ValidLearn
Docs › Compliance & privacy

Compliance & privacy

At ValidLearn, data minimisation and traceability are not bolted on afterwards — they are anchored in the data model. Here is what that means for you.

Three questions that can always be answered

  1. What data do we collect? Only the fields needed for training and proof — documented in the data model.
  2. Where does data flow? Nowhere except the platform's own database and — for reminder emails — its own SMTP server.
  3. What does each dependency do? Every component in use is documented; nothing "phones home".

GDPR in practice

  • Data minimisation by default — only what is needed for proof.
  • Access & deletion via a defined process; retention obligations on certificate records are kept cleanly separate from deletion.
  • Complete audit log of relevant actions — who did what and when, append-only.

Proof retention (may take precedence over the right to erasure)

For training compliance, the organisation may keep a minimal record. Precisely four fields:

  • the trained person's first name and last name,
  • the "passed on" date, and
  • the pass / fail result.

Depending on the applicable retention obligation, this record may take precedence over the general GDPR right to erasure (Art. 17(3)(b) GDPR): it then stays permissible even after the person leaves the organisation — and may have to be retained, typically for several years. An erasure request does not override an existing statutory retention duty.

What the organisation sees — and what it does not

Only pass/fail records (the four fields above) reach the organisation. No raw scores, no answer trails, no detailed results leave the learner's personal area.

Richer data — e.g. the score achieved, attempts or answers — exists at most privately to the user (visible only to the person themselves) and is erasable there at any time. This way the proof remains intact without the organisation learning more about the person than it needs for compliance.

No tracking

Neither the learning platform nor this website uses analytics or tracking SDKs. The website uses a single technical cookie for the language choice — nothing else.

This page will be expanded around go-live. Detailed auditor documentation is available to prospects on request.