Privacy Policy

This policy explains how MICB TECH LIMITED (trading as Learn Xtra or LearnXtra) collects, uses, shares, and protects personal data.

Last updated: February 25, 2026

Learnify

1. Who we are

This Privacy Policy explains how MICB TECH LIMITED (referred to as “MICB”, "MICBTECH", “we”, “us”, or “our”) collects, uses, shares, and protects personal data when you use the Learnxtra website, App and services (the “Service”) including access via a mobile app wrapper (Capacitor WebView) that displays the live Learnxtra site. Learnxtra is a product/service name operated by MICB TECH LIMITED.

Controller: MICB TECH LIMITED (trading as LearnXtra) · Contact:support@learnxtra.co.uk ·

If you use LearnXtra through an organization/group, the organization may also act as a controller for certain processing (e.g., managing group members). We generally act as controller for operating the platform, and as processor where we provide the service under an organization’s instructions (depending on your contracts).

2. Scope

This Privacy Policy applies to:

  • Visitors browsing public pages (home/help/reviews/terms/how-to guide).
  • Registered users (learners/students, instructors/staff, organization/group members/admins).
  • Purchasers and payers (individual or organization/group checkout).
  • People who contact us via forms or email.

It does not apply to third-party websites or services you may access via links (e.g., Stripe checkout pages), which have their own privacy policies.

3. Information we collect

A) Information you provide
  • Account details (e.g., email, password hash, profile info you choose to add).
  • Organization/group details and membership information where relevant.
  • Learning activity (enrollments, progress, completed contents, quiz attempts/results).
  • Reviews and submissions you choose to publish.
  • Support/contact messages (name, email, message content).
B) Information collected automatically
  • Device/log data (IP address or hash, user agent, timestamps, pages viewed).
  • Cookie consent preferences (accept/reject, non-essential allowed, optional interest preference).
  • Security signals for fraud/abuse prevention.
C) Payment information

Payments are processed by Stripe. LearnXtra typically receives transaction metadata (e.g., identifiers, status, totals) and does not store full card details.

4. How we use your information (purposes)

We use personal data to:

  • Provide the Service
    • create and manage accounts, authenticate users, maintain profiles and settings
    • enroll users, provide course access, display content, track progress and quiz outcomes
  • Enable organization/group access
    • manage group memberships and provide access to group-purchased courses
  • Process payments and manage orders
    • provide checkout, maintain order history, handle refunds/cancellations where applicable, reconcile payments via Stripe webhooks
  • Communicate with you
    • send account-related and service messages (e.g., password resets, confirmations)
    • respond to support inquiries and contact messages
  • Maintain safety, security, and integrity
    • prevent fraud, abuse, and unauthorized access
    • log and audit actions as needed for security and debugging
  • Improve and operate the platform
    • measure usage, troubleshoot issues, and improve features and usability
  • Comply with legal obligations
    • taxation/accounting requirements (where applicable), legal claims, regulatory compliance

5. Legal bases (UK GDPR / GDPR)

Where UK GDPR/GDPR applies, we rely on:

  • Contract: to provide the Service you request (account, learning delivery, group access, purchases).
  • Legitimate interests: to secure and improve the Service, prevent abuse/fraud, and administer the platform (balanced against your rights).
  • Consent: for non-essential cookies/optional preferences and similar optional features (where required).
  • Legal obligation: where we must retain or disclose data to meet legal requirements.

You may withdraw consent at any time (for example, by changing cookie preferences), without affecting the lawfulness of processing before withdrawal.

6. Cookies and similar technologies

LearnXtra uses cookies and similar technologies:

  • Essential cookies are required for core site functionality (e.g., session/login security). These may be used even if you reject non-essential cookies.
  • Non-essential cookies (if enabled) may support analytics, personalization, or improvements depending on your configuration.

You have a cookie consent mechanism that records:

  • accepted/rejected consent
  • whether non-essential cookies are allowed
  • optional “interest” preference
  • region, user agent, and an IP hash (where implemented)
  • timestamps

You can change your cookie preferences at any time via the cookie settings/consent interface (or account settings if you integrate it there).

7. Sharing and disclosures

We share personal data only as needed to run Learn Xtra, including:

A) Service providers (processors)
  • Hosting and infrastructure: e.g., DigitalOcean servers (compute/storage/network), reverse proxy and app server stack (Nginx/Gunicorn).
  • Payments: Stripe for payment processing and webhook events (order completion/enrollment activation).
  • Email delivery: Brevo (SMTP) for sending platform emails (password reset, notifications, support replies).
  • Spam and abuse prevention: Google reCAPTCHA for form abuse protection (e.g., contact form).
  • Push notifications: Firebase Cloud Messaging and Firebase Admin SDK credentials used server-side for sending push notifications.

These providers may process data on our behalf under contractual terms.

B) Organizations/groups (where applicable)

If you join an organization/group within LearnXtra, organization admins may be able to view limited information about members and group access (e.g., membership list and eligibility for group courses), consistent with their admin tools and the purpose of managing group access.

C) Legal and safety

We may disclose information if required to:

  • comply with legal obligations, lawful requests, or court orders
  • enforce our terms, protect rights/safety, investigate fraud or security issues
D) Business transfers

If MICB is involved in a merger, acquisition, reorganization, or asset sale, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

8. International transfers

Your data may be processed in countries outside the UK/EEA depending on service provider locations. Where required, we use appropriate safeguards (such as adequacy decisions or Standard Contractual Clauses) to protect your data.

9. Data retention

We keep personal data only as long as necessary:

  • Account data: while your account is active; and for a limited period after deletion to handle disputes, security, backups, and compliance.
  • Learning records (progress/quizzes): while your account remains active and as needed to provide your learning history; may be removed/anonymized on deletion where feasible and lawful.
  • Orders and payment records: retained for accounting, audit, and legal compliance periods.
  • Contact messages: retained long enough to respond and maintain support history, then deleted or archived per internal retention needs.
  • Cookie consent records: retained to demonstrate compliance and honor your preferences, for a reasonable period.

Exact retention periods may vary based on legal requirements and operational needs.

10. Security

We use reasonable administrative, technical, and organizational measures to protect personal data, including:

  • secure authentication and password hashing
  • access controls and least-privilege permissions
  • HTTPS (where configured) and secure session handling
  • monitoring and logging to detect suspicious activity
  • secure handling of credentials (e.g., Firebase service account file permissions in production)

No method of transmission or storage is 100% secure, but we work to protect your data.

11. Your rights (UK GDPR / GDPR)

Depending on your location, you may have rights including:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion (in certain circumstances)
  • Restriction or objection to processing (especially legitimate interests)
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

To exercise rights, contact us at: support@learnxtra.co.uk.

You may also complain to your regulator:

  • UK: Information Commissioner’s Office (ICO)

We may need to verify your identity before fulfilling certain requests.

12. Children’s privacy

LearnXtra is intended for general learners and organizations. If used by children, the responsible parent/guardian or organization/school should provide appropriate consent where required. We do not knowingly collect personal data from children in a way that violates applicable laws. If you believe a child has provided personal data without appropriate consent, contact us to request deletion.

13. Third-party services

LearnXtra may integrate third-party services, these providers (e.g., Stripe, Google reCAPTCHA, Firebase) may process data under their own privacy policies. We encourage you to review their policies.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post updates on this page and update the “Last updated” date. If changes are material, we may provide additional notice (e.g., email or in-app notice).

15. Contact us

Email: support@learxtra.co.uk


Go Back