LexBridgeAcademy
Sign inEnrol
Legal

Privacy Notice

Last updated: 13 June 2026

This notice explains how LexBridge UK Limited ("LexBridge", "we", "us") collects, uses and protects your personal data when you use LexBridge Academy (the "Service"). We are the data controller for the personal data described in this notice for the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018.

1. Who we are

LexBridge UK Limited is a company incorporated in England & Wales. Contact: privacy@lexbridge.academy.

2. Personal data we collect

  • Account data — name, email, password (hashed), country of qualification, target sitting date.
  • Learning data — modules generated, lessons completed, practice answers, drafts you submit, study plans.
  • Communications — messages you send to our team or our in-app teaching assistant.
  • Technical data — IP address, browser, device, log and security data.
  • Payment data — handled by our regulated payment processor; we do not store full card numbers.

3. Lawful bases

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — to keep the Service secure, prevent fraud, and improve teaching quality.
  • Consent — for non-essential cookies and optional marketing communications.
  • Legal obligation — for tax, accounting and regulatory record-keeping.

4. How we use your data

  • Provide your account, modules, practice, skills marking and study plan.
  • Communicate with you about the programme and your progress.
  • Maintain security, prevent abuse and respond to incidents.
  • Improve the Service and our teaching materials in aggregate.

5. Sharing

We share personal data only with carefully chosen processors:

  • Cloud hosting and database providers in the UK / EU.
  • Payment processors.
  • Customer support and email delivery providers.
  • Where a firm sponsors your enrolment, your progress data with that firm under a written data-sharing agreement.

We never sell your personal data.

6. International transfers

Where data is transferred outside the UK, we rely on adequacy regulations or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, with appropriate safeguards.

7. Retention

We keep your account and learning records for as long as your account is active and for up to 6 years after closure to meet our legal, accounting and regulatory obligations, after which we delete or anonymise the data.

8. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your data.
  • Have inaccurate data corrected.
  • Have your data deleted in certain circumstances.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email privacy@lexbridge.academy.

9. Security

We use industry-standard technical and organisational measures, including encryption in transit, hashed passwords, row-level access controls and UK / EU data residency.

10. Changes

We will post any material changes to this notice here and notify you by email where appropriate.