Legal

Privacy Policy

How we collect, use, and protect your personal data. Last updated: 15 April 2026.

1. Who we are

Ankorium is operated by Ian Crocker, a sole trader based in Cornwall, United Kingdom. For the purposes of UK data protection law, we are the data controller for personal data collected through ankorium.com and the Ankorium platform. You can contact us at [email protected].

2. What data we collect

We collect different data depending on how you interact with us:

Website visitors (ankorium.com): We use first-party, privacy-compliant analytics that do not use cookies and do not track individuals. We collect aggregate page view data, referrer information, device type, and country. No personal data is collected from casual visitors.

Enquiries: When you contact us by email or through a form, we collect your name, email address, and the content of your message.

Platform customers (tenant owners): Name, email address, business name, billing address, payment information (processed by Stripe - we do not store card details), and any content you upload to your platform account.

Community members (end users of tenant sites): Name, email address, profile information, group membership, course progress, event bookings, messages, and any content posted in community areas. This data is controlled by the tenant owner; we process it on their behalf.

3. How we use your data

We use personal data for the following purposes:

  • To provide and maintain the Ankorium platform
  • To process payments and send transactional emails (booking confirmations, login links, payment receipts)
  • To send email campaigns where you have subscribed or consented
  • To respond to enquiries and provide support
  • To improve the platform based on usage patterns (using aggregated, non-personal data)
  • To comply with legal obligations

4. Legal basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract: Processing necessary to provide the platform services you have signed up for
  • Consent: Email marketing campaigns (you can unsubscribe at any time)
  • Legitimate interest: Platform analytics, fraud prevention, and service improvement
  • Legal obligation: Where required by law (e.g. financial records)

5. Who we share data with

We share personal data only with the following third parties, and only to the extent necessary to provide our services:

  • Stripe - payment processing. Stripe acts as an independent data controller for payment data. See Stripe's privacy policy.
  • Postmark - transactional and campaign email delivery. Postmark processes email addresses and message content on our behalf. See Postmark's privacy policy.
  • Zoom - video meetings, where a tenant has configured Zoom integration. See Zoom's privacy policy.

We do not sell personal data. We do not share data with advertisers. We do not use third-party tracking or advertising pixels.

6. Data storage and security

All data is stored on servers located in the United Kingdom. Data is encrypted in transit (TLS/SSL) and access is restricted to authorised personnel. We use parameterised database queries, input sanitisation, rate limiting, and security headers to protect against common attack vectors. Payment card data is handled entirely by Stripe and never touches our servers.

7. Data retention

We retain personal data only for as long as necessary:

  • Account data: For the duration of your account, plus 30 days after cancellation to allow data export
  • Financial records: 7 years, as required by HMRC
  • Enquiry emails: 12 months after last correspondence
  • Analytics data: Aggregated, non-personal - retained indefinitely

8. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time for consent-based processing

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Cookies

The ankorium.com marketing site does not use cookies. The Ankorium platform uses strictly necessary HttpOnly cookies for authentication (login sessions). These are essential for the service to function and do not require consent under UK PECR. We do not use tracking cookies, advertising cookies, or any third-party cookies. See our Cookie Policy for full details.

10. Children

Ankorium is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to account holders. The “last updated” date at the top of this page indicates the most recent revision.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first - please contact us at [email protected].