This policy applies to all users of trustcred.co.uk and the TrustCred Partner Portal.
01 โ Who we are
TrustCred is a trading name of [YOUR FULL NAME], a sole trader registered in England and Wales.
We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK GDPR and the Data Protection Act 2018.
02 โ What data we collect
Learner data (provided by training providers)
- Full name
- Email address
- Course completion date and expiry date
- Course title and CPD information
- Organisation name
Partner (training provider) data
- Name and organisation
- Email address
- Login credentials (password stored securely)
Website visitors
- No cookies or tracking technologies are currently used on this website
- We do not use Google Analytics or any third-party tracking
03 โ How we use your data
- To generate and issue digital certificates to learners on behalf of training providers
- To record credential information on the Polygon public blockchain for verification purposes
- To send certificate emails to learners
- To allow employers and third parties to verify the authenticity of credentials via our verification page
- To provide training providers access to the Partner Portal
- To communicate with partners regarding their account
โ Important: Credential data written to the Polygon blockchain is permanent and cannot be deleted. This is a fundamental property of blockchain technology. By using TrustCred, training providers acknowledge and accept this.
04 โ Legal basis for processing
We process personal data under the following lawful bases:
- Contract โ processing is necessary to deliver the credential issuance service to our partners
- Legitimate interests โ to maintain accurate credential records and provide verification services to employers
- Consent โ where learners have been informed by their training provider that their data will be processed by TrustCred
05 โ Data storage & security
- Learner and credential data is stored in Airtable (US-based, SOC 2 compliant)
- Certificate PDFs are stored securely within Airtable attachments
- Credential hashes are recorded on the Polygon public blockchain
- Partner login credentials are stored securely
- All data in transit is encrypted via HTTPS/TLS
- Access to data is restricted to authorised personnel only
06 โ Data retention
- Learner credential records are retained for as long as the credential may reasonably need to be verified โ typically 7 years
- Blockchain records are permanent and cannot be deleted
- Partner account data is retained for the duration of the partnership and up to 2 years after termination
- You may request deletion of non-blockchain data at any time (see Your Rights below)
07 โ Third parties
We use trusted third-party service providers to deliver our platform, including cloud storage, PDF generation, workflow automation, web hosting, blockchain infrastructure, and email delivery services.
All providers are carefully selected and are contractually bound to process personal data only on our instructions and in compliance with UK GDPR and applicable data protection law.
We do not sell, rent or share your personal data with any third party for marketing purposes.
08 โ Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (except blockchain records which are permanent)
- Object to or restrict processing of your data
- Data portability โ receive your data in a structured format
- Lodge a complaint with the ICO at ico.org.uk
To exercise any of these rights please contact us at:
We will respond to all requests within 30 days.
09 โ Changes to this policy
We may update this Privacy Policy from time to time. We will notify active partners of any significant changes by email. The latest version will always be available at trustcred.co.uk/privacy.
10 โ Contact us
If you have any questions about this Privacy Policy or how we handle your data: