Policy

Privacy Policy

We take your privacy seriously. This page explains exactly what data we collect, why we collect it, and how you can control it — in plain English, not legal talk.

Last updated: 1 April 2026  ·  Jiffy (Uchu LMS Ltd)  ·  [email protected]
A plain-English summary
We collect only what we need to run the platform. We never sell your data. Your staff's training records belong to you. You can request deletion of your data at any time by emailing [email protected].
01

Who we are

Jiffy is a trading name of Uchu LMS Ltd, a company registered in England and Wales. Our registered address is Innovation Centre, Longbridge, Birmingham, B31 2TS.

We are the data controller for the personal data processed through the Jiffy platform. This means we determine the purposes and means of processing your personal data and are responsible for it being handled lawfully.

If you have any questions about this policy or how we handle your data, you can contact us at [email protected].

02

What we collect

We collect different types of information depending on how you use the platform.

Account holders (business owners and managers)
When you create an account we collect your name, email address, company name, and password. If you upgrade to a paid plan we also collect billing information, which is processed securely by our payment provider.
Staff members (learners)
When your employer adds you to the platform, we collect your name and email address. As you complete training, we record your course progress, completion dates, assessment scores, and certificates issued.
All visitors
When you visit our website we automatically collect standard technical data including your IP address, browser type, pages visited, and how you found us. This is collected via cookies and analytics tools.

We do not collect any special category data (such as health information, ethnicity, or religion) and we do not knowingly collect data from anyone under the age of 16.

03

How we use your data

We use the data we collect for the following purposes:

  • To create and manage your account and provide you with access to the platform
  • To deliver training courses and record completion, progress, and certificates
  • To send you service communications — such as account confirmations, certificate issuance, and renewal reminders
  • To process payments for Pro and Consulting subscriptions
  • To improve the platform based on how it is used
  • To respond to support requests and enquiries
  • To comply with our legal obligations

We will only send you marketing communications if you have explicitly opted in. You can unsubscribe at any time using the link in any email we send.

05

Who we share your data with

We do not sell your personal data to any third party. We share data only in the following circumstances:

  • Service providers — we use trusted third-party providers to operate the platform, including cloud hosting, email delivery, and payment processing. These providers act as data processors under our instruction and are contractually bound to handle your data securely
  • Your employer — if you are a staff member, your employer (the account holder) can see your course progress, completion status, and certificates. This is the core function of the platform
  • Industry sponsors and marketplace suppliers — sponsors and suppliers on our platform do not receive your personal data. They receive only aggregated, anonymised reporting about platform usage
  • Legal requirements — we may disclose data if required to do so by law, court order, or to protect the rights and safety of our users

All data is stored and processed within the UK and European Economic Area. If we ever need to transfer data internationally, we will ensure appropriate safeguards are in place.

06

How long we keep your data

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

  • Account data is retained for the lifetime of your account and deleted within 90 days of account closure
  • Training records and certificates are retained for 6 years from the date of completion, in line with standard UK record-keeping practice for compliance documentation
  • Website analytics data is retained for 26 months
  • Financial records are retained for 7 years as required by HMRC

You can request deletion of your account and associated data at any time. Where we are legally required to retain certain records, we will inform you of this.

07

Your rights

Under UK GDPR you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your data, subject to our legal retention obligations
  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances
  • Right to data portability — you can request your data in a structured, machine-readable format
  • Right to object — you can object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — we do not use automated decision-making or profiling that has a legal or similarly significant effect on you

To exercise any of these rights, please email [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

08

Cookies

We use cookies to make the platform work and to understand how it is used. Cookies are small text files stored on your device.

  • Essential cookies — required for the platform to function, including keeping you logged in. These cannot be disabled
  • Analytics cookies — used to understand how visitors use the site so we can improve it. We ask for your consent before setting these
  • Preference cookies — used to remember your settings and preferences. We ask for your consent before setting these

You can manage your cookie preferences at any time through your browser settings or by contacting us. Disabling non-essential cookies will not affect your ability to use the platform.

09

Security

We take the security of your data seriously. We use industry-standard measures to protect your personal data, including encrypted data storage, secure HTTPS connections, and access controls that limit who within our team can access personal data.

No system is completely immune to security risks. If you believe your account has been compromised, please contact us immediately at [email protected].

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

10

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify account holders by email and update the "last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

11

Contact us

If you have any questions about this privacy policy, how we handle your data, or want to exercise your rights, please get in touch:

  • Email: [email protected]
  • Post: Uchu LMS Ltd, Innovation Centre, Longbridge, Birmingham, B31 2TS

We aim to respond to all privacy enquiries within 5 working days and are required by law to respond within 30 days.

Questions about your data?

We're happy to help. Email us directly and we'll respond within 5 working days.

Email [email protected]