Legal

Privacy Policy

Last updated: 1 January 2025  ·  Effective date: 1 January 2025

In plain English: We collect only the information we need to run your course account and send you relevant communications. We do not sell your data. We do not share it with third parties except where necessary to provide the service. You have full rights over your data and can request its deletion at any time.

1. Who We Are

AI101.uk is operated by AI101 UK Ltd, a company registered in England and Wales. Our registered address and company number are available on request. For all privacy-related matters, you can contact us at [email protected].

We are the data controller for the personal information we collect about you in connection with your use of AI101.uk and our courses.

2. What Data We Collect

Information you provide directly

  • Your name and email address when you create an account or enrol on a course
  • Payment information processed securely by PayPal — we do not store your card details
  • Any communications you send to us via email or our contact form
  • Course exercise submissions and community forum posts if you choose to share them

Information collected automatically

  • Browser type, device type, and operating system
  • Pages visited, time spent on pages, and navigation patterns
  • IP address and approximate geographic location
  • Course progress data including lessons completed and exercises submitted
  • Cookies and similar tracking technologies (see Section 8)

Information from third parties

  • Transaction confirmation data from PayPal following a successful purchase
  • Basic profile information if you choose to sign in via a third-party provider

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the service — creating and managing your account, giving you access to the courses you have purchased, and tracking your progress
  • Communications — sending you your login details, course updates, receipts, and important account information
  • Marketing — sending you information about new courses, updates, and offers, where you have given us permission to do so
  • Improving our service — analysing how learners use our platform to make the courses and website better
  • Legal compliance — meeting our obligations under UK and EU law, including GDPR, and responding to lawful requests from authorities
  • Fraud prevention — detecting and preventing fraudulent transactions and abuse of our platform

4. Our Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

  • Contract — processing necessary to fulfil the course purchase agreement with you
  • Legitimate interests — improving our service, preventing fraud, and communicating with existing customers about relevant updates
  • Consent — sending marketing emails to new contacts and setting non-essential cookies
  • Legal obligation — retaining financial records as required by UK law

5. Who We Share Your Data With

We do not sell your personal data. We share it only with the following categories of third parties, and only to the extent necessary:

  • PayPal — to process your payment. PayPal's privacy policy governs how they handle your payment data
  • Supabase — our database and authentication provider, which stores your account and course progress data securely
  • Brevo — our email service provider, which sends transactional and marketing emails on our behalf
  • Netlify — our hosting provider, which processes your requests when you use the website
  • Analytics providers — such as Google Analytics, to help us understand how the site is used (in anonymised or aggregated form where possible)
  • Legal and regulatory authorities — where required by law or to protect our legal rights

All third-party providers we use are required to handle your data securely and in compliance with applicable data protection law.

6. Data Retention

We retain your personal data for as long as is necessary for the purposes set out in this policy:

  • Account and course data is retained for the duration of your account and for up to 3 years after your last activity
  • Financial transaction records are retained for 7 years in compliance with HMRC requirements
  • Marketing consent records are retained for as long as you remain subscribed, plus 1 year
  • Support communications are retained for 2 years

You may request deletion of your account and personal data at any time by emailing [email protected]. Note that we may need to retain certain records for legal compliance purposes even after account deletion.

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to ask us to correct inaccurate or incomplete data
  • Right to erasure — to ask us to delete your personal data in certain circumstances
  • Right to restrict processing — to ask us to limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — we do not make significant decisions about you using automated processing alone

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. If you are unhappy with how we handle your request, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies on AI101.uk. You can manage your cookie preferences through the banner displayed on your first visit, or at any time by clearing your browser cookies and revisiting the site.

  • Essential cookies — required for the site to function, including your login session. These cannot be disabled.
  • Analytics cookies — help us understand how visitors use the site so we can improve it. These are only set with your consent.
  • Marketing cookies — used to show you relevant content and measure marketing effectiveness. These are only set with your consent.

For full details, please see our Cookie Policy.

9. International Transfers

Some of our third-party providers may process your data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses — to protect your data in accordance with UK GDPR requirements.

10. Children's Privacy

Our courses are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify registered users of any material changes by email. The "