Privacy Policy
This policy explains what personal data ExploreLX collects when you use our service, why we collect it, and what your rights are. It’s written to match UK GDPR and the Data Protection Act 2018. If anything is unclear, email us at privacy@explorelx.app.
1. Who we are
ExploreLX is the data controller for the personal data we process about you. We operate from the United Kingdom. For any privacy query, contact privacy@explorelx.app.
2. What we collect and why
Account data
What: your email address, password (hashed, never stored in plain text), and optional profile details you choose to add.
Why: to create and authenticate your account, and to email you about the service (for example, password resets, billing receipts, and account notifications).
Lawful basis: performance of our contract with you.
Usage data
What: which lessons you start and complete, your progress through programmes, quiz attempts, and similar product events.
Why: to save your progress, to operate the service, and in aggregated form to understand which content is working so we can improve it.
Lawful basis: performance of our contract with you (for your individual progress), and legitimate interests (for aggregated product analytics).
Technical data
What: IP address, browser type, device information, and diagnostic logs when something goes wrong.
Why: to keep the service secure, to investigate and fix errors, and to protect against abuse.
Lawful basis: legitimate interests in running a secure and reliable service.
Billing data
What: billing address, VAT identifiers, and a reference to the payment method you provide to our payment processor. We do not see or store your full card number — Stripe handles that directly.
Why: to collect payment for paid subscriptions and to comply with UK tax and accounting rules.
Lawful basis: performance of contract, and legal obligation for record keeping.
Waitlist / notify-me submissions
What: your name and email if you sign up on our “coming soon” page.
Why: to notify you when the service launches.
Lawful basis: consent (given by submitting the form). You can unsubscribe at any time.
3. Who we share data with
We use a small number of third-party providers as sub-processors. Each has been selected for its security and privacy posture.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and subscription management | US / EU |
| Brevo (Sendinblue) | Transactional email delivery | EU |
| Sentry | Error monitoring and performance diagnostics | US / EU |
| IONOS | Server hosting and database | UK / EU |
We don’t sell your personal data, and we don’t share it with advertisers or data brokers. We may share limited data with legal and professional advisers, or with authorities if required by law.
4. International transfers
Some of our providers (including Stripe and Sentry) may process data in the United States. Where personal data leaves the UK, we rely on UK International Data Transfer Agreements and each provider’s own adequacy mechanisms to keep it protected. You can ask us for details of the safeguards in place.
5. How long we keep your data
- Active accounts: as long as your account is open, plus up to 30 days after deletion in backups.
- Billing records: for at least 6 years after the end of the financial year, as required by UK tax law.
- Waitlist submissions: until you unsubscribe or until 24 months after launch, whichever is sooner.
- Error logs: typically 30–90 days.
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data (the “right to be forgotten”), subject to our legal obligations;
- Restrict processing in certain circumstances;
- Object to processing based on legitimate interests;
- Portability — receive your data in a portable format;
- Withdraw consent where we rely on consent (for example, waitlist emails).
To exercise any of these rights, email privacy@explorelx.app. We’ll respond within one month.
If you’re not satisfied with how we’ve handled your data, you have the right to complain to the UK Information Commissioner’s Office (ICO). We’d rather fix the problem first — please let us know.
7. Cookies and similar technologies
ExploreLX uses a small number of cookies:
- Session cookie — keeps you logged in. Strictly necessary.
- Theme preference — remembers whether you chose light or dark mode. Strictly necessary for the app UI.
- Admin preview cookie — used internally during pre-launch maintenance mode.
We don’t use third-party advertising cookies, and we don’t set non-essential cookies without your consent.
8. Security
We take reasonable steps to protect your data, including TLS encryption in transit, hashed passwords, access controls on our infrastructure, and regular backups. No service can guarantee absolute security, but we aim to detect and respond to incidents quickly and to notify affected users and the ICO where required.
9. Children
ExploreLX is not intended for anyone under 18 and we don’t knowingly collect data from children.
10. Changes to this policy
We may update this policy as the service evolves. If a change is material, we’ll email you or show a prominent notice in the app before it takes effect. The “last updated” date at the top always reflects the current version.
11. Contact
Questions, requests, or concerns? privacy@explorelx.app.