adiLessons

Security and UK GDPR Compliance

At adiLessons, data security and compliance with the UK GDPR are fundamental. We implement strict operational frameworks to safeguard all student, calendar, and transaction databases.

1. Brand Operations & Jurisdiction

adiLessons is operated under the brand name adiLessons. All data processing agreements and service structures are governed under the UK Data Protection Act (DPA 2018) and UK GDPR laws. For corporate inquiries or legal notices, contact support@adilesson.co.uk.

2. Hosting & Data Residency

All application databases and files are hosted securely in UK servers (AWS London Regions). We do not transfer student or instructor data outside the UK/EEA zone. Daily automated backups are encrypted and stored in secondary secure UK storage.

3. Data Encryption

  • In Transit: All connections to our API and web clients are encrypted using Transport Layer Security (TLS 1.3).
  • At Rest: Databases, logs, and uploads are encrypted using Advanced Encryption Standard (AES-256).

4. PCI-DSS Payment Security

Student card transactions and PayPal payments are processed exclusively by PCI-DSS Level 1 compliant processors (PayPal and Stripe). adiLessons does not store, process, or transmit raw credit card credentials on its servers.

5. Subprocessors

We work with verified partners to maintain system functions:
WhapiCell: WhatsApp integration and reminder dispatching.
PayPal / Stripe: Payment processing.
Amazon Web Services (AWS): Cloud hosting.