Privacy Policy
Last updated: 25 March 2026
1. Who We Are
LessonsLearned LTD (“we”, “us”, “our”) operates the LessonsLearned platform at www.lessonslearned.cloud. We are a construction knowledge management platform that helps teams capture, search, and share lessons learned.
For any privacy-related enquiries, contact us at hello@lessonslearned.cloud.
2. Data We Collect
We collect the following types of information:
- Account information: Name, email address, and password when you register. If you sign in with Google, we receive your name, email, and profile photo from Google.
- Company information: Company name provided during registration.
- Content data: Lessons learned, project details, comments, tags, categories, and other content you create within the platform.
- Billing data: When you subscribe, payment information is collected and processed by Stripe. We store your Stripe customer ID and subscription status but never your card details.
- Usage data: We collect basic analytics about how you use the platform to improve our service.
3. How We Use Your Data
- To provide and maintain the LessonsLearned platform
- To authenticate your account and manage access
- To process subscription payments via Stripe
- To send service-related notifications (e.g., lesson validated, new comments)
- To improve the platform based on usage patterns
- To respond to support enquiries
4. Data Storage & Security
Your data is stored on Google Cloud infrastructure via Firebase (Firestore database and Firebase Authentication). All data is encrypted in transit (TLS) and at rest. Company data is strictly isolated — each company’s lessons, projects, and team data are stored in separate document collections and cannot be accessed by other companies.
We implement role-based access control (Admin, Manager, Operative) to ensure users within your company can only access data appropriate to their role.
5. Third-Party Services
We use the following third-party services:
- Firebase (Google): Authentication and database — Privacy Policy
- Stripe: Payment processing — Privacy Policy
- Vercel: Hosting — Privacy Policy
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. If you delete your account or your company administrator requests data deletion, we will remove your personal data within 30 days. Content data (lessons, projects) owned by your company will be retained until the company administrator requests deletion.
7. Your Rights (GDPR)
Under the UK GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data
- Portability: Request a machine-readable copy of your data
- Objection: Object to processing of your personal data
- Restriction: Request restriction of processing
To exercise any of these rights, email us at hello@lessonslearned.cloud. We will respond within 30 days.
8. Cookies
We use essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Firebase Authentication uses cookies to maintain your login session.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the platform after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this privacy policy or our data practices, contact us at:
LessonsLearned LTD
Email: hello@lessonslearned.cloud