Privacy Policy

Effective Date: February 2026

ExpertlyDriven ("we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, mobile app, and any related services.

1. Who We Are

ExpertlyDriven is the data controller for the personal data processed through this platform.

Contact Email: hello@ExpertlyDriven.co.uk

2. What Information We Collect

• Personal details (name, email address, phone number, postal address)
• Lesson information, progress, availability, and notes
• Payment-related references (payments are processed by Stripe)
• Account preferences and notification settings
• Technical data (Device ID, device type and subscription information)

3. How We Collect Your Data

We collect personal data when you:

• Create or update an account
• Create or update a student
• Book, and manage lessons
• Agree to receive notifications

4. Legal Basis for Processing

• Contractual necessity: To provide lesson booking, scheduling, and account services.
• Legal obligation: For financial, tax, and accounting compliance.
• Legitimate interests: To maintain platform security, prevent misuse, and improve services.

5. How We Use Your Data

• To create and manage user accounts
• To schedule, track, and record lessons
• To process payments securely via Stripe
• To communicate important service information, and provide useful notifications

6. Sharing Your Information

Your data is shared only where necessary:

• Payment processing: Stripe (we do not store any card details).
• Hosting and infrastructure: Heroku and Amazon Web Services (AWS) within the UK/EU.
• Legal requirements: Where disclosure is required by law.

7. International Transfers

No data is transferred outside the UK/EU. Our hosting providers (Heroku and AWS) operate within the UK/EU, ensuring compliance with GDPR requirements for data protection and security.

8. Data Retention

• Inactive user accounts: anonymised after 24 months
• Inactive student records: anonymised after 24 months

9. Your Rights

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time

To exercise your rights, contact us on our support page

10. Cookies & Tracking

We use essential cookies for authentication, security, and session management. Optional analytics cookies may be used to improve the service. You can control cookies via your browser settings.

11. Data Security Measures

We take data security seriously and implement appropriate technical and organisational measures, including:

• Encryption of all data at rest via Heroku Postgres and AWS infrastructure
• Encryption of data in transit using HTTPS and TLS
• Role-based access controls and authentication
• Secure, access-controlled daily database backups
• Regular dependency updates and security monitoring
• Data minimisation and anonymisation where appropriate

12. Complaints

If you have concerns about how your data is handled, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk.

13. Updates to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, with the effective date shown above.