Privacy Policy

Expert Skills ("we", "our", "us") operates this website and the Expert Skills learning platform. We take your privacy seriously and only collect the data we need to run the service. This page describes what we collect, why, and your rights under the EU GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA).

1. Who we are

Expert Skills is a UK Register of Learning Providers (UKRLP) registered learning provider, UKPRN 10092631. For all privacy questions you can reach us at support@expertskills.org.

2. Data we collect

We collect only what we need to give you an account and deliver your courses.

Information you give us

• Account data — full name, email address, and password (hashed and salted, never stored or transmitted in plain text).
• Payment data — card details are handled by Stripe and never touch our servers. We store only the transaction ID, amount, and status that Stripe sends back.
• Contact form submissions — name, email, subject, and message, used only to reply to you.
• Shipping address (when applicable) — for fulfillment of any physical diploma certificates.

Information we collect automatically

• Authentication cookies — to keep you signed in after you authenticate.
• Course progress— which lessons you've completed and time spent, so we can resume you where you left off and issue diplomas based on completion.
• Learning activity and achievements — from your course progress (lessons completed, exams passed and their scores, courses completed, and diplomas earned) we calculate points (XP), levels, daily streaks, and achievement badges, stored against your account to track your progress and encourage completion.
• Server logs — IP address, user-agent, and request paths, retained for security and abuse-prevention purposes only.
• Product analytics — pseudonymous usage events (pages viewed, features used, course progress milestones) via PostHog, used to understand and improve the product. Analytics load only after you accept analytics cookies, and are routed through our own domain. We use them to improve the Service, not for cross-site advertising.

We do not use third-party advertising cookies, do not sell personal data, and do not track you across other websites for advertising.

3. How we use your data

• To create and manage your account.
• To deliver the courses you enroll in and issue your diploma on completion.
• To send transactional emails (sign-up confirmation, password resets, order receipts).
• To answer your support requests.
• To power your progress dashboard — points, levels, streaks, and achievements — and, only if you choose to take part, the student leaderboard (see section 12).
• To detect, prevent, and respond to fraud or abuse of the service.
• To comply with legal obligations (tax records, accreditation requirements).

Legal bases (EU / UK GDPR). Where GDPR applies, we process your data on these bases: performance of a contract (creating your account and delivering the courses and diplomas you buy); our legitimate interests (securing the Service, preventing fraud and abuse, and understanding usage to improve the product), balanced against your rights; your consent (analytics cookies, any marketing email, and showing your name on the student leaderboard — each of which you can withdraw at any time); and legal obligations (tax and accounting records). Withdrawing consent does not affect processing carried out before the withdrawal.

Marketing. Transactional messages about your account, orders, and courses are part of the Service and are not marketing. We send promotional email only where you have opted in, and every promotional message includes a one-click unsubscribe link.

4. Who we share data with

We use a small set of trusted processors to operate the platform. Each is contractually required to handle your data only on our instructions and to apply appropriate security measures.

• Supabase — managed Postgres database and authentication service. Hosts your account record, course progress, and entitlements.
• Stripe— payment processing. Card details are sent directly to Stripe from your browser; we never receive them. Stripe's own privacy policy applies to your card data.
• Resend and Brevo — transactional and support email delivery (sign-up confirmation, password resets, order receipts, replies to your messages).
• Google— "Sign in with Google" (optional; if you use it, Google authenticates you and shares your name and email), and Google Drive for hosting downloadable course files.
• PostHog — product analytics (pseudonymous usage events), loaded only after you accept analytics cookies and routed through our own domain.
• hCaptcha — bot/abuse protection on the legacy access-claim form; processes your IP and interaction signals to tell humans from bots.
• EasyPost — shipping rate calculation and label generation for any physical diploma certificates.
• Vercel — hosting and request routing.
• Sentry — error tracking. May briefly receive parts of a request context when an unhandled error occurs.

We do not sell or rent your personal data to anyone. We may disclose data if required by law, valid legal process, or to protect the rights, property, or safety of Expert Skills or its users.

5. Cookies and similar technologies

We use cookies for the minimum set of purposes needed to operate the site:

• Session cookies set by Supabase Auth to keep you signed in.
• Preference cookies such as the cookie-consent flag itself.
• Analytics cookies / local storage set by PostHog, used only if you accept analytics in the cookie banner. Decline and no analytics are loaded.

We do not use advertising cookies or tracking pixels, and we do not profile you across other websites. Most browsers let you block or delete cookies in their settings; doing so will sign you out and may break parts of the site that require an authenticated session.

6. Data retention

We keep account data and course-progress records for as long as your account is active. Order and tax records are kept for seven years where required by US and UK tax authorities. On request we will delete your personal data (see "Your rights" below), subject to any legal retention obligations that override the request.

7. Your rights — GDPR (EU / UK)

If you are in the EU or UK, you have the following rights over your personal data:

• Access — get a copy of the data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure— ask us to delete your data (the "right to be forgotten").
• Restriction — limit how we use your data while you challenge it.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to particular uses of your data.
• Complaint — lodge a complaint with your local data protection authority (in the UK, the ICO at ico.org.uk).

To exercise any of these rights, email support@expertskills.org from the address on your account. We respond within 30 days as required by law.

8. Your rights — CCPA (California)

If you are a California resident, the California Consumer Privacy Act gives you the right to:

• Know what categories of personal information we collect about you.
• Request a copy of the specific pieces of personal information we hold.
• Request deletion of your personal information.
• Opt out of the "sale" of personal information — note that we do not sell personal data.
• Not be discriminated against for exercising any of these rights.

To submit a request, email support@expertskills.org. We verify identity using the email address on file before processing the request.

9. International transfers

Expert Skills operates internationally. Your data may be processed in countries other than the one you live in, including the United States and United Kingdom. We rely on standard contractual clauses and provider-side safeguards (e.g. EU-US Data Privacy Framework where applicable) to ensure your data is protected to a comparable standard wherever it is processed.

10. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, encryption at rest in our database, hashed and salted passwords, and Row Level Security policies that constrain what each authenticated request can read. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify you and the relevant authorities as required by law.

11. Children

Expert Skills is intended for adult learners. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us with personal information, please contact us and we will delete it.

12. Gamification and the student leaderboard

Your dashboard shows your own points, levels, streaks, and achievement badges, calculated from your course activity. We also offer an optional student leaderboard that ranks learners by diplomas earned, courses completed, and level.

• You are anonymous by default.On the leaderboard you appear under a randomly generated, non-identifying alias (for example "Swift Falcon"). Your real name and email are never shown to other learners unless you choose to opt in.
• Showing your name is opt-in and consent-based.If you choose "Show my name", we ask for your explicit consent first and record the date you gave it. We then display only a limited form of your name — your first name and last initial(for example "Ryan J.") — alongside your level and your diploma and course counts. We never publish your email, full name, password, or contact details on the leaderboard.
• You can withdraw at any time.Turning off "Show my name" on your dashboard immediately returns you to the anonymous alias. Withdrawing consent does not affect any display that took place before you withdrew it.
• Legal basis. Showing your name on the leaderboard relies on your consent (UK / EU GDPR). The underlying points, levels, and achievements form part of the learning experience we provide under our contract with you and are visible only to you.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be announced via an email to your account address.

14. Contact us

Questions about this policy or about how your data is handled? Email support@expertskills.org or write to us via our contact page.