Legal
Privacy Policy
This Privacy Policy explains how LearningWay.ai collects, uses, discloses, and protects personal information when you visit our website, create an account, or use our education and training platform.
Last updated: July 13, 2026
1. Introduction
LearningWay.ai ("LearningWay," "we," "us," or "our") operates an AI-native education and training platform that enables educators, institutions, and organisations to build courses, deliver learning programs, manage learners, and measure outcomes. We are committed to protecting the privacy of everyone who interacts with our services, including administrators, educators, learners, and website visitors.
This Privacy Policy applies to personal information processed through our website at learningway.ai, our web application, APIs, integrations, and related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.
Where an institution or organisation provisions accounts for its users, that organisation may act as an independent controller of certain learner and employee data. In those cases, the organisation's own privacy policy may also apply, and we process data on the organisation's instructions as a service provider or processor where applicable.
2. Who Is Responsible for Your Information
For the purposes of applicable data protection laws, LearningWay.ai is the entity responsible for the personal information described in this Privacy Policy, unless we inform you otherwise in a separate agreement or notice.
You may contact us regarding privacy matters using the details in Section 20 below.
3. Information We Collect
We collect personal information in several ways depending on how you use the Services. The categories of information we may collect include:
3.1 Information you provide directly
- Account and profile information: name, email address, password or authentication credentials, job title, organisation name, profile photo, time zone, language preferences, and other details you choose to provide when registering or updating your account.
- Organisation and billing information: institution or company name, billing contact details, subscription plan, payment-related identifiers, tax information, and purchase history. Payment card details are processed by our payment providers and are not stored by us in full.
- Educational and training content: courses, modules, lessons, assessments, documents, videos, files, metadata, and other materials you upload or create within the platform.
- Learner and enrolment data: learner names, email addresses, enrolment status, course assignments, progress records, assessment results, completion certificates, and related academic or training records.
- Communications: messages you send through contact forms, support requests, surveys, feedback, and correspondence with our team.
- User-generated content: comments, forum posts, chat messages, assignment submissions, and other content submitted through learning workflows or AI companion features.
3.2 Information collected automatically
- Usage and activity data: pages viewed, features used, clicks, session duration, learning progress events, admin actions, search queries within the platform, and interaction logs.
- Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and general location derived from IP address.
- Log and security data: authentication events, error reports, API request metadata, and records used to detect abuse, fraud, or security incidents.
- Cookies and similar technologies: information collected through cookies, local storage, pixels, and analytics tools as described in Section 13.
3.3 Information from third parties
- Authentication providers: if you sign in using Google, Microsoft, or other supported identity providers, we may receive your name, email address, profile image, and provider account identifier.
- Organisation administrators: institutions or employers may provide learner rosters, email addresses, and role assignments when provisioning accounts.
- Service providers and integrations: we may receive information from analytics providers, payment processors, email delivery services, cloud hosting partners, and other vendors that help us operate the Services.
- Public and partner sources: where permitted by law, we may receive business contact information from marketing partners or publicly available sources.
3.4 Sensitive information
We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data unless you or your organisation choose to include such information in course content, learner records, or communications. If you upload sensitive information, you are responsible for ensuring you have a lawful basis to do so and that appropriate notices are provided to affected individuals.
4. How We Use Personal Information
We use personal information for the following purposes:
- Creating, authenticating, and administering user accounts
- Providing, operating, maintaining, and improving the Services
- Enabling educators to build, publish, and manage courses and programs
- Enabling learners to access content, track progress, and complete assessments
- Generating reports, analytics, and insights for educators and administrators
- Delivering AI-assisted teaching, learning, and administrative workflows
- Processing subscriptions, trials, invoices, and payments
- Responding to enquiries, support requests, and customer communications
- Sending service-related notices, security alerts, and product updates
- Personalising user experience and recommending relevant features or content
- Monitoring usage, diagnosing technical issues, and ensuring platform reliability
- Detecting, investigating, and preventing fraud, abuse, and security threats
- Enforcing our Terms of Service and protecting our legal rights
- Complying with legal obligations, regulatory requests, and record-keeping requirements
- Conducting research, testing, and product development
- Sending marketing communications where permitted by law and subject to your preferences
5. Legal Bases for Processing
Where required by applicable law, including the EU and UK General Data Protection Regulation (GDPR), we rely on one or more of the following legal bases:
- Contract: processing necessary to provide the Services you or your organisation have requested
- Legitimate interests: operating, securing, and improving our platform, preventing misuse, and communicating with users about the Services, balanced against your rights and expectations
- Consent: where you have given clear consent, such as for certain cookies, marketing emails, or optional features
- Legal obligation: where processing is required to comply with applicable laws
- Vital interests or public interest: in limited circumstances where required or permitted by law
If you are located in Australia, we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
6. AI, Analytics, and Automated Processing
LearningWay.ai includes AI-native features that may analyse course materials, learner interactions, prompts, and platform activity to provide recommendations, generate content suggestions, assist educators, support learners, and improve service quality.
Depending on your configuration and use of the Services, AI features may process:
- Course content, lesson text, and uploaded resources
- Learner questions, chat messages, and assignment submissions
- Progress data and interaction patterns within learning workflows
- Administrative prompts and operational instructions entered by educators
We take steps to limit unnecessary exposure of personal information in AI workflows and to apply access controls so users only see data they are authorised to access. We do not use your confidential course content or private learner communications to train public foundation models for unrelated third-party products unless you have expressly agreed to such use in a separate written agreement.
