Privacy Policy

This Privacy Policy explains how Elmy Learning Solutions (“Elmy,” “we,” “our,” or “us”) collects, uses, stores, shares, and protects personal data when you access or use our website, platform, applications, and related services.

We understand the importance of privacy in educational technology environments and are committed to handling personal data responsibly and transparently.

1. Scope

This Privacy Policy applies to personal data processed through:

• Elmy’s public website;
• Elmy’s learning management and assessment platforms;
• institution-branded or white-labeled Elmy environments; and
• communications, onboarding, support, and training services.

This Privacy Policy does not apply to third-party websites, applications, or services that are not controlled by Elmy, even if linked through our Services.

2. Roles in Data Processing

Depending on the context, Elmy may act as:

• a data controller, where we determine the purposes and means of processing, such as for our website, marketing communications, business inquiries, and some account administration activities; or
• a data processor / service provider, where we process personal data on behalf of a school, university, ministry, organization, or other institutional customer using the Elmy platform.

Where an institution provides accounts to students, teachers, staff, or parents, that institution typically controls the educational data within its deployment of the platform.

3. Information We Collect

We may collect the following categories of personal data.

A. Information You Provide Directly

This may include:

• full name;
• email address;
• phone number;
• institution or organization name;
• job title or role;
• account username and login credentials;
• profile details;
• support requests, messages, and correspondence;
• forms, surveys, demo requests, registrations, and event submissions; and
• payment or billing contact details where relevant.

B. Educational and Platform Data

Where the platform is used by institutions, we may process:

• student, parent, teacher, or administrator account details;
• class, course, and enrollment information;
• submissions, assignments, assessments, grades, and exam results;
• attendance or participation records;
• question banks and exam activity;
• logs of user actions and system interactions;
• analytics and performance data; and
• communications and notifications generated through the platform.

C. Technical and Device Data

We may automatically collect:

• IP address;
• browser type and version;
• device identifiers;
• operating system;
• access times and dates;
• pages viewed and features used;
• app diagnostics, crash logs, and performance metrics; and
• referral URLs and session information.

D. Cookies and Similar Technologies

We may use cookies, pixels, local storage, and similar technologies to:

• keep users signed in;
• remember settings and preferences;
• improve security;
• measure traffic and usage;
• analyze performance; and
• enhance user experience.

4. How We Use Personal Data

We may use personal data to:

• provide, operate, administer, and support the Services;
• create and manage user accounts;
• deliver educational content and platform features;
• manage digital assessments and exam environments;
• provide analytics, dashboards, and reporting;
• respond to inquiries, support tickets, and requests;
• communicate service announcements, security notices, and administrative messages;
• personalize user experience where appropriate;
• improve and develop the Services;
• maintain security and detect fraud, misuse, or unauthorized access;
• comply with legal, regulatory, and contractual obligations; and
• send marketing communications where permitted by law and subject to opt-out rights.

5. Legal Bases for Processing

Where applicable law requires a legal basis for processing, Elmy may process personal data based on:

• performance of a contract;
• compliance with legal obligations;
• legitimate interests, such as service improvement, fraud prevention, platform security, and business operations;
• consent, where required; or
• protection of vital interests or public interest, where applicable.

6. Institutional Accounts and Student Data

Where the Services are provided through an educational institution:

• the institution is generally responsible for deciding what user data is collected through its environment;
• Elmy processes such data to provide the contracted platform and related services; and
• requests relating to grades, educational records, class data, or institution-managed accounts may need to be directed first to the relevant institution.

Elmy processes student and educational data only for legitimate educational, operational, security, and support purposes consistent with the institution’s instructions and applicable law.

7. Children’s Privacy

Elmy may process data relating to children or minors where the Services are deployed by schools or educational institutions.

In such cases:

• the relevant institution is responsible for authorizing student participation and providing notices or obtaining permissions where required;
• Elmy processes such information in support of educational service delivery and platform administration; and
• Elmy does not knowingly collect children’s personal data from the public website in a manner requiring direct parental consent unless legally permitted or properly obtained.

8. Sharing of Personal Data

Elmy does not sell personal data.

We may share personal data with:

• the relevant Customer or institution administering the account;
• authorized administrators, teachers, and staff within the Customer’s environment;
• cloud hosting, infrastructure, storage, analytics, communication, authentication, payment, and support providers acting on our behalf;
• professional advisers, auditors, insurers, and legal counsel where necessary;
• authorities, regulators, courts, or law enforcement where required by law or where necessary to protect rights, safety, or the integrity of the Services; and
• a buyer, investor, successor, or affiliate in connection with a merger, acquisition, financing, restructuring, or sale of assets.

Any sharing is limited to what is reasonably necessary for the relevant purpose.

9. International Transfers

Your personal data may be transferred to and processed in countries other than the country in which it was collected, including where our service providers, affiliates, infrastructure providers, or support teams operate.

Where required, Elmy will implement appropriate safeguards for cross-border transfers.

10. Data Retention

Elmy retains personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide the Services;
• maintain account history and records;
• meet contractual commitments;
• resolve disputes;
• enforce agreements; and
• comply with legal, tax, audit, regulatory, and security obligations.

Retention periods may vary depending on the type of data, customer arrangement, legal requirements, and whether the account is institution-managed.

11. Security Measures

Elmy maintains commercially reasonable administrative, technical, and organizational safeguards designed to protect personal data, including measures such as:

• access controls;
• role-based permissions;
• encryption in transit where applicable;
• secure authentication controls;
• logging and monitoring;
• backup and recovery procedures; and
• internal confidentiality obligations.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Data Breach Response

If Elmy becomes aware of a personal data breach affecting the Services, we will take appropriate steps to investigate, contain, remediate, and, where required by applicable law or contract, notify affected customers, institutions, regulators, or users.

13. Your Rights

Depending on applicable law and the context of processing, you may have rights to:

• access personal data;
• correct inaccurate or incomplete data;
• request deletion;
• object to certain processing;
• request restriction of processing;
• request portability of certain data;
• withdraw consent where processing is based on consent; and
• opt out of marketing communications.

Where your account is managed by a school, university, ministry, or employer, some requests may need to be directed to that institution first.

14. Cookies

Elmy uses cookies and similar technologies for operational, security, analytics, and user-experience purposes.

You may control cookies through browser settings. Disabling cookies may affect the availability or functionality of some parts of the Services.

A separate Cookie Policy or Cookie Notice may also apply where required.

15. Marketing Communications

If you subscribe to newsletters, request a demo, download materials, or otherwise opt in, Elmy may send you updates, product news, event invitations, and related marketing communications.

You may unsubscribe at any time using the unsubscribe link or by contacting us. Even if you opt out of marketing, Elmy may still send essential service or administrative communications.

16. Third-Party Links and Services

The Services may contain links to third-party websites or services. Elmy is not responsible for the privacy, security, or content practices of those third parties. Users are encouraged to review their privacy notices separately.

17. Changes to this Privacy Policy

Elmy may update this Privacy Policy from time to time to reflect legal, technical, operational, or business changes.

When changes are made, the “Last Updated” date will be revised and, where appropriate, additional notice may be provided through the Services or by other means.

Continued use of the Services after the effective date of the updated Privacy Policy constitutes acknowledgment of the revised Policy.

18. Contact Us

For privacy-related questions, requests, or concerns, please contact:

Elmy Learning Solutions
Email: contact@elmysolutions.org