Privacy Policy

Last updated: December 2025

1. Introduction

This Privacy Policy explains how ByteSize Progress ('we', 'our', or 'us') collects, uses, and protects personal data in connection with our digital learning platform and services provided to public sector organisations. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR).

2. Data Controller

ByteSize Progress is the data controller for the processing of personal data described in this policy.

Contact: hello@bytesizeprogress.co.uk

3. What Data We Collect

• Basic engagement data: lesson views, practice completions, feedback ratings
• No personally identifiable information (PII) is collected unless explicitly agreed as part of a council-led pilot
• If users log in via organisation credentials, minimal login metadata may be processed for access control

4. How We Use the Data

We use engagement data to:

• Monitor lesson effectiveness and completion rates
• Generate anonymised reports for council stakeholders
• Improve lesson content and accessibility

5. Lawful Basis for Processing

Our lawful basis for processing is 'legitimate interest' (UK GDPR Article 6(1)(f)) for evaluating and improving digital learning programmes. If PII is processed under a pilot agreement, we rely on 'performance of a contract' (Article 6(1)(b)).

6. Data Sharing

We do not share your personal data with third parties unless required by law or contractually authorised by the commissioning council. Aggregated, anonymised data may be shared in pilot impact reports.

7. Data Retention

Engagement data is retained for the duration of the pilot plus up to 6 months for analysis and reporting, unless otherwise agreed. All retained data is minimised and securely stored.

8. Data Security

We implement appropriate technical and organisational measures to protect data from unauthorised access, alteration, or disclosure. All data is stored securely within the UK or EEA.

9. Your Rights

Under the UK GDPR, you have rights including:

• Right to access your data
• Right to rectification or erasure
• Right to restrict or object to processing
• Right to data portability

Requests should be submitted to: hello@bytesizeprogress.co.uk

10. Updates to This Policy

We may update this Privacy Policy as our services evolve. A notice will be posted on our website for material changes.