Privacy Policy

Privacy Policy

Last updated: July 5, 2025

GDPR Compliance: This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

Personal Information

We collect the following personal information when you use CPDpro:

  • Account Information: First name, last name, email address, organisation, job title
  • Authentication Data: Encrypted passwords and session information
  • CPD Data: Training descriptions, hours, categories, dates, and professional development activities
  • Usage Information: Login timestamps, feature usage, and application interactions

Technical Information

  • Device Data: IP address, browser type, operating system, device identifiers
  • Log Data: Access logs, error reports, performance metrics
  • Cookies: Session cookies, preference cookies, and analytics cookies

2. How We Use Your Information

Service Provision

  • Create and manage your CPDpro account
  • Store and organize your CPD entries
  • Generate analytics and insights about your professional development
  • Export your data in PDF format
  • Provide customer support and respond to inquiries

Premium Features (AI-Powered)

For premium subscribers, we use your CPD descriptions to:

  • Generate AI-powered summaries using OpenAI's GPT-4 model
  • Extract key learning points from your activities
  • Provide personalised recommendations for future CPD activities
  • Create smart reminders based on your activity patterns

Service Improvement

  • Analyse usage patterns to improve our service (anonymised data only)
  • Troubleshoot technical issues and maintain security
  • Develop new features based on user needs

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide the CPDpro service you've signed up for
  • Legitimate Interest: To improve our service and ensure security
  • Consent: For premium AI features and marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Third Parties

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share data with trusted service providers who help us operate our service:

  • OpenAI: CPD text analysis for premium features (data is not stored by OpenAI)
  • Stripe: Secure payment processing for premium subscriptions
  • Database Hosting: Secure cloud database storage
  • Email Service: Account notifications and customer support

Legal Requirements

We may disclose your information if required by law, court order, or government regulation.

5. Data Security

We implement robust security measures to protect your data:

  • Encryption: All data is encrypted in transit and at rest
  • Access Controls: Strict authentication and authorization systems
  • Regular Audits: Security reviews and vulnerability assessments
  • Secure Infrastructure: Industry-standard cloud security practices
  • Password Protection: Bcrypt hashing for password storage

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data deleted after 2 years of inactivity
  • Account Deletion: Data permanently deleted within 30 days of account closure
  • Backup Data: Securely deleted from backups within 90 days
  • Legal Requirements: Some data may be retained longer for compliance purposes

7. Your Privacy Rights

GDPR Rights (EU Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Portability: Export your data in a machine-readable format
  • Right to Restrict Processing: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent for specific processing activities

CCPA Rights (California Residents)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Exercising Your Rights

To exercise any of these rights, contact us at support@cpdpro.app. We will respond within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions by relevant data protection authorities
  • Other appropriate safeguards as required by law

9. Cookies and Tracking

Essential Cookies

  • Session Cookies: Required for login and security
  • Preference Cookies: Remember your settings and preferences

Analytics Cookies

We use minimal analytics to understand service usage. You can opt out through your browser settings.

Cookie Management

You can control cookies through your browser settings, but some features may not work properly if cookies are disabled.

10. Children's Privacy

CPDpro is not intended for children under 16. We do not knowingly collect personal information from children. If we discover such data, we will delete it immediately.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will:

  • Notify you by email of significant changes
  • Post updates on our website with the revision date
  • Obtain consent for material changes where required

12. Contact Information

For privacy-related questions or requests, contact us:

Privacy Officer
Email: support@cpdpro.app
Address: Caradon AI Ltd
71-75 Shelton Street, Covent Garden
London WC2H 9JQ
Response Time: Within 30 days

Data Protection Authority
You may also contact your local
data protection authority if needed

13. AI Processing Disclosure

For premium features, we use OpenAI's GPT-4 model to analyse your CPD descriptions. Important details:

  • Data is processed by OpenAI but not stored permanently
  • OpenAI may use data to improve their models (you can opt out)
  • Processing occurs in secure, encrypted environments
  • You can disable AI features at any time in your account settings

Questions about your privacy? We're here to help. Contact our privacy team at support@cpdpro.app for any questions about this policy or your data rights.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.