Automated processing may influence the content, order, or presentation of learning materials and insights shown within the platform. These outputs are intended to support teaching and learning decisions; they do not replace professional, academic, or regulatory judgment by educators or institutions.
7. How We Share Personal Information
We do not sell your personal information. We may share personal information in the following circumstances:
- Within your organisation: administrators, educators, and authorised staff may access learner and course data according to role-based permissions you or your organisation configure.
- Service providers: trusted vendors that host infrastructure, process payments, deliver email, provide analytics, offer customer support, or supply AI, storage, and security services under contractual confidentiality and data protection obligations.
- Authentication partners: identity providers you choose when signing in with Google, Microsoft, or similar services.
- Professional advisers: lawyers, accountants, auditors, insurers, and consultants where reasonably necessary.
- Business transfers: in connection with a merger, acquisition, financing, reorganisation, or sale of assets, subject to appropriate safeguards.
- Legal and safety reasons: to comply with law, regulation, legal process, or governmental request; to enforce our agreements; or to protect the rights, property, and safety of LearningWay, our users, or others.
- With your direction or consent: when you request or authorise sharing, including through integrations or course sharing features.
8. International Data Transfers
We may process and store personal information in Australia and in other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.
When we transfer personal information internationally, we implement appropriate safeguards such as contractual data protection clauses, vendor security assessments, and access controls designed to ensure your information remains protected in line with this Privacy Policy and applicable law.
9. Data Retention
We retain personal information for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention periods may vary based on:
- The duration of your account or organisation subscription
- Whether you or your organisation delete content or close accounts
- Legal, tax, accounting, audit, or regulatory requirements
- The need to resolve disputes and enforce agreements
- Backup, disaster recovery, and security log retention schedules
When information is no longer needed, we take steps to delete, anonymise, or securely isolate it. Residual copies may remain in encrypted backups for a limited period before being overwritten in the ordinary course of business.
10. Security
We implement technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include:
- Encryption of data in transit using industry-standard protocols
- Encryption or protected storage for sensitive data at rest where appropriate
- Role-based access controls and authentication safeguards
- Network monitoring, logging, and intrusion detection practices
- Segregation of customer environments and least-privilege administrative access
- Employee confidentiality obligations and security awareness practices
- Vendor review and contractual security requirements
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for using strong, unique passwords.
11. Your Rights and Choices
Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:
- Request access to the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of personal information, subject to legal exceptions
- Object to or restrict certain processing activities
- Request portability of information you provided in a structured, commonly used format
- Withdraw consent where processing is based on consent
- Opt out of marketing communications at any time
- Lodge a complaint with a supervisory authority or regulator
If your account is managed by an institution or employer, some requests may need to be directed to that organisation's administrator, and we may refer you accordingly.
To exercise your rights, contact us using the details in Section 20. We may need to verify your identity before responding. We aim to respond within the timeframes required by applicable law.
11.1 California residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect, request deletion, and opt out of certain sharing arrangements. We do not sell personal information as defined by California law. California residents may submit requests using the contact details in Section 20.
11.2 Australian residents
If you are in Australia, you may access and correct your personal information and complain to us about a breach of the APPs. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
12. Marketing Communications
We may send you emails or in-product messages about product updates, educational resources, events, or offers where permitted by law. You can opt out of promotional communications by using the unsubscribe link in our emails or by contacting us. Even if you opt out of marketing, we may still send transactional or service-related messages, such as billing notices, security alerts, or account confirmations.
13. Cookies and Similar Technologies
We use cookies, local storage, session tokens, and similar technologies to operate the Services, keep you signed in, remember preferences, measure performance, and understand how users interact with our website and application.
Examples include:
- Essential cookies: required for authentication, security, and core platform functionality
- Preference cookies: remember settings such as language or display options
- Analytics cookies: help us understand usage patterns and improve the Services
You can manage cookies through your browser settings. Disabling certain cookies may affect the availability or functionality of some features, including the ability to remain signed in.
14. Third-Party Websites and Services
The Services may contain links to third-party websites, embedded content, or integrations operated by parties other than LearningWay. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any external services you access.
15. Children and Student Privacy
The Services are designed for use by educational institutions, training organisations, and authorised adults. We do not knowingly collect personal information directly from children under 13 without appropriate authorisation from a parent, guardian, school, or other legally authorised entity.
Where minors participate in courses through a school, university, employer, or other organisation, that organisation is responsible for obtaining any required consents and for providing appropriate privacy notices to students and parents. If you believe we have collected personal information from a child without proper authority, please contact us and we will take appropriate steps to investigate and address the matter.
16. Research, Aggregated, and De-Identified Data
We may use aggregated or de-identified information that cannot reasonably be used to identify you for analytics, service improvement, benchmarking, and reporting. We may retain and use such information without restriction, provided it remains de-identified in accordance with applicable law.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will post the updated policy on this page and revise the "Last updated" date above. Where required by law, we will provide additional notice, such as by email or in-product notification.
Your continued use of the Services after an updated policy becomes effective constitutes your acknowledgment of the revised policy, except where further consent is required by law.
18. Data Breach Notification
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant regulators as required by applicable law. Notifications may describe the nature of the incident, likely consequences, and measures taken or proposed to address it.
19. Do Not Track
Some browsers offer a "Do Not Track" signal. Because there is not yet a common industry standard for responding to these signals, we do not currently respond to Do Not Track browser settings. You may use the cookie and privacy controls described in this policy to manage certain tracking activities.
20. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Phone: +61 (03) 9078 2976
- Address: 90 Collins Street, Melbourne, VIC 3000
You may also reach us through our contact page.