Privacy Policy

Last updated: 29 March 2026

This Privacy Policy explains how we collect, use, and protect your personal data when you use this website ("the Service"). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU GDPR, Regulation 2016/679).

1. Data Controller

The data controller for personal data processed through this Service is LMSCloud Limited, operating as MDL Shield. For enquiries regarding your personal data, please use the contact form.

2. What Data We Collect

Account data (authenticated users)

When you sign in via GitHub OAuth, we receive and store:

• Your name
• Your email address
• Your profile image URL
• Your GitHub account identifier

Session data

When you sign in, we create a session record containing a session token, your IP address, and browser user agent. Sessions expire after 7 days.

Contact form submissions

If you submit the contact form, your name, email address, and message are sent to Formspark, a third-party form processing service. We do not store contact form submissions in our own database. Formspark's privacy policy applies to data they process.

Bot protection

The contact form uses Cloudflare Turnstile for bot protection. Turnstile may process your IP address and browser characteristics. No personal data from Turnstile is stored by us. Cloudflare's privacy policy applies.

Data we do not collect

• We do not use advertising or tracking cookies, scripts, or pixels.
• We do not sell, rent, or share personal data with third parties for marketing purposes.

3. Lawful Basis for Processing

We process personal data under the following lawful bases (GDPR Article 6):

• Consent — By signing in via OAuth, you consent to the collection of your account data.
• Legitimate interests — Session management and bot protection are necessary for the secure operation of the Service.
• Consent — By submitting the contact form, you consent to your message being processed by Formspark.

4. How We Use Your Data

• To authenticate you and manage your session.
• To assign roles and permissions for access control.
• To display your name and profile image within the Service where appropriate.
• To respond to messages submitted via the contact form.

5. Data Retention

• Account data is retained for as long as your account exists. You may request deletion at any time.
• Session data expires automatically after 7 days.
• Contact form data is retained by Formspark according to their retention policy.

6. Data Storage and Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse.

7. Your Rights

Under the EU GDPR, you have the following rights:

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your account and associated data.
• Right to restrict processing — Request that we limit how we use your data.
• Right to data portability — Request your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interests.
• Right to withdraw consent — Withdraw consent at any time by deleting your account.

To exercise any of these rights, please contact us via the contact form. We will respond within 30 days.

8. International Transfers

When you sign in via GitHub, your authentication is processed by GitHub (Microsoft). Contact form submissions are processed by Formspark. Bot protection is provided by Cloudflare. These services may process data outside the European Economic Area. Each provider maintains their own data protection agreements and safeguards for international transfers in accordance with GDPR Chapter V.

9. Cookies

The Service uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required as these cookies are strictly necessary for the Service to function.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state.