Privacy Policy

Last updated: May 11, 2026

1. Introduction

This Privacy Policy explains how WEB FARM LTD (“Courselly”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our online learning platform available at https://courselly.com (the “Platform”).

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and other applicable data protection laws.

Data Controller: WEB FARM LTD, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ, contact: [privacy@courselly.com]

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1. Information you provide directly:

• Account information: full name, email address, password (stored in hashed form), profile picture (optional)
• Billing information: billing name, billing address, country. Payment card details are processed directly by Stripe and are never stored on our servers
• Communications: messages you send to our support team, feedback, and survey responses.

2.2. Information collected automatically:

• Usage data: courses viewed, lessons completed, quiz results, time spent on lessons, learning progress
• Technical data: IP address, browser type and version, operating system, device type, referring URLs, timestamps
• Cookies and similar technologies (see Section 9 below)

2.3. Information from third parties:

• Payment confirmation data from Stripe (transaction ID, payment status, last 4 digits of card)

3. Legal Basis for Processing (Article 6 GDPR)

We process your personal data on the following legal bases:

• Performance of a contract (Art. 6(1)(b)): to provide the Platform, process your subscription, deliver courses, and respond to support requests
• Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and consumer protection laws
• Legitimate interests (Art. 6(1)(f)): to ensure Platform security, prevent fraud, improve our services, and conduct analytics. We balance these interests against your rights and freedoms
• Consent (Art. 6(1)(a)): for marketing communications, non-essential cookies, and any other processing where consent is required. You may withdraw consent at any time

4. How We Use Your Personal Data

We use your personal data to:

• Create and manage your account
• Process subscription payments and renewals via Stripe
• Provide access to courses, track your progress
• Send service-related communications (password resets, billing notifications)
• Send marketing emails about new courses and updates (only with your consent; you can unsubscribe at any time)
• Improve the Platform, analyse user behaviour, and develop new features
• Detect, prevent, and respond to fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service

5. Sharing Your Personal Data

We do not sell your personal data. We share it only with the following categories of recipients:

• Payment processor: Stripe Payments Europe, Ltd. (Ireland) processes your payment data. Stripe’s privacy policy: https://stripe.com/privacy
• Hosting and infrastructure providers: companies that host our servers and store data on our behalf, under written data processing agreements
• Email and communication providers: services we use to send transactional and marketing emails
• Analytics providers: services that help us understand Platform usage (anonymised or pseudonymised where possible)
• Legal authorities: where required by law, court order, or to protect our legal rights
• Successors in interest: in the event of a merger, acquisition, or sale of assets, with prior notice to you

All third-party processors act under written agreements that require them to protect your data in accordance with GDPR.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards under Articles 44–49 GDPR, including:

• Transfers to countries with an adequacy decision from the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional technical and organisational measures where required

You may request a copy of the relevant safeguards by contacting privacy@courselly.com.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

• Account data: for the duration of your subscription plus 12 months after account closure (to handle disputes and chargebacks)
• Billing and tax records: for 7 years after the transaction, as required by EU accounting laws
• Marketing data: until you withdraw consent or unsubscribe
• Support correspondence: 24 months after the last interaction
• Analytics data: in aggregated or pseudonymised form, up to 26 months

After these periods, data is securely deleted or anonymised.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15): obtain a copy of the personal data we hold about you
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure / “right to be forgotten” (Art. 17): request deletion of your data, subject to legal retention obligations
• Right to restriction of processing (Art. 18): limit how we process your data
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
• Right to lodge a complaint: with your local supervisory authority (a list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en)

To exercise any of these rights, email [privacy@courselly.com]. We will respond within one month, as required by Article 12(3) GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Platform, remember your preferences, and analyse usage. Cookies fall into the following categories:

• Strictly necessary cookies: required for authentication, security, and basic functionality. These cannot be disabled
• Functional cookies: remember your preferences (language, display settings)
• Analytics cookies: help us understand how users interact with the Platform
• Marketing cookies: used to deliver relevant advertising (only with your consent)

You can manage cookies through our cookie banner or your browser settings. Disabling certain cookies may affect Platform functionality.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, regular security audits, and staff training. However, no system is completely secure, and we cannot guarantee absolute security.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and, where required, inform affected users without undue delay.

11. Children’s Privacy

The Platform is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected such data without verifiable parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact [privacy@courselly.com].

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or through a prominent notice on the Platform at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent version.

13. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our processing of your personal data:

• Email: privacy@courselly.com
• Postal address: WEB FARM LTD, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
• Data Protection Officer: dpo@courselly.com