⚠ TEST ENVIRONMENT — not in production · data may be reset without notice

Legal

Privacy Policy

Last updated: 29 April 2026

1. Who we are

CPD Approved Training is operated by Safe-Haus Ltd ("we", "us", "our"). We are the data controller for personal data processed through this platform.

Contact us at: privacy@safe-haus.co.uk

2. What data we collect

We collect and process the following categories of personal data:

  • Account data: name, email address, phone number, job title.
  • Organisation data: company name, industry, size, contact details.
  • Training data: course enrolments, module progress, quiz attempts, scores, and certificates issued.
  • Technical data: IP address, browser type, device type, and session data collected automatically when you use the platform.
  • Payment data: billing name and address. Payment card details are processed by Stripe and are not stored by us.

3. How we use your data

We use your personal data to:

  • Provide and manage your access to the training platform.
  • Issue and store CPD certificates.
  • Send expiry reminders for certificates nearing their renewal date.
  • Process payments and manage subscriptions.
  • Respond to support requests.
  • Comply with legal obligations.

4. Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

  • Contract: to provide the service you or your employer has purchased.
  • Legitimate interests: to improve our platform and send relevant communications about your training.
  • Legal obligation: to maintain records as required by applicable law.

5. Data retention

We retain your personal data for as long as your account is active plus 7 years thereafter, or as required by law. Certificate records are retained for the duration of the certificate's validity period plus 7 years.

You may request deletion of your account at any time by contacting us. We will delete your data within 30 days, except where retention is required by law.

6. Sharing your data

We do not sell your personal data. We share it with:

  • Supabase: database and authentication (EU/EEA hosting).
  • Stripe: payment processing.
  • Amazon Web Services: certificate PDF storage (EU West — London).
  • CPD Certification Service: to verify CPD accreditation of certificates.
  • Your employer / the organisation that enrolled you (training records and certificates).

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data (Subject Access Request).
  • Rectify inaccurate data.
  • Request erasure ("right to be forgotten") in certain circumstances.
  • Restrict or object to processing.
  • Receive a portable copy of your data.

To exercise any of these rights, contact privacy@safe-haus.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use essential cookies for authentication and session management. No third-party tracking or advertising cookies are used.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email. The "last updated" date at the top of this page will always reflect the current version.