Legal

Privacy Policy

Last updated: 14 July 2026

Micro Learn Online ("we", "us", "our") is a trading name of AG2 Design, of 13 Tewit Well Road, Harrogate, HG2 8JE, United Kingdom. This policy explains what personal data we collect through micro-learn.online (the "Site") and our SCORM training packages, why we collect it, and the rights you have over it, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who this policy covers

This policy applies to visitors to the Site, individuals at organisations we licence SCORM packages to ("Clients"), and learners within a Client's organisation whose activity is recorded when they complete a licensed training package ("Learners"). Client organisations are responsible for informing their own Learners that activity data is shared with us — see Section 6.

2. Data we collect

Account & billing data (Clients)

  • Name, email address, and organisation name, collected when your account is created
  • Payment method and billing history, processed and stored by Stripe (we do not store card details ourselves)
  • Licence and package download records

Learner activity data

When a Learner opens a licensed SCORM package inside your LMS, the package sends usage events (launch, page views, completion) back to our platform, tagged with an internal client and learner identifier supplied by your LMS. We use this solely to calculate usage-based billing and to give Clients visibility of learner progress. We do not use Learner data for marketing.

Technical & usage data

Standard server logs (IP address, browser type, pages requested) generated by visiting the Site, and — if enabled — privacy-friendly, cookieless aggregate analytics (see our Cookie Policy).

Contact form submissions

If you use our contact form, we collect your name, email address, optional organisation name, and the message you send, in order to respond to your enquiry.

3. Legal basis for processing

  • Contract — account administration, licensing, billing, and delivering packages
  • Legitimate interests — responding to enquiries, keeping the Site secure, and improving the service
  • Legal obligation — retaining financial records as required by UK tax law

4. How we share data

We share data with the following processors, each bound by data processing terms:

  • Neon — hosts our PostgreSQL database and manages account authentication
  • Stripe — processes payments and manages billing/subscription data
  • DigitalOcean (Spaces) & Cloudflare — store and deliver SCORM package files via CDN
  • Vercel — hosts the Site and application
  • MailerSend — delivers transactional email (e.g. contact form messages, billing notifications)
  • OpenAI — used internally to help generate and review course content; not used to process personal data about Clients or Learners

We do not sell personal data. We only disclose data to other third parties where required by law, or to protect our legal rights.

5. International transfers

Some processors listed above may store or process data outside the UK. Where this happens, we rely on adequacy regulations or Standard Contractual Clauses (or equivalent UK safeguards) to ensure your data remains protected.

6. Client responsibilities for Learner data

Where a Client organisation deploys our SCORM packages to its own Learners, the Client is responsible for ensuring its Learners are informed of the tracking described above, in line with the Client's own privacy notice and internal policies. We act as a processor of Learner activity data on the Client's behalf for this purpose.

7. Data retention

We retain account and billing records for as long as your account is active and for a further period afterwards as required for tax and accounting purposes (normally six years). Learner activity data is retained for as long as reasonably needed for billing reconciliation and Client reporting, after which it is deleted or anonymised.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure of your data, where applicable
  • Object to or restrict certain processing
  • Request a copy of your data in a portable format
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, please use our contact page.

9. Security

We use industry-standard technical and organisational measures — including encrypted connections and access controls — to protect the data we hold. No system is completely secure, but we take reasonable steps to minimise risk.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

11. Contact

For any questions about this policy or your data, please get in touch via our contact page.