Privacy Policy — LEARN (Lanchester Early Access Research Network)

Effective date: March 18, 2026

Introduction

Welcome to LEARN (Lanchester Early Access Research Network). This Privacy Policy explains how Lanchester R&D (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use LEARN — a platform that helps people discover digital products, join waitlists, follow projects, and receive updates. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR") and applicable UK/EU regulations.

Data Controller

• Data Controller: Lanchester R&D
• Registered address: 40 Windmill Drive, Audlem, UK
• Contact email (privacy): lanchester.rd@gmail.com
• Data Protection / Privacy contact: Thomas Richardson (lanchester.rd@gmail.com)

What Data We Collect

We collect the following categories of personal data when you use LEARN:

• Identity and account data: full name (if provided), email address, authentication provider identifier (Google OAuth user ID or internal account ID used for magic-link sign-in).
• Profile and preference data: user preferences and settings, display name and optional profile fields.
• Product and waitlist data: products you follow or waitlists you join, timestamps and membership metadata.
• Communications and engagement: email history, email engagement metadata (opens/clicks), replies or messages you send.
• Technical and usage data: device and browser information, IP addresses, logs, page views, and usage events.
• Support and feedback: messages you send to support or admins and attachments.
• Administrative logs (admins only): admin actions and identifiers.
• Aggregated data: anonymized analytics derived from the above.

How We Collect Data

We collect data directly from you (registration, interactions), automatically (cookies, logs), and from third parties (Google on OAuth, service providers such as Resend and Firebase).

Legal Basis for Processing (GDPR)

For users in the EU/EEA/UK we rely on a combination of:

• Performance of a contract: to provide the Service and operate accounts.
• Consent: for marketing, non-essential cookies, and optional tracking.
• Legitimate interests: to operate, secure, and improve the Service (balanced against user rights).
• Legal obligation: where retention or disclosure is required by law.

How We Use Data

We use personal data to provide and operate the Service, send transactional and product emails, support Google sign-in, enable admins to manage products and campaigns, improve the Service via analytics (with consent where required), detect and prevent fraud, and comply with legal obligations.

Email Communications

Transactional emails (magic links, confirmations, security alerts) are necessary for account operation. Product updates and campaign emails are sent with consent where required; you may opt out at any time. We may use tracking pixels and link tagging to measure opens and clicks; tracked marketing emails require consent where applicable.

Third-Party Services and Processors

We use processors who act on our behalf, including:

• Firebase (Google) — Authentication, Firestore, Cloud Functions, Hosting. See: Firebase privacy and Google privacy.
• Google OAuth — sign-in and identity tokens. See: Google Identity.
• Resend — transactional and campaign email delivery and engagement reporting. See: Resend privacy.

Data Sharing

We do not sell your personal data. We may share data with processors, to comply with legal requests, to protect rights and safety, as part of a business transfer, or as aggregated anonymized data.

Data Retention

We retain data only as long as necessary. Examples: account data until deletion (+90 days for backups), product-follow records up to 3 years after last activity, email logs up to 3 years, support messages up to 3 years. Aggregated analytics may be retained in anonymized form indefinitely.

Your Rights (EU/EEA/UK)

You may exercise rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. To exercise rights contact: lanchester.rd@gmail.com. You may also lodge a complaint with your local supervisory authority.

Data Security

We implement reasonable organizational and technical measures: TLS, provider-supported encryption at rest, role-based access control, logging, monitoring, and incident response. We will notify affected users and regulators when required by law.

International Transfers

Data may be transferred outside the EU/EEA/UK (e.g., to the US). We rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, and contractual protections. Contact us for copies of safeguards.

Children’s Data

LEARN is not directed to children under 16. We do not knowingly collect data from children under 16. If you believe a child under 16 has provided data, contact lanchester.rd@gmail.com for deletion.

Changes to This Policy

We may update this Privacy Policy. Material changes will be posted here with a revised effective date and, where appropriate, notified to you.

Contact

For privacy questions or requests:
Email: lanchester.rd@gmail.com
Postal: 40 Windmill Drive, Audlem, UK
Data contact / DPO: Thomas Richardson (lanchester.rd@gmail.com)