Privacy Policy
Last updated: 1 July 2026
This Privacy Policy explains how PWLBtoday (“PWLBtoday”, “we”, “us”), based in England, collects, uses, and protects your personal data when you use pwlbtoday.org and the LA Academy platform. Contact: info@pwlbtoday.org.
We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. PWLBtoday is currently in a pre-commercial launch phase. No paid subscriptions are available at this time. ICO registration will be completed before any paid subscriptions are accepted.
1. What Data We Collect
We collect the following categories of personal data:
- Account data: your name and email address, provided when you register or sign in via Logto (our authentication provider).
- Organisation data: your employer name (where you subscribe as part of an organisation), and whether you hold an admin or member role.
- Billing data: your subscription tier and payment status. We do not store card details — these are held securely by Stripe.
- Usage data: which courses you have accessed, your progress through course modules, and quiz or assessment results.
- Technical data: IP address, browser type, and device information, collected automatically when you use the Service.
- Communications: any messages you send us via contact forms or email.
2. Lawful Basis for Processing
We process your personal data on the following lawful bases:
- Contract (Article 6(1)(b) UK GDPR) — to provide the Service you have subscribed to, manage your account, and process billing.
- Legitimate interests (Article 6(1)(f)) — to maintain and improve the Service, detect fraud, and communicate service updates. We have assessed that these interests do not override your rights.
- Legal obligation (Article 6(1)(c)) — where processing is necessary to comply with our legal duties (e.g. tax records).
3. How We Use Your Data
- To create and manage your account and authenticate your identity;
- To provide access to training content appropriate to your subscription tier;
- To track and display your course progress;
- To process subscription payments and manage renewals;
- To allow organisation admins to view the progress and membership of their staff (org subscribers only);
- To send transactional emails (account confirmation, subscription renewal reminders, invite emails);
- To respond to support queries;
- To improve the Service based on usage patterns.
4. Third-Party Processors
We share data with the following third-party processors, each bound by data processing agreements:
- Logto — authentication and identity management. Holds your email address and account credentials. Privacy policy.
- Stripe — payment processing and subscription management. Holds your billing details and payment history. Privacy policy.
- Hosting provider — our platform is hosted on servers in the UK/EEA. Your data is stored and processed within these regions.
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
5. Organisation Admins
If your account is linked to an organisation subscription, your organisation's admin can view your name, email, role, and course progress within their organisation's dashboard. This is necessary to deliver the group training service. If you have questions about how your employer uses this data, contact your organisation's admin or data protection officer.
6. Cookies
We use a session cookie to keep you logged in to the Service. This cookie is essential for the platform to function and does not track you across other websites. We may also use analytics cookies (e.g. Google Analytics) to understand how the site is used in aggregate. You can disable non-essential cookies in your browser settings.
7. Data Retention
- Account data — retained for the duration of your account plus 12 months after deletion, unless a longer period is required by law.
- Course progress — retained for as long as your account is active.
- Billing records — retained for 7 years as required by HMRC.
- Communications — retained for up to 3 years.
8. Your Rights
Under UK GDPR you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (subject to legal retention obligations).
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, email hello@pwlbtoday.org. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We use appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and secure credential storage. No method of transmission over the internet is completely secure; we cannot guarantee absolute security but we take our obligations seriously.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice on the Service. The “Last updated” date at the top of this page shows when it was most recently revised.
11. Contact
For any privacy queries, contact us at hello@pwlbtoday.org or write to us at our registered address.