1 — Who we are
Potter Academy is operated by Thomas Potter. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Platform. We are the data controller for the purposes of UK GDPR.
2 — What data we collect
- Account & identity: Email address (required), name (optional), profile picture (when using optional social sign-in), and a unique user ID.
- Learning & progress: Lessons and courses accessed, completion status, timestamps, and resume position.
- Purchase & billing: Courses or memberships purchased, purchase status, payment processor reference, customer email at checkout, and purchase date. We do not store card details — these are handled by a third-party payment provider.
- Technical & log data: IP address, browser type and version, request timestamps, and session cookies.
3 — How we use your data
| Purpose | Legal basis |
|---|---|
| Authenticating you and maintaining your session | Contractual necessity |
| Delivering course content and tracking progress | Contractual necessity |
| Processing payments and granting access | Contractual necessity |
| Sending transactional emails (magic links, receipts) | Contractual necessity |
| Preventing fraud and duplicate purchases | Legitimate interest |
| Maintaining platform security | Legitimate interest |
We do not use your data for targeted advertising or profiling.
4 — How we share your data
We do not sell, rent, or trade your personal data.
5 — Cookies
We use strictly necessary session cookies to maintain your login state. These cannot be disabled as they are essential for the Platform to function. We do not use tracking or analytics cookies.
6 — Data retention
- Account & progress data: Retained while your account is active. Deleted upon account deletion.
- Purchase records: Minimal records (course name, date, amount, payment ID, purchase email) may be retained after account deletion for legal and tax compliance, dissociated from personal identity where possible.
- Guest purchases: Retained for up to 2 years so we can link them to your account if you later register with the same email.
7 — Your rights
Under UK GDPR, you have the right to access, correct, delete, export, or object to processing of your personal data. To exercise any of these rights, email contact@thomaspotter.uk. We will respond within 30 days.
8 — Data security
Data is stored in a secure backend environment. Authentication uses encrypted session tokens. Payments are processed by a PCI-DSS compliant payment provider. We never store payment card numbers.
9 — International transfers
Our infrastructure providers may process data in the United States or other jurisdictions. Such transfers are conducted in accordance with appropriate safeguards under UK GDPR, including standard contractual clauses.
10 — Children's privacy
The Platform is not directed at children under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.
11 — Embedded content
Some lessons may contain embedded video content. These providers may collect viewing data and set their own cookies. We recommend reviewing their respective privacy policies.
12 — Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform before taking effect.
13 — Contact & complaints
Questions or complaints about our data practices? Email contact@thomaspotter.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.