that there was to be any data breach of any kind (either suspected or known), we will undertake to:

  • Immediately take action to assess and mitigate the extent of any such breach.
  • Take steps to promptly assess what data has been, or may have been, compromised.
  • Inform data subjects of the data breach, using clear and jargon-free language.
  • Take any measures that may be necessary in order to prevent compromised data being used by an unauthorised third party (e.g. recommending to data subjects that they change passwords that may have been compromised).
  • Where appropriate, we will keep data subjects informed of any change to the level of risk we assess exists as a result of any such breach.

Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on our website unless specifically noted otherwise. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data subject rights, please contact us at:

Litelearn Ltd.

4th Floor, 14 Museum Place

Cardiff, United Kingdom, CF10 3BH

support@litelearn.co.uk

Last updated: 17/02/2026