Privacy Policy

This policy applies to information collected by BenchStep (“BenchStep”, “we”, “us”) through the BenchStep website at benchstep.com, our learning platform, and any related applications or services (the “Service”).

When you use BenchStep through your employer or another organisation, that organisation is the controller of your data and BenchStep processes it on their behalf. In those cases, your organisation's privacy policy may apply alongside this one.

We collect personal information in three ways: information you give us, information collected automatically, and information from other sources.

Information you give us

• Account details — your name, email, organisation, role, and the password you create.
• Profile content — anything you add to your profile, such as a photo or bio.
• Learning content — courses you create, assessments, uploads, comments, and learner records you submit.
• Communications — messages you send to us through contact forms, email, or chat, and your responses to surveys.
• Billing information — for paid plans, payment details collected and processed by our payment provider (we do not store full card numbers).

Information collected automatically

• Usage data — pages visited, actions taken, time spent, and similar interactions with the Service.
• Device and technical data — IP address, browser type, operating system, device identifiers, and approximate location derived from IP.
• Log data — system events, error reports, and performance metrics.

We use personal information to:

• Provide, maintain, and improve the Service;
• Create and manage accounts and authenticate users;
• Process payments and manage subscriptions;
• Communicate with you about the Service, including security alerts, billing notices, and product updates;
• Respond to questions and provide customer support;
• Monitor and improve performance, security, and reliability;
• Detect, prevent, and address fraud, abuse, and security incidents;
• Comply with legal obligations;
• With your consent or as otherwise permitted by law, send you marketing communications about features and offers you may find useful.

We do not sell personal information. We do not use Customer Data submitted to the Service (such as courses or learner records) to train AI models that benefit other customers.

We share personal information only as described here:

Service providers

We work with companies that help us run the Service — for example, cloud hosting, email delivery, payment processing, and analytics. These providers may access personal information only to perform services on our behalf, and they are contractually bound to protect it and use it only for that purpose.

Your organisation

If you use the Service through an organisation, we share learner information, progress data, and platform activity with that organisation as needed to provide training reports and manage their use of BenchStep.

Legal and safety

We may disclose personal information when we believe in good faith that it's necessary to comply with applicable law, respond to lawful requests, enforce our terms, protect against fraud or abuse, or protect the safety of any person.

Business transfers

If BenchStep is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have about your information.

We do not sell personal information to third parties.

We keep personal information for as long as needed to provide the Service to you or your organisation, comply with legal obligations, resolve disputes, and enforce our agreements.

When you (or your organisation) close your account, we retain Customer Data for [retention period — typically 60 days] to allow for export or reactivation, then delete it from active systems. Backups are retained for up to 120 Days and then deleted in the ordinary course.

We may retain certain information for longer where required by law (for example, billing records for tax purposes) or in anonymised form for analytics.

You have choices about your personal information. Depending on where you live, applicable law may give you additional rights.

Universal choices

• Access and update. You can view and update most of your account information directly through the Service.
• Marketing communications. You can opt out of marketing emails at any time using the unsubscribe link, or by contacting us.
• Delete your account. You can request account deletion through your account settings or by contacting us. Note that we may retain certain information as described in section 5.

Additional rights under applicable law

Depending on your jurisdiction, you may have additional rights regarding your personal information, including the rights to access, correct, delete, restrict processing of, object to processing of, or receive a portable copy of your information. To exercise these rights, contact us using the details in section 11. We will respond within the timeframe required by applicable law.

If you believe we are not handling your information appropriately, you may also contact your local data protection authority.

We use a combination of technical, organisational, and administrative measures to protect personal information from unauthorised access, loss, or disclosure. These include encryption in transit, access controls, regular security reviews, and staff training on data handling.

No method of transmission or storage is perfectly secure. While we work hard to protect your information, we cannot guarantee its absolute security.

Personal information is stored and processed in Dedicated Azure . If we transfer information to other regions, we use safeguards consistent with applicable law.

We and our service providers use cookies and similar technologies to operate the Service, remember your preferences, understand how the Service is used, and (where permitted) measure the effectiveness of our marketing.

We use the following categories of cookies:

• Strictly necessary — required for the Service to function (for example, to keep you signed in).
• Functional — remember your preferences (for example, language or display settings).
• Analytics — help us understand how the Service is used so we can improve it.
• Marketing — help us measure the effectiveness of marketing campaigns. We use these only with your consent where required.

Most browsers let you control cookies through their settings. Blocking some cookies may affect how the Service works for you.

The Service is intended for use by adults and by minors through accounts provisioned by an organisation (such as a school, training provider, or employer). We do not knowingly collect personal information directly from children under the age of 16.

If you believe a child has provided us with personal information without appropriate consent, contact us and we will take reasonable steps to delete it.

Where minors use the Service through an organisation, that organisation is responsible for obtaining any required parental consent and ensuring that use complies with applicable law.

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date at the top, and where appropriate, we will notify you by email or through the Service before the changes take effect. Continued use of the Service after changes take effect means you accept the updated policy.

If you have questions about this policy, want to exercise a right, or want to make a complaint, please contact us:

We aim to respond to privacy-related requests within 7 days of receipt.